Directory harvesting
Directory harvesting attacks occur when a spammer uses known email addresses to generate other valid email addresses from corporate or ISP mail servers. This technique allows the spammer to send emails to randomly generated email addresses. Some of these email addresses are real users in the organization however many of them are bogus addresses that flood the victim's mail server.
The Directory Harvesting Attacks feature in GFI MailEssentials stops these types of attacks by blocking emails addressed to users that do not exist on the organizations Active Directory or email server. This feature makes use of the Active Directory or LDAP server to search for known users within the organization.
Screenshot 38 - The directory harvesting feature
Configuration is done from the Anti Spam -> Directory Harvesting node. Right-click on this node to bring up the Directory Harvesting properties. Mark the `Enable directory harvesting protection' option to enable this feature.
If GFI MailEssentials is installed in SMTP mode, fill in your LDAP server detail (i.e. server name, the rest can be left as default). If your LDAP server requires authentication, unmark the `Anonymous bind' option and enter the authentication details that will be used by this feature. You can test your LDAP configuration settings by clicking on the Test button or click on the Apply button to save the current settings.
If GFI MailEssentials is installed in Active Directory user mode, define the type of user lookup which best suits your company's setup i.e., enable the `Use native Active Directory lookups' option to search for user information in the Active Directory or enable the `Use LDAP lookups' option and specify your LDAP setting to search for user information on your LDAP server.
NOTE: If GFI MailEssentials is installed in Active Directory user mode on a DMZ, the Active Directory of a DMZ, normally, does not include all the network users (i.e. mail recipients) and as a result, you will be getting a lot of false positives. In such cases it is recommended that you perform Directory Harvesting checks using LDAP lookups (i.e. enable the `Use LDAP lookups' option and specify your LDAP server details).
NOTE: When GFI MailEssentials is setup behind a firewall, the Directory Harvesting feature will not be able to connect directly to the internal Active Directory because of the Firewall. In this case, although both options will be available, you must make use of LDAP lookups in order to enable the Directory Harvesting feature to connect to the internal Active Directory of your network (i.e., pass through your Firewall).
NOTE: Make sure to enable default port 389 on your Firewall
NOTE: When connecting to an Active Directory using LDAP (i.e. when GFI MailEssentials in installed on a DMZ or behind a Firewall), you have to specify the authentication credentials in this form: Domain\User (e.g. gfi\JasonM).
NOTE: In an Active Directory, normally the LDAP server is the Domain Controller.
Actions tab
After you have configured Directory Harvesting, click on Actions to specify what you want to do with emails marked as spam by this filter. For more information on possible actions, please refer to the `Actions - what to do with spam mail' section in this chapter.
Other tab
Please refer to the `Other options' section in this chapter.
