Been seeing a bunch of these messages over the past week in the logs:
Sun Apr 26 23:21:40 2009 Warning: Dropping connection due to potential Directory Harvest Attack from host=('xxxxxxxx, None), dhap_limit=1, sender_group=INVALID_DNS, listener=MailListener, reverse_dns=xxxxxxxxx, ICID 26690919
Sun Apr 26 23:21:40 2009 Info: ICID 26690919 close
Sun Apr 26 23:21:40 2009 Info: Connection Error: DCID: 2300172 domain: xxxxxxx IP: xxxxxxx port: 25 details: 550-'Too many invalid recipients' interface: xxxxxxxx reason: unexpected SMTP response
The problem is, the host is listed as the IronPort interface itself. Any idea what's going on here?