Cisco Cisco Content Security Management Appliance M390 Guía Del Usuario
7-16
AsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide
Chapter 7 Spam Quarantine
Configuring Spam Management Features for End Users
Related Topics
•
•
•
•
•
•
LDAP Authentication Process
1.
A user enters his or her username and password into the web UI login page.
2.
The spam quarantine connects to the specified LDAP server either to perform an anonymous search
or as an authenticated user with the specified “Server Login” DN and password. For Active
Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the
6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in
order to execute the search.
or as an authenticated user with the specified “Server Login” DN and password. For Active
Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the
6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in
order to execute the search.
3.
The spam quarantine then searches for the user using the specified BaseDN and Query String. When
a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts
bind to the directory using the user records’ DN and the password they entered originally. If this
password check succeeds then the user is properly authenticated, but the spam quarantine still needs
to determine which mailboxes’ contents to show for that user.
a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts
bind to the directory using the user records’ DN and the password they entered originally. If this
password check succeeds then the user is properly authenticated, but the spam quarantine still needs
to determine which mailboxes’ contents to show for that user.
4.
Messages are stored in the spam quarantine using the recipient's envelope address. After a user's
password is validated against LDAP, the spam quarantine then retrieves the “Primary Email
Attribute” from the LDAP record to determine which envelope address they should show
quarantined messages for. The “Primary Email Attribute” can contain multiple email addresses
which are then used to determine what envelope addresses should be displayed from the quarantine
for the authenticated user.
password is validated against LDAP, the spam quarantine then retrieves the “Primary Email
Attribute” from the LDAP record to determine which envelope address they should show
quarantined messages for. The “Primary Email Attribute” can contain multiple email addresses
which are then used to determine what envelope addresses should be displayed from the quarantine
for the authenticated user.
For End-User
Spam Quarantine Access
Spam Quarantine Access
Do This
Directly via web browser,
authentication required
authentication required
and
Via a link in a notification,
authentication required
authentication required
1.
In the End User Quarantine Access settings, choose LDAP or Mailbox
(IMAP/POP).
(IMAP/POP).
2.
In the Spam Notifications settings, deselect Enable login without credentials for
quarantine access.
quarantine access.
Directly via web browser,
authentication required
authentication required
and
Via a link in a notification,
authentication not required
authentication not required
1.
In the End User Quarantine Access settings, choose LDAP or Mailbox
(IMAP/POP).
(IMAP/POP).
2.
In the Spam Notifications settings, select Enable login without credentials for
quarantine access.
quarantine access.
Only via a link in a notification,
authentication not required
authentication not required
In the End User Quarantine Access settings, choose None as the authentication method.
No access
In the End User Quarantine Access settings, deselect Enable End-User Quarantine
Access.
Access.