Cisco Cisco Email Security Appliance X1070 ユーザーガイド
22-28
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 22 LDAP Queries
Using LDAP For Directory Harvest Attack Prevention
When you create chain queries, you cannot select different types of queries. Once you select a query
type, the Cisco appliance populates the query field with queries of that type from available server
profiles.
type, the Cisco appliance populates the query field with queries of that type from available server
profiles.
Step 5
Select a query to add to the chain query.
The Cisco appliance runs the queries in the order you configure them. Therefore, if you add multiple
queries to the chain query, you might want to order the queries so that more specific queries are
followed by more general queries.
queries to the chain query, you might want to order the queries so that more specific queries are
followed by more general queries.
Step 6
Test the query by clicking the Test Query button and entering a user login and password or an email
address to test in the Test Parameters fields. The results appear in the Connection Status field.
address to test in the Test Parameters fields. The results appear in the Connection Status field.
Step 7
Optionally, if you use the {f} token in an acceptance query, you can add an envelope sender address to
the test query.
the test query.
Note
Once you create the chain query, you need to associate it with a public or private listener.
Step 8
Submit and commit your changes.
Using LDAP For Directory Harvest Attack Prevention
Directory Harvest Attacks occur when a malicious sender attempts to send messages to recipients with
common names, and the email gateway responds by verifying that a recipient has a valid mailbox at that
location. When performed on a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
common names, and the email gateway responds by verifying that a recipient has a valid mailbox at that
location. When performed on a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
The Cisco Email Security appliance can detect and prevent Directory Harvest Attack (DHA) when using
LDAP acceptance validation queries. You can configure LDAP acceptance to prevent directory harvest
attacks within the SMTP conversation or within the work queue.
LDAP acceptance validation queries. You can configure LDAP acceptance to prevent directory harvest
attacks within the SMTP conversation or within the work queue.
Directory Harvest Attack Prevention within the SMTP Conversation
You can prevent DHAs by entering only domains in the Recipient Access Table (RAT), and performing
the LDAP acceptance validation in the SMTP conversation.
the LDAP acceptance validation in the SMTP conversation.
To drop messages during the SMTP conversation, configure an LDAP server profile for LDAP
acceptance. Then, configure the listener to perform an LDAP accept query during the SMTP
conversation.
acceptance. Then, configure the listener to perform an LDAP accept query during the SMTP
conversation.