Earlier today we have made some significant changes to the tar-pitting mechanism under ExchangeDefender. The new mechanism is designed to reject messages from hosts that do not follow the proper RFC SMTP dialog and attempt to smash tar-pitting. More on the basic concept of tar-pitting is described here.

The Problem

While tar-pitting is great for throttling remote mail servers and reducing their ability to efficiently deliver a lot of messages, the concept only applies against botnet servers that are attempting to deliver mail in bulk. Anotherwords, tar-pitting is only effective against servers that are concerned about getting the message out as fast as possible. By delaying the SMTP greeting banner, in theory, the remote mail server would have to wait a pre-determined amount of time before starting to send mail. Many open connections at once would overload a single node.

However, spammers no longer exclusively use single nodes in a full force attack. They use the botnet concept by load balancing their broadcasts through multiple servers. As such, those servers connect every few minutes and only relay a single message. By doing so its hard to blacklist them immediately because their overall reputation does not have enough data to be determined. These botnets are designed to bypass tar-pitting by opening a connection and sending data as soon as the connection is opened.

The conversation looks somewhat like this:

Trying xx.xx.xx.xx.exchangedefender.com.

Escape character is ‘^]’.
ehlo spamming-idiot.org
mail from: spammer@spammer.org
rcpt to: vlad@ownwebnow.com
data
Subject: Get a college diploma.
Ohio State University may be a loser but they’ll give you a Ph.D in nuclear physics based on your life experience.
.

Now the (target) tar-pitting mail server has accepted the connection but it has never sent the SMTP greeting. However, it will process the message as soon as its tar-pitting interval passes, thus in part bypassing the tar-pitting and delivering the message. Not good.

Notice that the client above did not wait for the 200 greeting banner, did not wait for the 250 Hello, did not wait for the server to acknowledge the recipient and the sender. They just wrote to the socket and waited. Now even though this does diminish the spammers performance a little (by taking 5 seconds to deliver the message) the message still gets delivered. That’s a problem.

The Solution

The solution is fairly simple: Drop connections with mail servers that are not adhering to RFC. The second the mail server issues a command before the 2.2.0 hostname greeting banner it will get dropped, logged and its tar-pitting interval extended.

Instead of a tar-pitting process that delays the connection a few seconds, this process allows for a connection immediately but delays the SMTP greeting banner a few seconds. As such, it can eliminate server load caused by spammers that think they have found a way around tar-pitting.

We ran this in testing on our production systems and have found 0 false positives over the course of one week. All hosts that were rejected were also on multiple RBLs. The implementation is transparent to the user and administrator and introduces a random (less than 5) second pause on all connections that do not have a reputation rating with ExchangeDefender. Less spam, less stuff to review, less bandwidth and less stress for you.

The word “innovation” has a special definition in the Microsoft dictionary, but with today’s announcements Apple pretty much wins the 2007 Meeee Toooo! award for excellence in delivering four new groundbreaking products… that already exist.

Today Apple announced a cell phone, pda, portable media device and a Tivo. Of course Apple fanatics will buy anything shiny with an Apple logo on it. What else will Apple innovate next? A wheel? Fire? Don’t know, but if you it streams iTunes Apple will take credit for reinventing it.

There is no secret that I’m a Gator. Having been at UF during the Spurrier years I am happy that we can finally assume some of our ol’ ball coach arrogance. Yes, there are 10 minutes left in the fourth quarter but I’ll call it. Florida destroys Ohio! For the record, Vanderbilt put up a better fight against Florida than the former #1 team in the nation.

And yes, I’m putting my mouth where my money is

Update: It’s great..to be… a Florida… Gator!! Check out the following game summary by Randy Hill, it is absolutely hilarious. Totally inappropriate Vlad-like humor. Get your Gator Championship merchandise here; It’s obvious they expected Florida to lose, they don’t have visors in stock. No need to do anything if you’re an OWN partner from Ohio, a quality shirt from Walmart is on its way, courtesy of OWN.

Wrote about this earlier today and sure enough, its at CES. So Microsoft, send me one!

It’s covered here and there is a pretty impressive vlog post here. Not only could just about everyone I hang out with use one of these but with the critical SMB services being outsourced to the networks that can actually support the likes of Exchange and SharePoint, this looks like a perfect office central storage and security appliance. Looks like Christmas gifts for next year are already taken care of at Casa de Vlad.

Just don’t let the Zune guys do the marketing.

It’s a sad day but let this serve as an official announcement that I am no longer “an SBSer”

Earlier today OwnWebNow finally decomissioned our cornerstone SBS server (and domain) that has grown us to this point. The release of Exchange 2007 and SharePoint 3.0 was too hard to resist and we’ve taken that next step to bringing our little enterprise into the.. well, enterprise software.

