Found my issue. The service

jkirkland146 · ‎12-17-2014

I have an issue blocking users in an LDAP group. I can add myself to the group and the block works fine. But if I add another user, it does not block. Not sure it it if an issue with my Query Definition and Attributes* Query String.

(&(memberOf=cn={g},cn=users,dc=domain,dc=org)(mail={a}))

Paul Cardelli · ‎12-17-2014

Are you adding the target user directly to the group, or are you adding a group the users area member of to the group (nested group)?

Not sure if this matters, but I believe some queries for LDAP only work with direct group members. I'll have to test on my own environment to see what query would work for both direct and indirect group members.

jkirkland146 · ‎12-17-2014

I am adding a group with AD made up of members. Everyone in group "BlockEmail" gets dropped on the outgoing content filter.

Paul Cardelli · ‎12-18-2014

Understood,

The BlockedEMAIL group in AD is made up of Users, and does not contain any nested groups at all? (if not, if you add one of the target users directly to the BlockedEmail group does this fix your issue?)

In your email appliance do you have any other OutGoing Mail Policies above this one, that may have a common AD Group, or @yourdomain.com? (this could also cause your blockedemail policy to never be reached, I would make sure the BlockedEmail policy is on top.)

jkirkland146 · ‎12-22-2014

Found my issue. The service account that I was using to do LDAP lookups did not have enough permissions to see the "member of" field in AD. Once I got that corrected, it works great.

Blocking Email for users in LDAP group