Saturday, October 09, 2004

Prevent a Dictionary attack on your Exchange (SBS) Server

Worried about some spammer trying a dictionary attack on your Exchange server to find existing email addresses? Well, Microsoft has a fix that will be coming out with Server SP1, fortunately you can get this fix today!

KB Article 842851 explains the details on how to do this, you'll have to contact
PSS to get the hot-fix if you don't want to wait for Server SP1 (or SBS SP1 for that matter).

I know the KB doesn't say it applies to SBS, but I'm running it at home and it works like a charm, oh and I'm also having the article update ;o) to say it applies to SBS.

The nice thing is, after you've applied the QFE, if a server emails you and gets the email address wrong, then the server will wait up to 10 seconds before responding that this is incorrect, making the attacking server waste a lot of time dictionary attacking for email addresses.

Now this is one more way we can fight spammers!