Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

The appliance runs the queries in the order you configure them. Therefore, if you add multiple 
queries to the chain query, you might want to order the queries so that more specific queries are 
followed by more general queries.

Test the query by clicking the Test Query button and entering a user login and password or an email 
address to test in the Test Parameters fields. The results appear in the Connection Status field.

Optionally, if you use the {f} token in an acceptance query, you can add an envelope sender address to 
the test query. 

Once you create the chain query, you need to associate it with a public or private listener.

Submit and commit your changes.

Directory Harvest Attacks occur when a malicious sender attempts to send messages to recipients with 
common names, and the email gateway responds by verifying that a recipient has a valid mailbox at that 
location. When performed on a large scale, malicious senders can determine who to send mail to by 
“harvesting” these valid addresses for spamming. 

The Email Security appliance can detect and prevent Directory Harvest Attack (DHA) when using LDAP 
acceptance validation queries. You can configure LDAP acceptance to prevent directory harvest attacks 
within the SMTP conversation or within the work queue. 

You can prevent DHAs by entering only domains in the Recipient Access Table (RAT), and performing 
the LDAP acceptance validation in the SMTP conversation. 

To drop messages during the SMTP conversation, configure an LDAP server profile for LDAP 
acceptance. Then, configure the listener to perform an LDAP accept query during the SMTP 
conversation.

Once you configure LDAP acceptance queries for the listener, you must configure DHAP settings in the 
mail flow policy associated with the listener.