I will continue to run more SBS servers than any other sane human being, continue to work with Microsoft on the next versions of SBS in Cougar and Centro, continue to write about it, continue to do the SBS Show and all the SBS things.. I just won’t run my business on it… It’s certainly a crowning achievement when a business outgrows SBS but I can’t help but feel sad for the SBS network that powered our growth to this point.

This 40 is for all my dead wizards…  

Now this would be interesting. Ars Technica and Mary Jo Foley speculate about a Microsoft Home Server. Sounds interesting, with the amount of media and data floating around the home most of us already run servers or at the very least those SFF NAS appliances. Speculation is that this beast will show up at CES.

P.S. You may be offended by this post and by its contents. If you are easily offended I suggest you close this window now. The blog post depicts and criticizes new Microsoft advertising which you are also likely to find very offensive. I have thought twice about the strong language used in this post, I feel it is justified and necessary. Either way, you’ve been warned.

Microsoft marketing has not been the same since they poked fun at themselves with the Microsoft iPod Parody.

What’s worse is that as cluttered as Microsoft marketing was before, it was still very business appropriate and useful in approaching serious business customers. While as the author of this blog I am perhaps the last person that should criticize Microsoft advertising gimics – as the partner that sells a ton of their software I must. Microsoft, it’s time to cut off the crack supply. Immediately.

First, but less concerning, are the supposed Microsoft ads for Zune. Straight out of an acid trip of a confused art school student, these short videos for Zune…. You just have to look at them. Let me use my business and engineering degree combined powers to interpret this one for you:

A walking, sniffing penis stumbles around the screen. It bumps into a far larger, thicker yet severely infected penis with many eyes. The bigger penis picks up the little penis, and with a squeeze of its ass cheeks shoots an eye into the smaller penis. The smaller penis then blinks back.

Microsoft Zune.

I am NOT kidding here. I dare you to watch the video. Then watch other videos.

What I am concerned about is the advertising for Office 2007. Titled “The Enchanted Office”, this cute cartoon uses a fantasy fable to ridicule away the business owners concerns, IT managers and virtually all IT support workers and staff. “Can’t find things – why don’t you hold on to this map.”

It is not that we’re dealing with customers that have no sense of humor. Not at all. However, these are serious topics concerning company’s productivity, budgets and IT staff retraining. If I approached them about a new product, proposed an upgrade and then proceeded to collectively ridicule every single one of the IT decision makers I would sincerely hope they would just throw me out. Having seen this cartoon the likely alternative would be a beating behind the company dumpster along with telling every one of their colleagues about a jackass that came in and tried to sell them software using insults and cartoons.

Short notice but worth it.

I’m presenting on Exchange 2007 tomorrow morning to Alamo PC SBS SIG (the taco people). The event will be webcast, if you have some time from 9:30 AM – Noon EST hope you join me. The presentation will be relatively basic, somewhere around level 200. 

Meeting URL: https://www.livemeeting.com/cc/winserver_usergroup/join
Meeting ID: GS9BQW
Meeting Key: M8@P_fN

Many of my peers have dismissed Exchange 2007 in SMB but I think mostly because they have not seen it / experienced it. The amount of work Exchange team has put into this product literally makes comparisons to 2003 and other third party products nearly impossible, and the changes in the deployment and management are significant enough to entice even the smallest of IT shops to consider. While 2000 to 2003 was a tough sell and took close to a decade to get people off 5.5, the 2007 release is IMHO significant enough that anybody in this business needs to start learning before they are left back in the dust. I’m giving you that opportunity tomorrow morning, hope you join us.

On that subject, thanks to all of you that sent us Christmas and New Years cards. Very much appreciated.

So here is a deal for you. You are no .com CEO until your butt is in an Aeron chair by Herman Miller. These pieces of furuture are medals of success in the IT world, and they are going up in price tomorrow – January 4th. So if you’ve got some extra $$$ time to bust it on a new shiny executive Aeron – http://www.homeofficesolutions.com

Your ass will thank you.

I got the second Exchange MVP Award from Microsoft this year for my work in the Exchange technical arena and all the community work I’ve done this year. Speaking of which, I’m speaking at the Alamo PC Users Group this Friday and the event will be available over the web… for some of you this will be a first look at the final release of Microsoft Exchange 2007 and I’ll be showing off our first production deployment of the platform. The event is Friday morning, from 8am – 11am Central.

It looks some of my friends got their MVP awards as well, and many other deserving ones did not. Either way, I thank you all for your expertise and willingness to share your knowledge. It is a rare quality, I for one wouldn’t be doing what I’m doing today have I not had some great mentors in my career.

P.S. And quit whining about the Ferrari laptop Dana, your blog just isn’t sexy enough for one. Could be worse, you could be a CRM MVP