Cisco Cisco Email Security Appliance C160 Mode D'Emploi
26-2
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 26 LDAP Queries
Overview of LDAP Queries
•
•
•
•
Understanding LDAP Queries
If you store user information within LDAP directories in your network infrastructure, you can configure
the appliance to query your LDAP server for the following purposes:
the appliance to query your LDAP server for the following purposes:
•
Acceptance Queries. You can use your existing LDAP infrastructure to define how the recipient
email address of incoming messages (on a public listener) should be handled. For more information,
see
email address of incoming messages (on a public listener) should be handled. For more information,
see
.
•
Routing (Aliasing). You can configure the appliance to route messages to the appropriate address
and/or mail host based upon the information available in LDAP directories on your network. For
more information, see
and/or mail host based upon the information available in LDAP directories on your network. For
more information, see
•
Certificate Authentication. You can create a query that checks the validity of a client certificate in
order to authenticate an SMTP session between the user’s mail client and the Email Security
appliance. For more information, see
order to authenticate an SMTP session between the user’s mail client and the Email Security
appliance. For more information, see
.
•
Masquerading. You can masquerade Envelope Senders (for outgoing mail) and message headers
(for incoming mail, such as To:, Reply To:, From: or CC:). For more information about
masquerading, see
(for incoming mail, such as To:, Reply To:, From: or CC:). For more information about
masquerading, see
•
Group Queries. You can configure the appliance to perform actions on messages based on the
groups in the LDAP directory. You do this by associating a group query with a message filter. You
can perform any message action available for message filters on messages that match the defined
LDAP group. For more information, see
groups in the LDAP directory. You do this by associating a group query with a message filter. You
can perform any message action available for message filters on messages that match the defined
LDAP group. For more information, see
.
•
Domain-based Queries. You can create domain-based queries to allow the appliance to perform
different queries for different domains on a single listener. When the Email Security Appliance runs
the domain-based queries, it determines the query to use based on the domain, and it queries the
LDAP server associated with that domain.
different queries for different domains on a single listener. When the Email Security Appliance runs
the domain-based queries, it determines the query to use based on the domain, and it queries the
LDAP server associated with that domain.
•
Chain Queries. You can create a chain query to enable the appliance to perform a series of queries
in sequence. When you configure a chain query, the appliance runs each query in sequence until the
LDAP appliance returns a positive result.
in sequence. When you configure a chain query, the appliance runs each query in sequence until the
LDAP appliance returns a positive result.
•
Directory Harvest Prevention. You can configure the appliance to combat directory harvest attacks
using your LDAP directories. You can configure directory harvest prevention during the SMTP
conversation or within the work queue. If the recipient is not found in the LDAP directory, you can
configure the system to perform a delayed bounce or drop the message entirely. Consequently,
spammers are not able to differentiate between valid and invalid email addresses. See
using your LDAP directories. You can configure directory harvest prevention during the SMTP
conversation or within the work queue. If the recipient is not found in the LDAP directory, you can
configure the system to perform a delayed bounce or drop the message entirely. Consequently,
spammers are not able to differentiate between valid and invalid email addresses. See
•
SMTP Authentication. AsyncOS provides support for SMTP authentication. SMTP Auth is a
mechanism for authenticating clients connected to an SMTP server. You can use this functionality
to enable users at your organization to send mail using your mail servers even if they are connecting
remotely (e.g. from home or while traveling). For more information, see
mechanism for authenticating clients connected to an SMTP server. You can use this functionality
to enable users at your organization to send mail using your mail servers even if they are connecting
remotely (e.g. from home or while traveling). For more information, see
.