Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
1
Helpful
1
Replies

[Cisco ESA] No recognition of invalid recipient

zer0man
Level 1
Level 1

‎11-07-2023 06:52 AM - edited ‎11-26-2023 10:41 PM

Hello everbody!

We are having a problem with e-mails sent to our organization from in- and outside the organization. 
A couple of months ago the user did retrieve an email back, when the email to a non-existent user (e.g misspelled email address) was sent. 
Something changed (no update) and now the message get's stuck in a loop between the different ESAs (asking for the recipient) until the header reaches a size and the email gets rejected.
We had to implement a rule to reject the email when this specific size is reached.

Checking "Message details" I can search for the "non-existent" recipient and see a couple of results aborted with "Message header too big." For one example I get around 35 results back. 

Problem solved - misconfiguration in the config-pool.  
Thanks in advance!  

Labels:
0 Helpful
1 Reply 1

srigovi2
Cisco Employee
Cisco Employee

‎01-02-2024 07:36 AM

By setting up LDAP recipient validation, Ironport is freeing up resources on your mail server and performing the recipient on the Ironport appliance.

For example, say a message arrives on the Ironport appliance and is addressed to:


recipient email address: blahblahblah@yourdomain.com

The IronPort ldap process will take the recipient email and ask your LDAP Server/domain controller/active directory if this is a valid user in your domain:

If it's valid, the system will process the email like normal.

If it's invalid, depending upon your Accept query setting, it will either drop or bounce that individual message. You can see this setting by going to "Network > Listeners". Select your incoming or inbound listener and go to the LDAP queries section at the bottom.

 

Reference link - https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118218-configure-esa-00.html

 

----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco Secure Email through our live Ask the Experts (ATXs) session. Check out this ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs
-----------------------------------------

 


 

Customers Also Viewed These Support Documents