Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1896
Views
0
Helpful
1
Replies

Group Matching LDAP with mail-from-group

Klemens Untner_ironport
Level 1
Level 1

‎02-08-2009 09:42 AM

Hello,

this is working fine:
1) accept Query for Users and Members of MAILENABLE:
(|(&(proxyAddresses=smtp:{a})(objectClass=user))(&(proxyAddresses=smtp:{a})(memberof=CN\3dMAILENABLE,DC\3dxx,DC\3dlocal)))

so we can select exchange public Foldes and mailenabled distributionlists in that group.

2) selecting Group with Incoming and outgoing Mailpolicy (GUI):
LDAP Group Query
recipient: LDAP.group: CN=SPECIALGROUP, OU=GROUPS, DC=xx, DC=local

Problem:
the
if (mail-from-group == "ANOTHERGROUP") directive
is not working in Filters
Allready tried several combinations like
CN=ANOTHERGROUP,OU=GROUPS,DC=xx,DC=local
CN\x3dANOTHERGROUP,OU\x3dGROUPS,DC\x3dxx,DC\x3dlocal or
CN\3dANOTHERGROUP,OU\3dGROUPS,DC\3dxx,DC\3dlocal

Group Testqueries in LDAP Config are matching fine for that group!

Any ideas?

Best regards, Klemens

Labels:
0 Helpful
1 Reply 1

Michael.Young
Level 1
Level 1

‎04-21-2020 09:03 AM

So, I just spent hours beating my head against the wall trying to get this to work.  I starting searching around, and found this post.

 

I've tried to use this in the past and I gave up.  Today I was more persistent.

 

You were probably like me and it's been a while since you configured your appliance and when you set up your listeners you added accept and routing LDAP configurations and thought - I'm not using group stuff now so I won't configure that.

 

And then when you got more advanced you tried to use mail-from-group in your global filters or content filters and it acts as if it does nothing.  Nothing in the logs (even the ldap_debug log and your LDAP server shows no query happened), no help in trace, just nothing.

 

Then I found this is docs (https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_011010.html

) under an example of using mail-from-group.

 

Messages accepted by the listener trigger a query to the LDAP server to determine group membership. If the message recipient is a member of the IT group, the message filter skips both virus and spam checking and delivers the message to the recipient. To enable the filter to check the results of the LDAP query, you must create the LDAP query on the LDAP server and enable the LDAP query on a listener.

 

And now it works for me.

 

So, I'm following up to this thread in case anyone else stumbles on this.

0 Helpful
Customers Also Viewed These Support Documents