Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

When you work with LDAP directories, the Cisco IronPort appliance can be used in conjunction with an 
LDAP directory server to accept recipients, route messages, and/or masquerade headers. LDAP group 
queries can also be used in conjunction with message filters to create rules for handling messages as they 
are received by the Cisco IronPort appliance.

 demonstrates how the Cisco IronPort appliance works with LDAP:

The sending MTA sends a message to the public listener “A” via SMTP. 

The Cisco IronPort appliance queries the LDAP server defined via the System Administration > LDAP 
page (or by the global 

ldapconfig

 command).

Data is received from the LDAP directory, and, depending on the queries defined on the System 
Administration > LDAP page (or in the 

ldapconfig

 command) that are used by the listener:

the message is routed to the new recipient address, or dropped or bounced

the message is routed to the appropriate mailhost for the new recipient

From:, To:, and CC: message headers are re-written based upon the query

further actions as defined by 

rcpt-to-group

 or 

mail-from-group

 message filter rules (used in 

conjunction with configured group queries).

You can configure your Cisco IronPort appliance to connect to multiple LDAP servers. When you do 
this, you can configure the LDAP profile settings for load-balancing or failover. For more information 
about working with multiple LDAP servers, see 

.

Firewall

IronPort appliance

Sending MTA

Recipient email address (local)

Mailhost information

Mail routing information

Group information 

SMTP AUTH 

2

1

HELO

SMTP

A

3

 

DC=example,DC=com

with LDAP enabled