Cisco Cisco Email Security Appliance C690 用户指南
3-28
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Creating a Chain Query
You create a chain query from the System Administration > LDAP > LDAP Server Profiles page.
Figure 3-11
Configuring a Chain Query
Step 1
From the LDAP Server Profiles page, click Advanced.
Step 2
Click Add Chain Query.
The Chain query page opens.
Step 3
Add a name for the chain query.
Step 4
Select the query type.
When you create chain queries, you cannot select different types of queries. Once you select a query
type, the Cisco IronPort appliance populates the query field with queries of that type from available
server profiles.
type, the Cisco IronPort appliance populates the query field with queries of that type from available
server profiles.
Step 5
Select a query to add to the chain query.
The Cisco IronPort appliance runs the queries in the order you configure them. Therefore, if you add
multiple queries to the chain query, you might want to order the queries so that more specific queries
are followed by more general queries.
multiple queries to the chain query, you might want to order the queries so that more specific queries
are followed by more general queries.
Step 6
Test the query by clicking the Test Query button and entering a user login and password or an email
address to test in the Test Parameters fields. The results appear in the Connection Status field.
address to test in the Test Parameters fields. The results appear in the Connection Status field.
Step 7
Optionally, if you use the {f} token in an acceptance query, you can add an envelope sender address to
the test query.
the test query.
Note
Once you create the chain query, you need to associate it with a public or private listener.
Step 8
Submit and commit your changes.
Using LDAP For Directory Harvest Attack Prevention
Directory Harvest Attacks occur when a malicious sender attempts to send messages to recipients with
common names, and the email gateway responds by verifying that a recipient has a valid mailbox at that
location. When performed on a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
common names, and the email gateway responds by verifying that a recipient has a valid mailbox at that
location. When performed on a large scale, malicious senders can determine who to send mail to by
“harvesting” these valid addresses for spamming.
The Cisco IronPort Email Security appliance can detect and prevent Directory Harvest Attack (DHA)
when using LDAP acceptance validation queries. You can configure LDAP acceptance to prevent
directory harvest attacks within the SMTP conversation or within the work queue.
when using LDAP acceptance validation queries. You can configure LDAP acceptance to prevent
directory harvest attacks within the SMTP conversation or within the work queue.