Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
22-25
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 22 LDAP Queries
Using Domain-based Queries to Route to a Particular Domain
To skip virus and spam filtering for members of the IT group, you create the following message filter to
check incoming messages against LDAP groups.
check incoming messages against LDAP groups.
Note
The rcpt-to-group in this message filter reflects the DN entered as the group name: cn=IT, ou=groups,
o=sample.com. Verify that you use the correct group name in the message filter to ensure that your filter
matches the name in your LDAP directory.
o=sample.com. Verify that you use the correct group name in the message filter to ensure that your filter
matches the name in your LDAP directory.
Messages accepted by the listener trigger a query to the LDAP server to determine group membership.
If the message recipient is a member of the IT group, the message filter skips both virus and spam
checking and delivers the message to the recipient. To enable the filter to check the results of the LDAP
query, you must create the LDAP query on the LDAP server and enable the LDAP query on a listener.
If the message recipient is a member of the IT group, the message filter skips both virus and spam
checking and delivers the message to the recipient. To enable the filter to check the results of the LDAP
query, you must create the LDAP query on the LDAP server and enable the LDAP query on a listener.
Using Domain-based Queries to Route to a Particular Domain
Domain-based queries are LDAP queries grouped by type, associated with a domain, and assigned to a
particular listener. You might want to use domain-based queries if you have different LDAP servers
associated with different domains but you want to run queries for all your LDAP servers on the same
listener. For example, the company “MyCompany” purchases company “HisCompany” and company
“HerCompany” MyCompany maintains its domain, MyCompany.example.com as well as domains for
HisCompany.example.com and HerCompany.example.com, and it maintains a different LDAP server for
employees associated with each domain. To accept mail for all three of these domains, MyCompany
creates domain-based queries. This allows MyCompany.example.com to accept emails for
Mycompany.example.com, HisCompany.example.com, and HerCompany.example.com on the same
listener.
particular listener. You might want to use domain-based queries if you have different LDAP servers
associated with different domains but you want to run queries for all your LDAP servers on the same
listener. For example, the company “MyCompany” purchases company “HisCompany” and company
“HerCompany” MyCompany maintains its domain, MyCompany.example.com as well as domains for
HisCompany.example.com and HerCompany.example.com, and it maintains a different LDAP server for
employees associated with each domain. To accept mail for all three of these domains, MyCompany
creates domain-based queries. This allows MyCompany.example.com to accept emails for
Mycompany.example.com, HisCompany.example.com, and HerCompany.example.com on the same
listener.
[]> - NEW - Create a new filter.
- IMPORT - Import a filter script from a file.
[]> new
Enter filter script. Enter '.' on its own line to end.
IT_Group_Filter:
if (rcpt-to-group == "cn=IT, ou=groups, o=sample.com"){
skip-spamcheck();
skip-viruscheck();
deliver();
}
.
1 filters added.