Address harvesting is done by spammers to find valid email addresses on a server. Basically it is a brute force method where they try to send email to thousands of different usernames they run from a dictionary of common names and the server responds with either "OK" or "Unknown User". By monitoring the response they can tell when an address is valid and they then add it to the spam CD's.
Well I tried everything I could think of to protect my NTmail servers from this. I even went so far as to sector edit the exe and change the "unknown user" error message to "ok" but that just means valid email to an account that no longer exists will keep being sent until it reaches a timeout period which can be anywhere from a few hours to days.
Then I happened upon a method that works. I figure it's my job to make sure that I deliver mail to the people it's sent to but what about mail that is addressed to a non existant address? Well I don't think I care about that, not my customer, not my problem. So with that in mind here is how you can protect against address harvesting.
This is in NTmail 5.06, but should work in past and future versions as well.
Go into the web configuration screen
click on domains at the top
click on settings tab
under "Unknown User action" check the "redirect to mail server" check box
in the box type "null@yourdomain.com" where yourdomain is the name of your domain.
click the update button at the bottom.
Basically what you just did was tell the server to accept mail for *@yourdomain.com and if it's not a valid address then just trash it. This way nobody ever gets anything but the "OK" message when testing user names.
It's not perfect, but it works.