cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
525
Views
0
Helpful
6
Replies

LDAP Query - One leg deployment

llomjaria
Level 1
Level 1

Hello,

I'm currently working with a ESA 14.2 that has a one leg deployment and I'm looking to configure LDAP. Is there a way to set it up such that it can accept queries without having to create an additional listener? Any guidance, references, or suggestions would be greatly appreciated.

Thank you in advance for your assistance.

6 Replies 6

No.

I always thought one leg was one interface, but you still need 2 listeners (inbound on port 25, outbound on something else)...

You should be able to do an ldap lookup on the incoming listener without needing to create anything new.

You can set up the ldap connection and test it, then when ready add it to the incoming listener. If there is anything you need to accept not in ldap, you add it to the RAT and select bypass ldap lookup checkbox.

Thank you for your response.

In our case, we're working with a single interface and one listener that handles both incoming and outgoing messages. My concern is that if we set up the LDAP accept query on this listener, it might apply to all messages, including those going outbound from our network. I believe this could create potential issues as we don't want LDAP checks on outgoing messages.

Could you please confirm if LDAP accept query will indeed apply to outgoing messages in our setup? If so, is there a way to avoid this situation while maintaining our current single-interface configuration?

It will apply to outgoing mail as well as incoming. To keep it on one interface, you can set up an outgoing listener on another port (ex 1025) and configure your mail system to point at that port.

Then you can apply the leap query to your incoming listener.

Thank you for your response.

I understand the solution you've proposed with setting up an outgoing listener on a different port, and appreciate your suggestion.

However, I was wondering if there might be another possible workaround, such as configuring a message filter that could bypass the LDAP query for emails originating from our internal domain. Would that be feasible in our current setup?

Lets clear a few things up.
You're asking about an LDAP "accept" query, right? This is intended to make sure any mail coming in actually has an email on your system. The point is to not process any mail you don't need to. You can only use the built in accept query config in the listener configuration. You can't reference it anywhere else...
If you apply an LDAP query to the listener, you don't have any options that don't drop or bounce the mail... So based on your requirement of one listener, you CAN NOT use an accept query on the listener.

Doing it using policies might be possible. Policies match top down...
First policy for all outbound mail, where the sender matches your "All my users" group, process outbound however you need to.
2nd policy, recipients that DON'T match your "All my users" group - (this should be inbound mail to accounts that don't exist in your mail system), set do not check for spam/AV/etc. with a content filter that does nothing but drops the mail. (they aren't here, why do the work).
After that, whatever other policies you would normally use to deal with inbound mail.
You want to do it via policies as Message Filters don't do splintering, which allows you to properly handle inbound mail sent to multiple recipients where some of them may not be valid any more.