Руководство Пользователя для Cisco Cisco Email Security Appliance C170

26-19

User Guide for AsyncOS 9.8 for Cisco Email Security Appliances

Chapter 26 LDAP Queries

Using Acceptance Queries For Recipient Validation

You can use your existing LDAP infrastructure to define how the recipient email address of incoming
messages (on an public listener) should be handled. Changes to user data in your directories are updated
the next time the appliance queries the directory server. You can specify the size of the caches and the
amount of time the appliance stores the data it retrieves.

Note

You may wish to bypass LDAP acceptance queries for special recipients (such as

administrator@example.com

). You can configure this setting from the Recipient Access Table (RAT).

For information about configuring this setting, see the “Configuring the Gateway to Receive Email”
chapter.

Related Topics

•

Sample Acceptance Queries, page 26-19

•

Configuring Acceptance Queries for Lotus Notes, page 26-20

Sample Acceptance Queries

Table 26-2

shows sample acceptance queries.

You can also validate on the username (Left Hand Side). This is useful if your directory does not contain
all the domains you accept mail for. Set the Accept query to (uid={u}).

Table 26-2

Example LDAP Query Strings for Common LDAP Implementations: Acceptance

Query for:

Recipient validation

OpenLDAP

(mailLocalAddress={a})

(mail={a})

(mailAlternateAddress={a})

Microsoft Active Directory Address Book

Microsoft Exchange

(|(mail={a})(proxyAddresses=smtp:{a}))

SunONE Directory Server

(mail={a})

(mailAlternateAddress={a})

(mailEquivalentAddress={a})

(mailForwardingAddress={a})

(mailRoutingAddress={a})

Lotus Notes
Lotus Domino

(|(|(mail={a})(uid={u}))(cn={u}))

(|(ShortName={u})(InternetAddress={a})(FullNa

me={u}))