Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » catch all and directory harvest attacks
  •  
bperkins

Messages: 355
Karma: 0
Send a private message to this user
If you create a catch all account:

http://support.kerio.com/index.php?_a=knowledgebase&_j=q uestiondetails&_i=339&nav=+%26gt%3B+%3Ca+href%3D%27i ndex.php%3F_a%3Dknowledgebase%26_j%3Dsubcat%26_i%3D1%27%3EKe rio+MailServer%3C%2Fa%3E

This essentially makes the directory harvest attack feature useless, correct?

If correct, which one is better to use?

Currently, I don't use the catch all account. I've written a script to scan my security log every hour for directory harvest attacks, and the script adds the IP number to my iptables to block this IP for future attacks.

I'm just wondering if a catch all function would be useful for me. Any comments?

Thanks,
BP
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
Catch-all and directory harvest attack protection are by definition exclusive. You can't do both at the same time. Look at the last part in the KB article:

"Now if an email is sent to a non-existent email address it will be delivered to the email address specified."

DHA protections works by counting and rejecting mail to non-existent email addresses.

So obviously the two will not work together. Catch-all is saying "give me all mail to addresses not explicitly defined".

Which to use? If you need to see every piece of mail sent to your server, even to bogus addresses and spam, use a catch-all. If you are more concerned about rejecting spam, don't use the catch-all.


Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
bperkins

Messages: 355
Karma: 0
Send a private message to this user
Kerio_jthomas wrote on Wed, 07 December 2005 15:04

Which to use? If you need to see every piece of mail sent to your server, even to bogus addresses and spam, use a catch-all. If you are more concerned about rejecting spam, don't use the catch-all.


Yep, that's what I figured. I'm more concerned with rejecting spam.

Thanks Josh!
  •  
ajamali

Messages: 100
Karma: 1
Send a private message to this user
hi BP

could you please upload that script

best regards
Previous Topic: Leopard Integration
Next Topic: Kerio MailServer 6.4.2 released
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 22:35:57 CET 2017

Total time taken to generate the page: 0.00375 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.