Cisco Cisco Email Security Appliance C160 Mode D'Emploi

You can define a query to your LDAP servers to determine if a recipient is a member of a group as 
defined by your LDAP directory. 

Create a message filter that uses a 

rcpt-to-group

 or 

mail-from-group

 rule to act upon the message.

Then, use the System Administration > LDAP page (or the 

ldapconfig

 command) to define the LDAP 

server for the appliance to bind to and configure a query for a group membership.

Use the Network > Listeners page (or the 

listenerconfig -> edit -> ldapgroup

 subcommand) to 

enable the group query for the listener.

For example, suppose that your LDAP directory classifies members of the “Marketing” group as 

ou=Marketing

. You can use this classification to treat messages sent to or from members of this group 

in a special way. Step 1 creates a message filter to act upon the message, and Steps 2 and 3 enable the 
LDAP lookup mechanism. 

In the following example, mail from members of the Marketing group (as defined by the LDAP group 
“Marketing”) will be delivered to the alternate delivery host 

marketingfolks.example.com

. 

First, a message filter is created to act upon messages that match positively for group membership. In 
this example, a filter is created that uses the 

mail-from-group

 rule. All messages whose Envelope 

Sender is found to be in the LDAP group “marketing-group1” will be delivered with an alternate delivery 
host (the filters 

alt-mailhost

 action). 

OpenLDAP does not support the 

memberOf

 attribute 

by default. Your LDAP Administrator may add this 
attribute or a similar attribute to the schema. 

(&(memberOf={g})(proxyAddresses=smtp:{a}))

(&(memberOf={g})(mailLocalAddress={a}))