Directory Harvest Attach Prevention : beware !

Unanswered Question
May 7th, 2007
User Badges:

[AsyncOS 5.1.0 on a dual C300 cluster]

We had Directory Harvest Attack Prevention switched 'on' in all
our mail flow policies until we found out that trying N invalid
recipients in one hour caused ALL subsequent SMTP
connections from that particular IP address to fail with a
'550 Too many invalid recipients' SMTP error reply by the

The IP address belonged to one of the outgoing mail relays
of the largest commercial provider in the country.

In other words : one bad sender could cause thousands of
legitimate mail transactions (by other users) to fail.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Pat_ironport Sat, 06/16/2007 - 16:16
User Badges:

@eluyten: And what is your solution? Do you have switched off the "Directory Harvest Attack Prevention" completely or just increased the number N?

Erich_ironport Sat, 06/16/2007 - 16:58
User Badges:

Remember you can adjust the DHAP limit "N" based on the sendergroup.
Throttled groups have a low DHAP limit.
Accepted groups have a medium DHAP limit.
Trusted groups have a higher DHAP limit.

jbivens_ironport Mon, 06/18/2007 - 14:55
User Badges:

My recommendation would be to create a new/special Sender Group & Mail flow policy for organizations that fall into this category. I would either recommend setting it to unlimited (for MTA IP's only) or increase the DHAP limit for that domain/network owner.


Jay Bivens
IronPort Systems


This Discussion