Cisco Cisco Email Security Appliance C160 Mode D'Emploi
3-2
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Understanding LDAP Queries
If you store user information within LDAP directories in your network infrastructure, you can configure
the Cisco IronPort appliance to query your LDAP server for the following purposes:
the Cisco IronPort appliance to query your LDAP server for the following purposes:
•
Acceptance Queries. You can use your existing LDAP infrastructure to define how the recipient
email address of incoming messages (on a public listener) should be handled. For more information,
see
email address of incoming messages (on a public listener) should be handled. For more information,
see
•
Routing (Aliasing) You can configure the appliance to route messages to the appropriate address
and/or mail host based upon the information available in LDAP directories on your network. For
more information, see
and/or mail host based upon the information available in LDAP directories on your network. For
more information, see
•
Masquerading. You can masquerade Envelope Senders (for outgoing mail) and message headers
(for incoming mail, such as To:, Reply To:, From: or CC:). For more information about
masquerading, see
(for incoming mail, such as To:, Reply To:, From: or CC:). For more information about
masquerading, see
•
Group Queries. You can configure the Cisco IronPort appliance to perform actions on messages
based on the groups in the LDAP directory. You do this by associating a group query with a message
filter. You can perform any message action available for message filters on messages that match the
defined LDAP group. For more information, see
based on the groups in the LDAP directory. You do this by associating a group query with a message
filter. You can perform any message action available for message filters on messages that match the
defined LDAP group. For more information, see
•
Domain-based Queries. You can create domain-based queries to allow the Cisco IronPort appliance
to perform different queries for different domains on a single listener. When the Email Security
Appliance runs the domain-based queries, it determines the query to use based on the domain, and
it queries the LDAP server associated with that domain.
to perform different queries for different domains on a single listener. When the Email Security
Appliance runs the domain-based queries, it determines the query to use based on the domain, and
it queries the LDAP server associated with that domain.
•
Chain Queries. You can create a chain query to enable the Cisco IronPort appliance to perform a
series of queries in sequence. When you configure a chain query, the Cisco IronPort appliance runs
each query in sequence until the LDAP appliance returns a positive result.
series of queries in sequence. When you configure a chain query, the Cisco IronPort appliance runs
each query in sequence until the LDAP appliance returns a positive result.
•
Directory Harvest Prevention. You can configure the Cisco IronPort appliance to combat directory
harvest attacks using your LDAP directories. You can configure directory harvest prevention during
the SMTP conversation or within the work queue. If the recipient is not found in the LDAP directory,
you can configure the system to perform a delayed bounce or drop the message entirely.
Consequently, spammers are not able to differentiate between valid and invalid email addresses. See
harvest attacks using your LDAP directories. You can configure directory harvest prevention during
the SMTP conversation or within the work queue. If the recipient is not found in the LDAP directory,
you can configure the system to perform a delayed bounce or drop the message entirely.
Consequently, spammers are not able to differentiate between valid and invalid email addresses. See
.
•
SMTP Authentication. AsyncOS provides support for SMTP authentication. SMTP Auth is a
mechanism for authenticating clients connected to an SMTP server. You can use this functionality
to enable users at your organization to send mail using your mail servers even if they are connecting
remotely (e.g. from home or while traveling). For more information, see
mechanism for authenticating clients connected to an SMTP server. You can use this functionality
to enable users at your organization to send mail using your mail servers even if they are connecting
remotely (e.g. from home or while traveling). For more information, see
•
External Authentication. You can configure your Cisco IronPort appliance to use your LDAP
directory to authenticate users logging in to the Cisco IronPort appliance. For more information, see
directory to authenticate users logging in to the Cisco IronPort appliance. For more information, see
.
•
Spam Quarantine End-User Authentication. You can configure your appliance to validate users
when they log in to the end-user quarantine. For more information, see
when they log in to the end-user quarantine. For more information, see
•
Spam Quarantine Alias Consolidation. If you use email notifications for spam, this query
consolidates the end-user aliases so that end-users do not receive quarantine notices for each aliased
email address. For more information, see
consolidates the end-user aliases so that end-users do not receive quarantine notices for each aliased
email address. For more information, see
.
•
User Distinguished Name. If you use RSA Enterprise Manager for data loss prevention (DLP), this
query retrieves the distinguished name for senders of messages that may contain DLP violations.
The Email Security appliance includes the distinguished name when it sends DLP incident data to
Enterprise Manager. For more information, see
query retrieves the distinguished name for senders of messages that may contain DLP violations.
The Email Security appliance includes the distinguished name when it sends DLP incident data to
Enterprise Manager. For more information, see
User Distinguished Name Queries, page 3-45
.