Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Spam quarantine end-user authentication queries validate users when they log in 
to the IronPort Spam Quarantine. The token {u} specifies the user (it represents 
the user’s login name). The token {a} specifies the user’s email address. The 
LDAP query does not strip "SMTP:" from the email address; AsyncOS strips that 
portion of the address.

If you want the IronPort Spam Quarantine to use an LDAP query for end-user 
access, check the “Designate as the active query” check box. If there is an existing 
active query, it is disabled. When you open the System Administration > LDAP 
page, an asterix (*) is displayed next to the active queries.

Based on the server type, AsyncOS uses one of the following default query strings 
for the end-user authentication query:

Active Directory: 

(sAMAccountName={u})

OpenLDAP: 

(uid={u})

Unknown or Other: [Blank]

By default, the primary email attribute is 

proxyAddresses

 for Active Directory 

servers and 

mail

 for OpenLDAP servers. You can enter your own query and email 

attributes. To create the query from the CLI, use the 

isqauth

 subcommand of the 

ldapconfig

 command.

If you want users to log in with their full email address, use 

(mail=smtp:{a})

 for 

the Query String.

For information on enabling end-user authentication for spam quarantines, see 
“Configuring the IronPort Spam Quarantines Feature” in the Cisco IronPort 
AsyncOS for Email Daily Management Guide.