Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 3 LDAP Queries
3-42
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Step 8
Submit and commit your changes.
Using LDAP For Directory Harvest Attack Prevention
Directory Harvest Attacks occur when a malicious sender attempts to send
messages to recipients with common names, and the email gateway responds by
verifying that a recipient has a valid mailbox at that location. When performed on
a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
messages to recipients with common names, and the email gateway responds by
verifying that a recipient has a valid mailbox at that location. When performed on
a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
The IronPort Email Security appliance can detect and prevent Directory Harvest
Attack (DHA) when using LDAP acceptance validation queries. You can
configure LDAP acceptance to prevent directory harvest attacks within the SMTP
conversation or within the work queue.
Attack (DHA) when using LDAP acceptance validation queries. You can
configure LDAP acceptance to prevent directory harvest attacks within the SMTP
conversation or within the work queue.
Directory Harvest Attack Prevention within the SMTP
Conversation
Conversation
You can prevent DHAs by entering only domains in the Recipient Access Table
(RAT), and performing the LDAP acceptance validation in the SMTP
conversation.
(RAT), and performing the LDAP acceptance validation in the SMTP
conversation.
To drop messages during the SMTP conversation, configure an LDAP server
profile for LDAP acceptance. Then, configure the listener to perform an LDAP
accept query during the SMTP conversation.
profile for LDAP acceptance. Then, configure the listener to perform an LDAP
accept query during the SMTP conversation.