So you ask: What is tar pitting?

IMHO,  tar pitting is a very suitable way to stop misuse of your Windows 2003 / Exchange 2003 SMTP Virtual Server by delaying SMTP responses for 5.x.x errors. This efficiently stops DoS and harvesting attacks on your SMTP servers.

For example: Hacker A continously sends mail to your server, named yourserver.mail.net, the simple purpose being to gather valid e-mail-addresses from your domains. This Brute-Force-Attack is called a "Directory Harvest Attack". 

Have a look at this telnet-screenshot, where a simple SMTP-communication is depicted: 

Normally, this kind of communication would just take a view milliseconds of time on your SMTP server. With tar pitting enabled, SMTP Virtual Server will freeze the connection for a configurable  amount of time before returning "550 5.7.1 Unable to relay".

Let's say you configure the time delay to 5 secs, you can have a theoretical maximum of 12 harvesting attacks per minute instead of a view thousand.

So you want tarpitting? Here's how to get it:

First, you need to check your version of smtpsvc.dll (it should be located in system32\inetsrv) - anything below 6.0.3790.175 will not work. Get at least this version.

Having checked the version, you have to enable the feature - open up regedit on your smtp virtual server, and head to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters

Creat a new DWORD called TarpitTime and give it the desired delay in seconds.

When you are finished, it should look something like this (5 Seconds delay): 

Now go ahead and restart the SMTP-Service. That's it, you're done.

Wanna give it a try? Connect to port 25 (or whatever port your smtp service is listening to) of your smtp service with telnet, and initiate a connection by typing "helo", followed by "mail from:" and "rcpt to:" (see telnet screenshot above).

Important: Tar pitting only works for anonymous connections, so if you're using smtp-auth tar pitting won't do you any good.

Have a nice day,

Georg