A directory harvest attack is used by questionable sources to gain access to an organization’s internal email accounts. A directory attack not only consumes large amounts of system
resource but also, through the acquisition of email accounts, creates spam problems for email end users. With directory attack prevention settings, you can limit the maximum number of
messages and connections coming from an IP address over a given time period. These settings are configured on the page .
Steps
-
Navigate to the page .
-
Enable the directory harvest attack prevention function; mark the check box Limit the number of messages/connections per IP every.
-
From the pull-down menu, set the time period, from 1 second to 60 minutes. The default is 60 seconds.
-
Set the maximum number of messages allowed from an individual IP address during the specified time period.
The default is 30.
-
Set the maximum number of connections allowed from an individual IP address during the specified time period.
The default is 30.
-
If you have enabled the directory attack prevention option, you can also enable settings to block an IP address when a specific set of recipient conditions occurs; mark the check
box Block the IP address for and enter the time interval during which to block an IP address.
The default is 3 hours.
-
Enter the conditions for blocking the IP address:
- Maximum number of message recipients. The default is 5.
- Maximum percentage of invalid addresses among the recipients.
The default is 50%.
When these recipient limitations are exceeded, the connection is dropped automatically.
This option is available only when the recipient validation option is used (see Adding user authentication settings).
-
Click OK.
The settings are saved.