Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
24-24
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 24 LDAP Queries
Using Group LDAP Queries to Determine if a Recipient is a Group Member
For more information on the
mail-from-group
and
rcpt-to-group
message filter rules, see
Step 2
Next, the Add LDAP Server Profile page is used to define an LDAP server for the appliance to bind to,
and an initial query for a group membership is configured.
and an initial query for a group membership is configured.
Step 3
Next, the public listener “InboundMail” is updated to use LDAP queries for group routing. The Edit
Listener page is used to enable the LDAP query specified above.
Listener page is used to enable the LDAP query specified above.
As a result of this query, messages accepted by the listener trigger a query to the LDAP server to
determine group membership. The PublicLDAP2.group query was defined previously via the
System Administration > LDAP page.
determine group membership. The PublicLDAP2.group query was defined previously via the
System Administration > LDAP page.
Figure 24-6
Specifying a Group Query on a Listener
Note that in this example, a commit must be issued for the changes to take effect.
Example: Using a Group Query to Skip Spam and Virus Checking
Because message filters occurs early in the pipeline, you can use a group query to skip virus and spam
checking for specified groups. For example, you want your IT group to receive all messages and to skip
spam and virus checking. In your LDAP record, you create a group entry that uses the DN as the group
name. The group name consists of the following DN entry:
checking for specified groups. For example, you want your IT group to receive all messages and to skip
spam and virus checking. In your LDAP record, you create a group entry that uses the DN as the group
name. The group name consists of the following DN entry:
cn=IT, ou=groups, o=sample.com
You create an LDAP server profile with the following group query:
(&(memberOf={g})(proxyAddresses=smtp:{a}))
You then enable this query on a listener so that when a message is received by the listener, the group
query is triggered.
query is triggered.