Comprar o Renovar
Comprar o Renovar
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
5337
Visitas
0
ÚTIL
3
Respuestas

Ironport reject connection when recipient not found by LDAP query

Stefan Nowak
Level 1
Level 1

el ‎03-29-2017 07:43 AM

How do we configure the listener to drop/reject/close the connection, when a recipient is not found by the LDAP query? Drop and Bounce are the only possible options offered by the ESA.

Thank you and best regards-

Etiquetas:
0 Útil
3 RESPUESTAS 3

Ken Stieers
VIP
VIP

el ‎03-29-2017 08:23 AM

Drop and bounce are the only options if you're doing it in the work queue.

Select "SMTP Conversation" to do it at the connection level.  (see below)

You may want to turn on Rejected Message Tracking under Security Services/Message Tracking so you can track down things like "I can't mail from client X" and you can diagnose that they're misspelling someone's email address...

0 Útil

Stefan Nowak
Level 1
Level 1
En respuesta a Ken Stieers

el ‎03-30-2017 01:24 AM

It works. Thank you very much.

0 Útil

Libin Varghese
Cisco Employee
Cisco Employee

el ‎03-29-2017 08:29 AM

Hi Stefan,

You can configure to perform the LDAP accept query check at the SMTP conversation instead of the workqueue. From the GUI Network -> Listeners -> Name of the Listener.

The RAT LDAP check would then drop the connections based on the configuration under Mail Policies -> RAT.

For Accept queries, select the query to use from the list. You can specify whether the LDAP Accept occurs during the work queue processing or during the SMTP conversation.

For LDAP Accept during the work queue processing, specify the behavior for non-matching recipients: bounce or drop.

For LDAP Accept during the SMTP conversation, specify how to handle mail if the LDAP server is unreachable. You can elect to allow messages or drop the connection with a code and custom response. Finally, select whether or not to drop connections if the Directory Harvest Attack Prevention (DHAP) threshold is reached during an SMTP conversation.

Performing recipient validation in the SMTP conversation can potentially reduce the latency between multiple LDAP queries. Therefore, you might notice an increased load on your directory server when you enable conversational LDAP Accept.

Thank You!

Libin Varghese

0 Útil
Customers Also Viewed These Support Documents