Cisco Cisco Email Security Appliance C650 Guía Del Usuario
3-3
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Understanding How LDAP Works with AsyncOS
When you work with LDAP directories, the Cisco IronPort appliance can be used in conjunction with an
LDAP directory server to accept recipients, route messages, and/or masquerade headers. LDAP group
queries can also be used in conjunction with message filters to create rules for handling messages as they
are received by the Cisco IronPort appliance.
LDAP directory server to accept recipients, route messages, and/or masquerade headers. LDAP group
queries can also be used in conjunction with message filters to create rules for handling messages as they
are received by the Cisco IronPort appliance.
demonstrates how the Cisco IronPort appliance works with LDAP:
Figure 3-1
LDAP Configuration
Step 1
The sending MTA sends a message to the public listener “A” via SMTP.
Step 2
The Cisco IronPort appliance queries the LDAP server defined via the System Administration > LDAP
page (or by the global
page (or by the global
ldapconfig
command).
Step 3
Data is received from the LDAP directory, and, depending on the queries defined on the System
Administration > LDAP page (or in the
Administration > LDAP page (or in the
ldapconfig
command) that are used by the listener:
–
the message is routed to the new recipient address, or dropped or bounced
–
the message is routed to the appropriate mailhost for the new recipient
–
From:, To:, and CC: message headers are re-written based upon the query
–
further actions as defined by
rcpt-to-group
or
mail-from-group
message filter rules (used in
conjunction with configured group queries).
Note
You can configure your Cisco IronPort appliance to connect to multiple LDAP servers. When you do
this, you can configure the LDAP profile settings for load-balancing or failover. For more information
about working with multiple LDAP servers, see
this, you can configure the LDAP profile settings for load-balancing or failover. For more information
about working with multiple LDAP servers, see
.
Firewall
IronPort appliance
Sending MTA
•
Recipient email address (local)
•
Mailhost information
•
Mail routing information
•
Group information
•
SMTP AUTH
2
1
HELO
SMTP
A
3
DC=example,DC=com
with LDAP enabled