Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Directory Harvest Attack
  •  
Malic

Messages: 33
Karma: 0
Send a private message to this user
Every 30 Seconds i get an Security Msg in KMS saying "SMTP Connection from 192.168.2.19 rejected. directory harvest attack."

.19 is our firewall...

What is this????

Thx
  •  
virii1

Messages: 17
Karma: 0
Send a private message to this user
Is SMTP port 25 open on your firewall? Meaning, is it allowing traffic out from your LAN to your WAN?

[Updated on: Mon, 14 February 2005 19:39]

  •  
Malic

Messages: 33
Karma: 0
Send a private message to this user
yes.. its open...
  •  
Mayk

Messages: 105
Karma: 0
Send a private message to this user
**BUMP**

i'm curious after te answer to malic's question too. :-)
NE1 ?
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

Sounds like incoming SMTP connection from firewall is what is being blocked.

Perhaps the f/w is SMTP proxying (rather than just PAT) and replacing source addy (in which case this IP would be source for all mail in mail log.

If mail log source IP's are all .19 then this means the DH attack coming from outside is untraceable (at least in KMS) - check the firewall log for genuine source.

Alternatively perhaps the firewall is set to send a log or something which Kerio doesn't like???
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
They must be sending messages to invalid addresses to kick off the Directory Harvest protection. Check your security logs for:

Attempt to delivery to unknown recipient <to address>, from <from address>, IP address xxx.xxx.xxx.xxx

You should see some listed with their IP address.

The settings for the 'Max number of unknown recipients (directory harvest attack protection)' is under SMPT Server > Security Options.



Previous Topic: Directory Harvest Attack
Next Topic: Using external emailaccount
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 17:22:51 CET 2017

Total time taken to generate the page: 0.00450 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.