Cisco Cisco Email Security Appliance C680 User Guide

You can use your existing LDAP infrastructure to define how the recipient email 
address of incoming messages (on a public listener) should be handled during the 
SMTP conversation or within the workqueue. See “Accept Queries” in the 
“Customizing Listeners” chapter of the Cisco IronPort AsyncOS for Email 
Advanced Configuration Guide. This allows the IronPort appliance to combat 
directory harvest attacks (DHAP) in a unique way: the system accepts the 
message and performs the LDAP acceptance validation within the SMTP 
conversation or the work queue. If the recipient is not found in the LDAP 
directory, you can configure the system to perform a delayed bounce or drop the 
message entirely.

For more information, see the “LDAP Queries” chapter in the Cisco IronPort 
AsyncOS for Email Advanced Configuration Guide.

The Work Queue is where the received message is processed before moving to the 
delivery phase. Processing includes masquerading, routing, filtering, 
safelist/blocklist scanning, anti-spam and anti-virus scanning, Virus Outbreak 
Filters, and quarantining.

Data loss prevention (DLP) scanning is only available for outgoing messages. For 
information on where DLP message scanning occurs in the Work Queue, see 

Note, as a general rule, changes to security services (anti-spam scanning, 
anti-virus scanning, and Virus Outbreak Filters) do not affect messages already in 
the work queue. As an example:

If a message bypasses anti-virus scanning when it first enters the pipeline because 
of any of these reasons:

anti-virus scanning was not enabled globally for the appliance, or