Toriss is an IIS plug-in that makes the SMTP service immune to Reverse NDR Attacks (a.k.a. Backscatter Spam). Instead of bouncing emails that are sent to invalid users, Toriss will reject the email as soon as the RCPT command is received. Microsoft left this important security feature out of IIS to motivate people to buy its $1500 ISA Server. However, this foolishly allows the server to be used to send spam by way of the Reverse NDR Attack. By sending spam to invalid users, the SMTP service will send a bounce-back to the forged From: header with the spam attached. As a result, \Inetpub\Mailroot\Queue fills up with thousands of undeliverable bounce-backs, slowing down the whole system and making the SMTP service unresponsive. Toriss solves this problem completely.
Date added 28 May 2012
Last Updated 12 Oct 2012