The Exchange tarpitting interval must be set.

From Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide

Associated with: CCI-001308

SV-95279r1_rule The Exchange tarpitting interval must be set.

Vulnerability discussion

Tarpitting is the practice of artificially delaying server responses for specific Simple Mail Transfer Protocol (SMTP) communication patterns that indicate high volumes of spam or other unwelcome messages. The intent of tarpitting is to slow down the communication process for spam batches to reduce the cost effectiveness of sending spam and thwart directory harvest attacks. A directory harvest attack is an attempt to collect valid email addresses from a particular organization so the email addresses can be added to a spam database. A program can be written to collect email addresses that return a "Recipient OK" SMTP response and discard all email addresses that return a "User unknown" SMTP response.Tarpitting makes directory harvest attacks too costly to automate efficiently.

Check content

Open the Exchange Management Shell and enter the following command: Get-ReceiveConnector | Select Name, Identity, TarpitInterval For each Receive connector, if the value of "TarpitInterval" is not set to "00:00:05" or greater, this is a finding.

Fix text

Open the Exchange Management Shell and enter the following command: Set-ReceiveConnector -Identity <'IdentityName'> -TarpitInterval '00:00:05' Note: The value and the Interval must be in single quotes. Repeat the procedures for each Receive connector.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.