The spam quarantine connects to the specified LDAP server either to perform an anonymous search
or as an authenticated user with the specified “Server Login” DN and password. For Active
Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the
6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in
order to execute the search.

The spam quarantine then searches for the user using the specified BaseDN and Query String. When
a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts
bind to the directory using the user records’ DN and the password they entered originally. If this
password check succeeds then the user is properly authenticated, but the spam quarantine still needs
to determine which mailboxes’ contents to show for that user.

For End-User
Spam Quarantine Access

Do This

Directly via web browser,
authentication required

and

Via a link in a notification,
authentication required

In the End User Quarantine Access settings, choose LDAP or Mailbox
(IMAP/POP).

In the Spam Notifications settings, deselect Enable login without credentials for
quarantine access.

Directly via web browser,
authentication required

and

Via a link in a notification,
authentication not required

In the End User Quarantine Access settings, choose LDAP or Mailbox
(IMAP/POP).

In the Spam Notifications settings, select Enable login without credentials for
quarantine access.

Only via a link in a notification,
authentication not required

In the End User Quarantine Access settings, choose None as the authentication method.

No access

In the End User Quarantine Access settings, deselect Enable End-User Quarantine
Access.