Cisco Cisco Email Security Appliance C160 Mode D'Emploi
Chapter 4 LDAP Queries
4-224
Cisco IronPort AsyncOS 7.3 for Email Advanced Configuration Guide
OL-23081-01
dropped messages to invalid LDAP recipients. At this point, the IronPort
appliance determines that the threshold is reached, and the connection is
dropped. By default, the maximum number of recipients per hour for a public
listener is 25. For a private listener, the maximum number of recipients per
hour is unlimited by default. Setting it to “Unlimited” means that DHAP is
not enabled for that mail flow policy.
appliance determines that the threshold is reached, and the connection is
dropped. By default, the maximum number of recipients per hour for a public
listener is 25. For a private listener, the maximum number of recipients per
hour is unlimited by default. Setting it to “Unlimited” means that DHAP is
not enabled for that mail flow policy.
•
Drop Connection if DHAP Threshold is reached within an SMTP
conversation. Configure the IronPort appliance to drop the connection if the
Directory Harvest Attack Prevention threshold is reached.
conversation. Configure the IronPort appliance to drop the connection if the
Directory Harvest Attack Prevention threshold is reached.
•
Max. Recipients Per Hour Code. Specify the code to use when dropping
connections. The default code is 550.
connections. The default code is 550.
•
Max. Recipients Per Hour Text. Specify the text to use for dropped
connections. The default text is “Too many invalid recipients.”
connections. The default text is “Too many invalid recipients.”
If the threshold is reached, the Envelope Sender of the message does not receive
a bounce message when a recipient is invalid.
a bounce message when a recipient is invalid.
Directory Harvest Attack Prevention within the Work Queue
You can prevent most DHAs by entering only domains in the Recipient Access
Table (RAT), and performing the LDAP acceptance validation within the work
queue. This technique prevents the malicious senders from knowing if the
recipient is valid during the SMTP conversation. (When acceptance queries are
configured, the system accepts the message and performs the LDAP acceptance
validation within the work queue.) However, the Envelope Sender of the message
will still receive a bounce message if a recipient is not valid.
Table (RAT), and performing the LDAP acceptance validation within the work
queue. This technique prevents the malicious senders from knowing if the
recipient is valid during the SMTP conversation. (When acceptance queries are
configured, the system accepts the message and performs the LDAP acceptance
validation within the work queue.) However, the Envelope Sender of the message
will still receive a bounce message if a recipient is not valid.
Configuring Directory Harvest Prevention in the Work Queue
To prevent Directory Harvest Attacks, you first configure an LDAP server profile,
and enable LDAP Accept. Once you have enabled LDAP acceptance queries,
configure the listener to use the accept query, and to bounce mail for
non-matching recipients:
and enable LDAP Accept. Once you have enabled LDAP acceptance queries,
configure the listener to use the accept query, and to bounce mail for
non-matching recipients: