Use LDAP between MailEnable servers to prevent backscatter?

Discussions on webmail and the Professional version.
Post Reply
Posts: 132
Joined: Tue Jan 31, 2006 8:42 pm

Use LDAP between MailEnable servers to prevent backscatter?

Post by trusnock » Tue Mar 20, 2012 4:58 pm

We have two MailEnable servers configured as edge servers in front of our main MailEnable server, accepting mail and handling the initial blacklisting and anti-virus scrubbing for inbound messages. These servers are configured with all of our domains and are set to SmartHost those domains to the main MailEnable server. We've made a set of scripts to auto-refresh the list of domains from the main server to these edge servers so they always have a current list of domains to accept and SmartHost.

This arrangement offloads a lot of the work from the main server, and provides a great deal of protection when one of our domains gets attacked by a flood of spam. However, since the edge servers don't have a list of users (just a list of domains), they can't tell when a spammer is sending mail to a bogus e-mail address in one of our domains. They have to accept mail to any recipient within our domains.

This would result in tons of backscatter, so we had to disable NDRs on the main server a couple of years ago. I found a knowledge base article describing an LDAP-based solution for this arrangement when the edge server is a Barracuda spam filter box (here: ... D=me020528). But I haven't found anything for the case where the edge server is another MailEnable box.

Is it possible to use LDAP (or some other solution) to let the edge MailEnable servers query the main MailEnable server to see if an address is legit before accepting the connection?

It seems we might be able to use the External Script feature under the "Advanced SMTP" tab in SMTP Properties, but I don't know enough about that scripting language to know if that is the right approach. We're currently on v4.26 but we would upgrade to the latest version if it would let us get our NDR capability back.

-Tom R.

Post Reply