Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

Alternately, you can configure one “user” dedicated solely for the purposes of 
authenticating and performing queries instead of opening up your LDAP directory 
server for anonymous queries from any client.

A summary of the steps is included here, specifically: 

How to set up Microsoft Exchange 2000 server to allow “anonymous” 
authentication.

How to set up Microsoft Exchange 2000 server to allow “anonymous bind.”

How to set up IronPort AsyncOS to retrieve LDAP data from a Microsoft 
Exchange 2000 server using both “anonymous bind” and “anonymous” 
authentication.

Specific permissions must be made to a Microsoft Exchange 2000 server in order 
to allow “anonymous” or “anonymous bind” authentication for the purpose of 
querying user email addresses. This can be very useful when an LDAP query is 
used to determine the validity of an income email message to the SMTP gateway.

The following setup instructions allow you to make specific data available to 
unauthenticated queries of Active Directory and Exchange 2000 servers in the 
Microsoft Windows Active Directory. If you wish to allow “anonymous bind” to 
the Active Directory, see 

Determine required Active Directory permissions.

Using the ADSI Edit snap-in or the LDP utility, you must modify the 
permissions to the attributes of the following Active Directory objects:

The root of the domain naming context for the domain against which you 
want to make queries.

All OU and CN objects that contain users against which you wish to 
query email information.