How defective DNS records damage Sender ID and Exchange Server

The MSGFILTER.DLL file is the component that allows Exchange Server 2003 to perform Sender ID filtering on incoming email. It performs a DNS lookup on servers that incoming email is allegedly being sent from to verify the SPF record.

MSGFILTER.DLL then uses that information to determine whether or not that server has the right to send on behalf of the organization in question.

Unfortunately, if the SPF DNS record returned is badly formatted and cannot be processed properly by MSGFILTER.DLL, the incoming email connection is never closed by Exchange Server -- not even if you have a timeout value configured for inbound connections.

In extreme cases, this can cause memory leaks. More immediately, it can use up all of the available inbound connections to Exchange Server, since they're never being closed.

According to Microsoft's documentation on the issue, a related problem can also happen if the MSGFILTER.DLL performs a lookup on a DNS record that doesn't exist at all. The message gets assigned a bogus "TempError" status (i.e., a network fai

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Exchange Security Tips How file-level antivirus software can harm your Exchange Server Understanding Exchange Server 2007 SP1 mobile security settings Which ActiveSync authentication method is best for your mobile device? Why you should secure Exchange 2007 using administrative policies Microsoft Exchange Server security dos and don'ts Create a journal rule in Exchange 2007 to secure journaling mailboxes How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Microsoft Exchange Server and DNS Configure BES to direct email from a new domain email address Why can't POP3 clients receive Exchange Server email? How to configure DNS records for Exchange Server on Windows SBS 2003 OWA stops working from external network connection Locate 'missing' SPF record on an external DNS domain Receiving 'failed MX lookup' delivery status notification IP address changes for an Exchange 2000 recovery server 0xC103FC93 error with Exchange 2003 setup and install Set up FQDN and bridgeheads for POP3 and IMAP4 email Reverse DNS mismatches mark Exchange email as spam Antispam Software and Spam Filtering Problems with email spoofing on SBS 2003 Exchange Insider e-zine Securing your Exchange Server 2007 journaling archives Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 How can I configure Exchange IMF to allow an IP address or DNS? Tool helps identify inbound Exchange Server email flow issues Configure SMTP relay restrictions in Exchange Server 2003 to stop spam Exchange email sent to a domain using SPF authentication is returned Secure Edge Transport servers using the Security Configuration Wizard Antispam Software and Spam Filtering Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

lure). It's then simply passed along, instead of being stamped with a "Fail" status (which is normally the result of a malformed domain or nonexistent domain entry).

There are two solutions to the problem:

A more permanent fix should be rolled into the next Service Pack for Exchange 2003.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com: