Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
3-21
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Sample Masquerading Queries
Masquerading “Friendly Names”
In some user environments, an LDAP directory server schema may store a “friendly name” in addition
to a mail routing address or a local mail address. AsyncOS allows you to masquerade Envelope Senders
(for outgoing mail) and message headers (for incoming mail, such as To:, Reply To:, From: or CC:) with
this “friendly address” — even if the friendly address contains special characters that are not normally
permitted in a valid email address (for example, quotation marks, spaces, and commas).
to a mail routing address or a local mail address. AsyncOS allows you to masquerade Envelope Senders
(for outgoing mail) and message headers (for incoming mail, such as To:, Reply To:, From: or CC:) with
this “friendly address” — even if the friendly address contains special characters that are not normally
permitted in a valid email address (for example, quotation marks, spaces, and commas).
When using masquerading of headers via an LDAP query, you now have the option to configure whether
to replace the entire friendly email string with the results from the LDAP server. Note that even with this
behavior enabled, only the user@domain portion will be used for the Envelope Sender (the friendly name
is illegal).
to replace the entire friendly email string with the results from the LDAP server. Note that even with this
behavior enabled, only the user@domain portion will be used for the Envelope Sender (the friendly name
is illegal).
As with the normal LDAP masquerading, if empty results (zero length or entire white space) are returned
from the LDAP query, no masquerading occurs.
from the LDAP query, no masquerading occurs.
To enable this feature, answer “y” to the following question when configuring an LDAP-based
masquerading query for a listener (LDAP page or
masquerading query for a listener (LDAP page or
ldapconfig
command):
For example, consider the following example LDAP entry:
If this feature is enabled, an LDAP query of (mailRoutingAddress={a}) and a masquerading attribute of
(mailLocalAddress) would result in the following substitutions:
(mailLocalAddress) would result in the following substitutions:
Table 3-4
Example LDAP Query Strings for Common LDAP Implementation: Masquerading
Query for:
Masquerade
OpenLDAP
(mailRoutingAddress={a})
Microsoft Active Directory Address Book
(proxyaddresses=smtp:{a})
SunONE Directory Server
(mail={a})
(mailAlternateAddress={a})
(mailEquivalentAddress={a})
(mailForwardingAddress={a})
(mailRoutingAddress={a})
Do you want the results of the returned attribute to replace the entire
friendly portion of the original recipient? [N]
Attribute
Value
mailRoutingAddress
admin\@example.com
mailLocalAddress
joe.smith\@example.com
mailFriendlyAddress
“Administrator for example.com,” <joe.smith\@example.com>
Original Address (From, To,
CC, Reply-to)
CC, Reply-to)
Masqueraded Headers
Masqueraded Envelope Sender
admin@example.com
From: “Administrator for
example.com,”
<joe.smith@example.com>
example.com,”
<joe.smith@example.com>
MAIL FROM:
<joe.smith@example.com>
<joe.smith@example.com>