- April 13, 2020
- Posted by: administrator
- Category: SonicWall
What is Directory Harvest Attack?
A Directory Harvest Attack or DHA is a technique used by spammers to find valid/existent email addresses at a domain either by using Brute force or by guessing valid e-mail addresses at a domain using different permutations of common username. Its easy for attackers to get hold of a valid email address if your organization uses standard format for official e-mail alias,
EXAMPLE: firstname.lastname@example.org, email@example.com, or firstname.lastname@example.org
How Can we protect against Directory Harvest Attack (DHA) ?
- Spammers can threaten your network with junk mail if they get a list of all users in an organization’s directory or can guess email addresses from your organization.
- DHA Protection Feature of Email Security can help to protect organizations vulnerable to increased attacks on their email and other data systems.
- To use DHA feature Login onto the Email security Server as Admin
Go to Manage | Security Services | Connection Management | Directory Harvest Attack (DHA)
Select from the following options for handling email addressed to people who are not in your directory:
⦁ Directory Harvest Attack (DHA) protection off (process all messages the same whether or not the email address is in LDAP)- This option means DHA protection is OFF
⦁ Permanently delete– This option will delete any email that comes in for an Invalid Email address. The deleted email cannot be retrieved.
⦁ Reject invalid addresses (Tarpitting)– This option will reject the email if it is going to an Invalid email address and tarpits the connection for the amount of time selected.
(0-3 seconds, best set to 0 as optimal)
Enabling tarpitting protection uses system resources (CPU, memory) and may slow down your server. Also, rejecting is not truly a form of DHA Protection, but it can slow down the sending machines, but as a side effect, the delay you impact also delays your machine.
⦁ Always store in Junk Box – This option will store emails going to invalid users in Junk box regardless of any spam rating.
You can also setup DHA based on Domain names by setting the following:
⦁ Apply to all recipient domains– This Option, when selected, would apply the above DHA settings to all the recipient domains on your network.
⦁ Apply only to the recipient domains listed below– This Option will allow you to enable DHA only for domain names listed in the box
⦁ Apply to all recipient domains except those listed below– This Option will allow you to disable DHA only for domain names listed in the box
NOTE: you can add multiple domains in the box separated by <CR>
DHA takes a priority regarding how emails are judged. Once a message is detected as DHA will not go through any other actions and will abide by you DHA selection.
To use the DHA feature on email security you will first need to configure LDAP configuration on email security server. This will pull all the users and email address from your LDAP server and email security will recognize valid emails using the LDAP configuration. Make sure you see all valid users under Manage|Users, Groups & Organizations|Users on Email security server after you configure LDAP.
NOTE: If the navigation or the screenshot looks different from the one mentioned above , you may be in an older firmware version and would require a firmware upgrade. Please refer the link below to upgrade the firmware to latest version.