How to treat continued SMTP RCPT failures as potential Denial of Service attacks MailSite (V9) contains the ability to treat remote hosts that persistently ignore a 4XX or 5xx response to a RCPT TO: command as an attack and block the host. This works in conjunction with your DHAP settings.

Be default, the DHAP feature will detect hosts trying to send to non existent users. By adding the property below you can extend this to detect hosts that continually try to resend (aggressively) even though 4xx or 5xx errors are being generated.

For Registry Implementations:

WARNING!!
Incorrectly editing the Registry can damage the server, please proceed with care.

1. Click on the Start button.
2. Select Run, and enter Regedit
3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\ROCKLIFFE\MAILSITE
4. Create a new registry key under MailSite called "smtprainternal"
5. Create a DWORD property called "DhapRcptErrors"
6. Hit Enter and then give the key a value of 1
7. OK and Exit out of Regedit
8. Restart the SMTPRA and the SMTPDA services

For SQL Implementations

1. Open SQL Enterprise Manager and navigate to the MailSite database
2. Locate the MailServerProperties table
3. Add the Following:

4. ServiceName	PropertyName	ServerRoleId	PropType	PropIntValue	PropStringValue
   SMTPRAInternal	DhapRcptErrors	0	4	1	Null

5. Restart SMTPRA and SMTPDA
6. This will assume any host that causes continually causes 4XX or 5XX errors to be treated as an attacker. Situations such as invalid mailbox, non existing mailbox, invalid format, unavailable database or Greylisting can cause the generation of 4xx/5xx errors.


This option should be implemented with caution as genuine hosts may be identified as attackers. For example if you have Greylisting enabled, then remote hosts will generate many 4xx (defer) errors. You may need to experiment with the DHAP settings and relax the rules if you plan to implement this.