Cisco Cisco Content Security Management Appliance M160 ユーザーガイド
7-16
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 7 Spam Quarantine
Configuring Spam Management Features for End Users
Related Topics
•
•
•
•
•
•
Configuring LDAP to Work with the Spam Quarantine, page 11-1
•
LDAP Authentication Process
1.
A user enters his or her username and passphrase into the web UI login page.
2.
The spam quarantine connects to the specified LDAP server either to perform an anonymous search
or as an authenticated user with the specified “Server Login” DN and passphrase. For Active
Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the
6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in
order to execute the search.
or as an authenticated user with the specified “Server Login” DN and passphrase. For Active
Directory, you will usually need to have the server connect on the “Global Catalog port” (it is in the
6000s) and you need to create a low privilege LDAP user that the spam quarantine can bind as in
order to execute the search.
3.
The spam quarantine then searches for the user using the specified BaseDN and Query String. When
a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts
bind to the directory using the user records’ DN and the passphrase they entered originally. If this
passphrase check succeeds then the user is properly authenticated, but the spam quarantine still
needs to determine which mailboxes’ contents to show for that user.
a user’s LDAP record is found, the spam quarantine then extracts the DN for that record and attempts
bind to the directory using the user records’ DN and the passphrase they entered originally. If this
passphrase check succeeds then the user is properly authenticated, but the spam quarantine still
needs to determine which mailboxes’ contents to show for that user.
4.
Messages are stored in the spam quarantine using the recipient's envelope address. After a user's
passphrase is validated against LDAP, the spam quarantine then retrieves the “Primary Email
Attribute” from the LDAP record to determine which envelope address they should show
passphrase is validated against LDAP, the spam quarantine then retrieves the “Primary Email
Attribute” from the LDAP record to determine which envelope address they should show
For End-User
Spam Quarantine Access
Spam Quarantine Access
Do This
Directly via web browser,
authentication required
authentication required
and
Via a link in a notification,
authentication required
authentication required
1.
In the End User Quarantine Access settings, choose LDAP, SAML 2.0, or Mailbox
(IMAP/POP).
(IMAP/POP).
2.
In the Spam Notifications settings, deselect Enable login without credentials for
quarantine access.
quarantine access.
Directly via web browser,
authentication required
authentication required
and
Via a link in a notification,
authentication not required
authentication not required
1.
In the End User Quarantine Access settings, choose LDAP, SAML 2.0, or Mailbox
(IMAP/POP).
(IMAP/POP).
2.
In the Spam Notifications settings, select Enable login without credentials for
quarantine access.
quarantine access.
Only via a link in a notification,
authentication not required
authentication not required
In the End User Quarantine Access settings, choose None as the authentication method.
No access
In the End User Quarantine Access settings, deselect Enable End-User Quarantine
Access.
Access.