Cisco Cisco Email Security Appliance C650 Guía Del Usuario
22-2
Cisco AsyncOS 8.0 for Email User Guide
Chapter 22 LDAP Queries
Overview of LDAP Queries
Understanding LDAP Queries
If you store user information within LDAP directories in your network infrastructure, you can configure
the Cisco appliance to query your LDAP server for the following purposes:
the Cisco appliance to query your LDAP server for the following purposes:
•
Acceptance Queries. You can use your existing LDAP infrastructure to define how the recipient
email address of incoming messages (on a public listener) should be handled. For more information,
see
email address of incoming messages (on a public listener) should be handled. For more information,
see
.
•
Routing (Aliasing). You can configure the appliance to route messages to the appropriate address
and/or mail host based upon the information available in LDAP directories on your network. For
more information, see
and/or mail host based upon the information available in LDAP directories on your network. For
more information, see
•
Certificate Authentication. You can create a query that checks the validity of a client certificate in
order to authenticate an SMTP session between the user’s mail client and the Email Security
appliance. For more information, see
order to authenticate an SMTP session between the user’s mail client and the Email Security
appliance. For more information, see
.
•
Masquerading. You can masquerade Envelope Senders (for outgoing mail) and message headers
(for incoming mail, such as To:, Reply To:, From: or CC:). For more information about
masquerading, see
(for incoming mail, such as To:, Reply To:, From: or CC:). For more information about
masquerading, see
•
Group Queries. You can configure the Cisco appliance to perform actions on messages based on
the groups in the LDAP directory. You do this by associating a group query with a message filter.
You can perform any message action available for message filters on messages that match the
defined LDAP group. For more information, see
the groups in the LDAP directory. You do this by associating a group query with a message filter.
You can perform any message action available for message filters on messages that match the
defined LDAP group. For more information, see
•
Domain-based Queries. You can create domain-based queries to allow the Cisco appliance to
perform different queries for different domains on a single listener. When the Email Security
Appliance runs the domain-based queries, it determines the query to use based on the domain, and
it queries the LDAP server associated with that domain.
perform different queries for different domains on a single listener. When the Email Security
Appliance runs the domain-based queries, it determines the query to use based on the domain, and
it queries the LDAP server associated with that domain.
•
Chain Queries. You can create a chain query to enable the Cisco appliance to perform a series of
queries in sequence. When you configure a chain query, the Cisco appliance runs each query in
sequence until the LDAP appliance returns a positive result.
queries in sequence. When you configure a chain query, the Cisco appliance runs each query in
sequence until the LDAP appliance returns a positive result.
•
Directory Harvest Prevention. You can configure the Cisco appliance to combat directory harvest
attacks using your LDAP directories. You can configure directory harvest prevention during the
SMTP conversation or within the work queue. If the recipient is not found in the LDAP directory,
you can configure the system to perform a delayed bounce or drop the message entirely.
Consequently, spammers are not able to differentiate between valid and invalid email addresses. See
attacks using your LDAP directories. You can configure directory harvest prevention during the
SMTP conversation or within the work queue. If the recipient is not found in the LDAP directory,
you can configure the system to perform a delayed bounce or drop the message entirely.
Consequently, spammers are not able to differentiate between valid and invalid email addresses. See
•
SMTP Authentication. AsyncOS provides support for SMTP authentication. SMTP Auth is a
mechanism for authenticating clients connected to an SMTP server. You can use this functionality
to enable users at your organization to send mail using your mail servers even if they are connecting
remotely (e.g. from home or while traveling). For more information, see
mechanism for authenticating clients connected to an SMTP server. You can use this functionality
to enable users at your organization to send mail using your mail servers even if they are connecting
remotely (e.g. from home or while traveling). For more information, see
.
•
External Authentication. You can configure your Cisco appliance to use your LDAP directory to
authenticate users logging in to the Cisco appliance. For more information, see
authenticate users logging in to the Cisco appliance. For more information, see
.
•
Spam Quarantine End-User Authentication. You can configure your appliance to validate users
when they log in to the end-user quarantine. For more information, see
when they log in to the end-user quarantine. For more information, see
.