Cisco Cisco Email Security Appliance C160 Mode D'Emploi
24-22
Cisco AsyncOS 8.5.6 for Email User Guide
Chapter 24 LDAP Queries
Using Masquerading Queries to Rewrite the Envelope Sender
Sample Masquerading Queries
Masquerading “Friendly Names”
In some user environments, an LDAP directory server schema may store a “friendly name” in addition
to a mail routing address or a local mail address. AsyncOS allows you to masquerade Envelope Senders
(for outgoing mail) and message headers (for incoming mail, such as To:, Reply To:, From: or CC:) with
this “friendly address” — even if the friendly address contains special characters that are not normally
permitted in a valid email address (for example, quotation marks, spaces, and commas).
to a mail routing address or a local mail address. AsyncOS allows you to masquerade Envelope Senders
(for outgoing mail) and message headers (for incoming mail, such as To:, Reply To:, From: or CC:) with
this “friendly address” — even if the friendly address contains special characters that are not normally
permitted in a valid email address (for example, quotation marks, spaces, and commas).
When using masquerading of headers via an LDAP query, you now have the option to configure whether
to replace the entire friendly email string with the results from the LDAP server. Note that even with this
behavior enabled, only the user@domain portion will be used for the Envelope Sender (the friendly name
is illegal).
to replace the entire friendly email string with the results from the LDAP server. Note that even with this
behavior enabled, only the user@domain portion will be used for the Envelope Sender (the friendly name
is illegal).
As with the normal LDAP masquerading, if empty results (zero length or entire white space) are returned
from the LDAP query, no masquerading occurs.
from the LDAP query, no masquerading occurs.
To enable this feature, answer “y” to the following question when configuring an LDAP-based
masquerading query for a listener (LDAP page or
masquerading query for a listener (LDAP page or
ldapconfig
command):
For example, consider the following example LDAP entry:
If this feature is enabled, an LDAP query of (mailRoutingAddress={a}) and a masquerading attribute of
(mailLocalAddress) would result in the following substitutions:
(mailLocalAddress) would result in the following substitutions:
Table 24-4
Example LDAP Query Strings for Common LDAP Implementation: Masquerading
Query for:
Masquerade
OpenLDAP
(mailRoutingAddress={a})
Microsoft Active Directory Address Book
(proxyaddresses=smtp:{a})
SunONE Directory Server
(mail={a})
(mailAlternateAddress={a})
(mailEquivalentAddress={a})
(mailForwardingAddress={a})
(mailRoutingAddress={a})
Do you want the results of the returned attribute to replace the entire
friendly portion of the original recipient? [N]
Attribute
Value
mailRoutingAddress
admin\@example.com
mailLocalAddress
joe.smith\@example.com
mailFriendlyAddress
“Administrator for example.com,” <joe.smith\@example.com>
Original Address (From, To,
CC, Reply-to)
CC, Reply-to)
Masqueraded Headers
Masqueraded Envelope Sender
admin@example.com
From: “Administrator for
example.com,”
<joe.smith@example.com>
example.com,”
<joe.smith@example.com>
MAIL FROM:
<joe.smith@example.com>
<joe.smith@example.com>