Cisco Cisco Email Security Appliance C160 Mode D'Emploi
27-29
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 27 LDAP Queries
Using LDAP For Directory Harvest Attack Prevention
Procedure
Step 1
From the LDAP Server Profiles page, click Advanced.
Step 2
Click Add Chain Query.
Step 3
Add a name for the chain query.
Step 4
Select the query type.
When you create chain queries, you cannot select different types of queries. Once you select a query
type, the appliance populates the query field with queries of that type from available server profiles.
type, the appliance populates the query field with queries of that type from available server profiles.
Step 5
Select a query to add to the chain query.
The appliance runs the queries in the order you configure them. Therefore, if you add multiple
queries to the chain query, you might want to order the queries so that more specific queries are
followed by more general queries.
queries to the chain query, you might want to order the queries so that more specific queries are
followed by more general queries.
Step 6
Test the query by clicking the Test Query button and entering a user login and passphrase or an email
address to test in the Test Parameters fields. The results appear in the Connection Status field.
address to test in the Test Parameters fields. The results appear in the Connection Status field.
Step 7
Optionally, if you use the {f} token in an acceptance query, you can add an envelope sender address to
the test query.
the test query.
Note
Once you create the chain query, you need to associate it with a public or private listener.
Step 8
Submit and commit your changes.
Using LDAP For Directory Harvest Attack Prevention
Directory Harvest Attacks occur when a malicious sender attempts to send messages to recipients with
common names, and the email gateway responds by verifying that a recipient has a valid mailbox at that
location. When performed on a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
common names, and the email gateway responds by verifying that a recipient has a valid mailbox at that
location. When performed on a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
The Email Security appliance can detect and prevent Directory Harvest Attack (DHA) when using LDAP
acceptance validation queries. You can configure LDAP acceptance to prevent directory harvest attacks
within the SMTP conversation or within the work queue.
acceptance validation queries. You can configure LDAP acceptance to prevent directory harvest attacks
within the SMTP conversation or within the work queue.
Related Topics
•
•
Directory Harvest Attack Prevention within the SMTP Conversation
You can prevent DHAs by entering only domains in the Recipient Access Table (RAT), and performing
the LDAP acceptance validation in the SMTP conversation.
the LDAP acceptance validation in the SMTP conversation.
To drop messages during the SMTP conversation, configure an LDAP server profile for LDAP
acceptance. Then, configure the listener to perform an LDAP accept query during the SMTP
conversation.
acceptance. Then, configure the listener to perform an LDAP accept query during the SMTP
conversation.