MIMESweeper for SMTP (5.2) can be configured to only accept a message at your mail gateway if the e-mail address exists in your organisation. This is done by creating an LDAP address list and ensuring all mail enabled objects in your Active Directory are added to the list. Then in your MIMESweeper policy, you can configure the list as a Relay Target in the Anti-Relay settings so that mail from external hosts will only be delivered if the recipient is a member of the list. Depending on your mail throughput, implementing this could relieve a lot of the load on your Exchange system and MIMESweeper quarantine areas by cutting out all the junk mails associated with directory harvesting attacks, and all the NDR's which bounce back because the original recipient doesn't exist.

The caveat that prevented us from implementing this in my last company was we had an oversize public folder structure with thousands of mail enabled public folders, a lot of which had additional SMTP addresses. How to you create the LDAP query to add all of these to the LDAP address list? Here is the solution. If you select the View | "Advanced Features" option in Active Directory Users and Computers, you will see the Microsoft Exchange System Objects OU appears. This OU is dynamically updated and contains all Public Folders. In your MIMESweeper Address List, you can simply add a search criteria pointing to this folder, like so:

Full DN: cn=microsoft exchange system objects,dc=xxx,dc=yourdomain,dc=com
Class: objectclass=*
Attributes: mail,proxyAddresses

Technorati Tags: , , , , ,