LDAP Group Lookup

Discussion forum for Enterprise Edition.
Post Reply
frontdist
Posts: 21
Joined: Tue Mar 05, 2013 7:12 pm

LDAP Group Lookup

Post by frontdist »

I have an spam filtering appliance that is ahead of the mail server in our organization, and it uses ldap to query the user database of ME to ensure that the recipient email addresses are present/active to prevent any Directory Harvest Attacks.

Problem I am having is that there doesn't seem to be a way to query groups or lists from the ME server, only users. I have used an LDAP browser to confirm what I can see, and although users show up, there is no way to see any groups or lists, meaning that any mail sent to a group or listserver address gets bounced as a DHA attempt because the address doesn't load into the LDAP database on the anti-spam appliance.

I am having to use the LDAP option "aliases as proxyaddresses" otherwise there is no way to get the alias addresses to populate correctly (which would mean all alias mail gets bounced), so I am unable to use the options that allow a query from the directory.

Anyone find a solution or workaround to this?

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: LDAP Group Lookup

Post by MailEnable-Ian »

Hi,

A group address or list server address is just a mapped email address in the address map. Therefore LDAP should return this in your query. You need to check that the LDAP service is configured to return "All Email addresses" within the LDAP properties. Please see:

https://www.mailenable.com/documentation/10.0/Enterprise/LDAP%20properties.html
Regards,

Ian Margarone
MailEnable Support

frontdist
Posts: 21
Joined: Tue Mar 05, 2013 7:12 pm

Re: LDAP Group Lookup

Post by frontdist »

Hi Ian,

Thanks for the reply. Unfortunately I cannot select that option, when I do any accounts that have aliases on them simply show as the main mailbox for the alias, once for each alias listed, but the alias email addresses don't appear, so any mail sent to an alias gets DHA blocked because it doesn't show in the query.

I am stuck using the third option in LDAP preferences to "Default mailbox address (aliases as proxyaddresses)" unless there is another way that I am not seeing to get aliases properly populated into LDAP.

frontdist
Posts: 21
Joined: Tue Mar 05, 2013 7:12 pm

Re: LDAP Group Lookup

Post by frontdist »

Additionally, even though the group addresses show with your suggested setting, they are still represented as "objectClass = person" and not group...

And although the "list" email addresses show up under the domain/postoffice LDAP container, they are completely void of properties once you select them, which is different than the group/individual addresses as they have the expected properties.

Post Reply