Recommendations for handling Directory Harvesting spam on Exchange 2003
I would use a combination of Recipient Filtering, and SMTP Tar-pitting. This is explained in more detail here:
http://www.exchangeinbox.com/article.aspx?i=49
As a summary, Exchange rejects connections to addresses that don't exist. However this allows spam harvesters to check a large number of addresses quickly against your server.
By enabling tar-pitting, you add a delay to the response your server gives, which reduces the amount of connections a harvester makes to your server.
if you have ability to set up additional host [ can be virtual machine ] - i suggest you get postfix [ or exim or any other linux smtp relay ] that can filter mails based on recipient address.
i had case similar to yours, load of exchange was dramatically reduced by:
- setting postfix server as only advertised MX for company's domain
- periodically [ once every hour ] re-creating white list of allowed mail addresses based on simple php script retrieving all mail addresses from active directory via LDAP
also - if you look for fully blown [ yet open source ] antispam - take a look at esva. it's ready to use appliance for vmware based on postfix and couple of content filters. in their forums you'll find description how to pull white list of users from AD. their forum might look semi dead and author is not the most active one - but whole solution is really sophisticated and works great for me in couple of deployments.