Cisco Cisco Email Security Appliance X1070 ユーザーガイド
22-29
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 22 LDAP Queries
Using LDAP For Directory Harvest Attack Prevention
Figure 22-7
Configuring the Acceptance Query in the SMTP Conversation
Once you configure LDAP acceptance queries for the listener, you must configure DHAP settings in the
mail flow policy associated with the listener.
mail flow policy associated with the listener.
Figure 22-8
Configuring the Mail Flow Policy to Drop Connections in the SMTP Conversation
In the mail flow policy associated with the listener, configure the following Directory Harvest Attack
Prevention settings:
Prevention settings:
•
Max. Invalid Recipients Per hour. The maximum number of invalid recipients per hour this
listener will receive from a remote host. This threshold represents the total number of RAT
rejections combined with the total number of messages to invalid LDAP recipients dropped in the
SMTP conversation or bounced in the work queue. For example, you configure the threshold as five,
and the counter detects two RAT rejections and three dropped messages to invalid LDAP recipients.
At this point, the Cisco appliance determines that the threshold is reached, and the connection is
dropped. By default, the maximum number of recipients per hour for a public listener is 25. For a
private listener, the maximum number of recipients per hour is unlimited by default. Setting it to
“Unlimited” means that DHAP is not enabled for that mail flow policy.
listener will receive from a remote host. This threshold represents the total number of RAT
rejections combined with the total number of messages to invalid LDAP recipients dropped in the
SMTP conversation or bounced in the work queue. For example, you configure the threshold as five,
and the counter detects two RAT rejections and three dropped messages to invalid LDAP recipients.
At this point, the Cisco appliance determines that the threshold is reached, and the connection is
dropped. By default, the maximum number of recipients per hour for a public listener is 25. For a
private listener, the maximum number of recipients per hour is unlimited by default. Setting it to
“Unlimited” means that DHAP is not enabled for that mail flow policy.
•
Drop Connection if DHAP Threshold is reached within an SMTP conversation. Configure the
Cisco appliance to drop the connection if the Directory Harvest Attack Prevention threshold is
reached.
Cisco appliance to drop the connection if the Directory Harvest Attack Prevention threshold is
reached.
•
Max. Recipients Per Hour Code. Specify the code to use when dropping connections. The default
code is 550.
code is 550.
•
Max. Recipients Per Hour Text. Specify the text to use for dropped connections. The default text
is “Too many invalid recipients.”
is “Too many invalid recipients.”
If the threshold is reached, the Envelope Sender of the message does not receive a bounce message when
a recipient is invalid.
a recipient is invalid.