Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
25-52
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 25 Authenticating SMTP Sessions Using Client Certificates
Authenticating a User Using an LDAP Directory
Authenticating a User Using an LDAP Directory
The SMTP Authentication LDAP query has an Allowance Query String that allows the Email Security
appliance to check whether the user’s mail client is allowed to send mail through the appliance based on
the user’s record in the LDAP directory. This allows users who don’t have a client certficate to send mail
as long as their record specifies that it’s allowed.
appliance to check whether the user’s mail client is allowed to send mail through the appliance based on
the user’s record in the LDAP directory. This allows users who don’t have a client certficate to send mail
as long as their record specifies that it’s allowed.
You can also filter out results based on other attributes. For example, the query string
(&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t})))
checks to see if any of the
following conditions are true for the user:
•
CAC is not issued to the user (
caccn=*
)
•
CAC is exempt (
cacexempt=*
)
•
the time period that a user may temporarily send mail without a CAC expires in the future
(
(
cacemergency>={t}
)
See
for more information on using the
SMTP Authentication query.
Procedure
Step 1
Select System Administration > LDAP.
Step 2
Define an LDAP profile. See
for more information.
Step 3
Define an SMTP authentication query for the LDAP profile.
Step 4
Check the SMTP Authentication Query checkbox.
Step 5
Enter the query name.
Step 6
Enter the string to query for the user’s ID. For example,
(uid={u}).
Step 7
Select LDAP BIND for the authentication method.
Step 8
Enter an allowance query string. For example,
(&(uid={u})(|(!(caccn=*))(cacexempt=*)(cacemergency>={t})))
.
Step 9
Submit and commit your changes.
Authenticating an SMTP Connection Over TLS Using a Client
Certificate
Certificate
The certificate-based SMTP authentication profile allows the Email Security appliance to authenticate
an SMTP connection over TLS using a client certificate. When creating the profile, you select the
Certificate Authentication LDAP query to use for verifying the certificate. You can also specify whether
the Email Security appliance falls back to the SMTP AUTH command to authenticate the user if a client
certificate isn’t available.
an SMTP connection over TLS using a client certificate. When creating the profile, you select the
Certificate Authentication LDAP query to use for verifying the certificate. You can also specify whether
the Email Security appliance falls back to the SMTP AUTH command to authenticate the user if a client
certificate isn’t available.
For information on authenticating an SMTP connection by using LDAP, see
.