Problem solve Get help with specific problems with your technologies, process and projects.

How defective DNS records damage Sender ID and Exchange Server

Beware of servers sending you email that have badly formatted or nonexistent DNS records -- they can hurt Sender ID and Exchange Server.

The MSGFILTER.DLL file is the component that allows Exchange Server 2003 to perform Sender ID filtering on incoming email. It performs a DNS lookup on servers that incoming email is allegedly being sent from to verify the SPF record.

MSGFILTER.DLL then uses that information to determine whether or not that server has the right to send on behalf of the organization in question.

Unfortunately, if the SPF DNS record returned is badly formatted and cannot be processed properly by MSGFILTER.DLL, the incoming email connection is never closed by Exchange Server -- not even if you have a timeout value configured for inbound connections.

In extreme cases, this can cause memory leaks. More immediately, it can use up all of the available inbound connections to Exchange Server, since they're never being closed.

According to Microsoft's documentation on the issue, a related problem can also happen if the MSGFILTER.DLL performs a lookup on a DNS record that doesn't exist at all. The message gets assigned a bogus "TempError" status (i.e., a network failure). It's then simply passed along, instead of being stamped with a "Fail" status (which is normally the result of a malformed domain or nonexistent domain entry).

There are two solutions to the problem:

  1. If you identify that only a couple of domains that you're dealing with have badly formatted SPF records, you can temporarily block email from those organizations and contact their administrators in the hopes of having them fix the problem.

  2. Alternatively, you can obtain a recently released hotfix for MSGFILTER.DLL from Microsoft. It's only available from Product Support Services, but is free. Simply mention that you need the fix outlined in Microsoft Knowledge Base article 923346, The SenderID filter incorrectly lets an email message pass through Exchange Server 2003 when the DNS record does not exist.

A more permanent fix should be rolled into the next Service Pack for Exchange 2003.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • Tip: Online tool simplifies the creation of SPF records
  • Tip: Configuring Microsoft Outlook to display Sender ID information
  • Tutorial: A primer on DNS and MX records
  • Learning Guide: How to fight spam on Exchange Server
  • Reference Center: Exchange Server and DNS tips and resources

    Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

  • This was last published in November 2006

    Dig Deeper on Exchange Server setup and troubleshooting

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchSQLServer

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close