DHAP: Warning <Directory Harvest Attack Prevention> smtp2.xyz.com: Potential Directory Harvest Attack detected. See the system
I am new to Iron port Spam device, i will be getting below logs from my SPAM BOX on daily basis for every 1 hr starting from 14:00Hrs till next morning 07:30Hrs. Can any one pls let me know what is the impact of it on my mailbox services.
below is the message which i get on regular interval.
Potential Directory Harvest Attack detected. See the system mail logs for more information about this attack.
Serial Number: ********************
Timestamp: 22 Apr 2014 06:25:32 +0400
To learn more about alerts, please visit our Knowledge Base. In many cases, you can find further information about this specific alert. Please click the Knowledge Base link after logging into our Support Portal at:
If you desire further information, please contact your support provider.
To open a support request for this issue, access the IronPort C160 and issue the "supportrequest" command. The command sends an email with diagnostic information directly to your IronPort support provider to facilitate a rapid diagnosis of the problem.
Q: I am receiving the alert "Potential Directory Harvest Attack detected." What does it mean?
A: These alerts are informational and you do not need to take any action. An outside mail server attempted too many invalid recipients and triggered the DHAP (Directory Harvest Attack Prevention) alert. This threshold is set in the mail flow policies: Mail Policies > Mail Flow Policy.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...