Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Directory Harvesting
  3. Articles

Configuring Directory Harvesting

Overview

Directory harvesting attacks occur when spammers send emails to randomly generated email addresses and while some email addresses may match real users, the majority of these messages are invalid and consequently floods the victim’s email server. This article describes the process to set up Directory Harvesting.

GFI MailEssentials stops these attacks by blocking emails addressed to users that are not in the organizations’ Active Directory or email server.

Process

Directory Harvesting is set up in two stages:

Stage 1 - Configuring Directory Harvesting Properties

  1. Open the GFI MailEssentials configuration.
  2. Go to Anti-Spam > Anti-Spam Filters > Directory Harvesting.

    90.png

  3. Enable Directory Harvesting and choose the lookup method to use:

    Option Description
    Enable directory harvesting protection Enable/Disable Directory Harvesting.
    Use native Active Directory lookups

    Choose the option to retrieve the list of local users from Active Directory (or from a Remote AD if GFI MailEssentials is installed in Remote Active Directory mode).
    Use LDAP lookups

    Choose this option when GFI MailEssentials is installed in SMTP mode and you want to retrieve the list of users from a separate Active Directory instance using LDAP.

    Enter the Active Directory server details. If the LDAP server requires authentication, uncheck the Anonymous bind option and enter the authentication details that will be used by this feature.

    Note: Specify authentication credentials using Domain\User format (e.g. master-domain\administrator).


  4. On the "Block if non-existent recipients equal or exceed" box, specify the number of non-existent recipients that qualify the email as spam. Emails are blocked by Directory Harvesting if all the recipients of an email are invalid, or if the number of invalid recipients in an email equals or exceeds the limit specified.

    Note: Avoid false positives by configuring a reasonable amount in the Block if non-existent recipients equal or exceed box. This value should account for users who send legitimate emails with mistyped email addresses or to users no longer employed by the company. It is recommended to set the value to a minimum of 2.

  5. Enter an email address and click on Test to verify Directory Harvesting settings. Repeat the test using a non-existent email address and ensure that Active Directory lookup fails.
  6. Click on the Actions tab to select the actions to perform on messages identified as spam. For more information, refer to the GFI MailEssentials Spam Actions article.

    Important:     If Directory Harvesting is set to run at the SMTP level, only the Log rule occurrence to this file option will be available in the Actions tab.
  7. Click on Apply.

Stage 2 - Selecting if Directory Harvesting should be done during the SMTP transmission.

  1. Go to Anti-spam > Filter Priority, and choose the SMTP Transmission Filtering tab.
  2. Click on Switch to toggle the Directory Harvesting filtering between:

    Option Description
    Filtering on receiving full email Filtering is done when the whole email is received.
    Filtering during SMTP transmission

    Filtering is done during SMTP transmission by checking if the email recipients exist before the email body and attachment are received.

    Note: If this option is chosen, Directory Harvesting will always run before the other spam filters.
  3. Click on Apply.
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments