This article applies to:
- Trustwave MailMarshal (SEG)
- DoS and DHA functionality
Question:
- What are the configuration options for DoS and DHA blocking periods?
- Are DoS and DHA blocking periods extended?
- DoS and DHA calculation
Background:
In some previous versions of MailMarshal, the Denial of Service (DoS) and Directory Harvest Attack (DHA) blocking periods were reset on a sliding basis. If a blocked server attempts to connect, the blocking period can be extended.
- This behavior can cause email from a legitimate external server to be delayed or permanently refused.
- For instance, if an external server creates a large number of legitimate connections, or attempts delivery to obsolete addresses, it might be blocked. If the server retries delivery within the blocking period, blocking might never end.
In current versions of MailMarshal, the end times of DoS and DHA blocking periods are not reset. Any connections from a blocked server will not extend the period. When the blocking period ends, MailMarshal starts a new evaluation period.
- This behavior helps to ensure that legitimate servers will eventually be able to deliver messages.
If you prefer the "sliding" behavior, you can configure MailMarshal to use this behavior, by setting Registry entries.
Procedure:
For DoS:
- In MailMarshal 10.0 and above, open the Management Console and navigate to Advanced Settings. Add a new value:
- Name: Receiver.DOS.SlidingDOSWindow
- Type: Boolean
- Value: True (selected)
- In MailMarshal 8.X and below, open the Registry Editor on the Array Manager. Within the base registry key, navigate to \Default\Receiver\DOS
- In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Receiver\DOS
- For information about the registry location for each version, see article Q10832.
- Enter a new DWORD value named SlidingDOSWindow with value 1.
- Save your registry settings or configuration settings.
- Commit the configuration changes and restart the MailMarshal Receiver service on each node.
For DHA:
- In MailMarshal 10.0 and above, open the Management Console and navigate to Advanced Settings. Add a new value:
- Name: Receiver.DHA.SlidingDHAWindow
- Type: Boolean
- Value: True (selected)
- In MailMarshal 8.X and below, open the Registry Editor on the Array Manager. Within the base registry key, navigate to \Default\Receiver\DHA
- In version 8.X: HKEY_LOCAL_MACHINE\SOFTWARE\Trustwave\Secure Email Gateway\Default\Receiver\DHA
- For information about the registry location for each version, see article Q10832.
- Enter a new DWORD value named SlidingDHAWindow with value 1.
- Save your registry settings or configuration settings.
- Commit the configuration changes and restart the MailMarshal Receiver service on each node.
As always, take due care when editing the Registry.
Notes:
To configure DoS and DHA prevention settings, see the MailMarshal Management Console or 8.X Configurator (Attack Prevention tab of Array Properties).
The Advanced Settings described may not be available in MailMarshal 10.0.0 and 10.0.1.
If you are experiencing problems with DoS or DHA blocking, you can also configure other settings:
- Exclude specific hosts from blocking.
- Set the blocking period to a shorter time than typical server retry times (generally, less than 15 minutes).