Cisco Cisco Email Security Appliance C190 Mode D'Emploi
3-36
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Figure 3-21
Configuring the LDAP Query Settings for an LDAP SMTP Authentication Profile
Step 4
Select the LDAP query you would like to use for this authentication profile. Select a default encryption
method from the drop-down menu. You can select from SHA, Salted SHA, Crypt, Plain, or MD5. If your
LDAP servers prefix an encrypted password with the encryption type, leave ‘None’ selected. If your
LDAP server saves the encryption type as a separate entity (OpenWave LDAP servers, for example), then
select an encryption method from the menu. The default encryption setting will not be used if the LDAP
query is using bind.
method from the drop-down menu. You can select from SHA, Salted SHA, Crypt, Plain, or MD5. If your
LDAP servers prefix an encrypted password with the encryption type, leave ‘None’ selected. If your
LDAP server saves the encryption type as a separate entity (OpenWave LDAP servers, for example), then
select an encryption method from the menu. The default encryption setting will not be used if the LDAP
query is using bind.
Step 5
Click the Finish button.
Step 6
Click the Commit Changes button, add an optional comment if necessary, and then click Commit
Changes to finish adding the LDAP SMTP Authentication profile.
Changes to finish adding the LDAP SMTP Authentication profile.
After creating the authentication profile, you can enable the profile on a listener. See
for more information.
Enabling SMTP Authentication on a Listener
After using the Network > SMTP Authentication page to create an SMTP authentication “profile” that
specifies the type of SMTP authentication you want to perform (LDAP-based or SMTP
forwarding-based), you must associate that profile with a listener using the Network > Listeners page
(or the
specifies the type of SMTP authentication you want to perform (LDAP-based or SMTP
forwarding-based), you must associate that profile with a listener using the Network > Listeners page
(or the
listenerconfig
command).
Note
An authenticated user is granted RELAY connection behavior within their current Mail Flow Policy.
Note
You may specify more than one forwarding server in a profile. SASL mechanisms CRAM-MD5 and
DIGEST-MD5 are not supported between the Cisco IronPort appliance and a forwarding server.
DIGEST-MD5 are not supported between the Cisco IronPort appliance and a forwarding server.
In the following example, the listener “InboundMail” is edited to use the SMTPAUTH profile configured
via the Edit Listener page:
via the Edit Listener page: