Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1877
Views
0
Helpful
7
Replies

Message Filters : want to check internal e-mail address validity with ldap check or smtp... how ???

plb_ge
Level 1
Level 1

‎03-16-2020 03:35 AM

Hello,

I would like to to check internal e-mail address validity with ldap check or smtp in a Message Filters and only at Message Filter level.

According the documentation, it is not possible. Do you know if Cisco as any plan for a such possibility in Message Filters  ???

I know I can use the filter rule rcpt-to-group but, IMHO, it as some limitations ... 

Any other idea are also welcome !!!

Thanks by advance,

 

PL

 

 
Labels:
0 Helpful
7 Replies 7

Ken Stieers
VIP
VIP

‎03-16-2020 04:25 AM

I guess you could check it by verifying against Domain Users.

But if you have have the LDAP acceptance filter on on the inbound listener, knowing that it came in on that listener means you know it passed the ldap check...

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-16-2020 05:20 AM

Hi,

 

     1. You can already do LDAP Recipient Acceptance in the SMTP phase (before the e-mail/session is accepted) and in the work-queue (after the e-mail/session has been accepted); both options have pros and cons, so it's up to you which one you want to use it. See the attached picture for email pipeline.

     2. Though you should be able to do it via Message Filters as well, i don't really see what you gain, as for sure you're putting much more overload on the ASA, by doing this via Message Filters, via group queries. Look at this CL presentation:

 

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2016/pdf/BRKSEC-3008.pdf

 

Regards,

Cristian Matei.

Preview file
1416 KB
0 Helpful

plb_ge
Level 1
Level 1

‎03-17-2020 02:00 AM

 

Thank you Ken and Cristian for your answers,

 

I agree with you both but I have another use case (I should have mention it immediately ... sorry): for e-mail sent internally I want to enforce that each sender email address is well know and defined. For example I don't to accept email from addresses like toto@unige.ch or system-admin@unige.ch...

 

I know I can use the filter rule mail-from-group but I'll prefer to work with ldap check or smtp validation in Message Filters.

 

Do you have any idea how can I achieve it without the filter rule mail-from-group ???

 

Thanks for your answers,

 

PL

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to plb_ge

‎03-17-2020 04:01 AM

Hi,

 

   Just to make sure i understood. You're receiving e-mail from the Internet, but this is not what you care about. What you care about is that any e-mail sent outbound from your domain of unige.ch is being sent from "whitelisted"/allowed senders of domain unige.ch. Is this correct?

 

Regards,

Cristian Matei.

0 Helpful

plb_ge
Level 1
Level 1
In response to Cristian Matei

‎03-17-2020 07:19 AM

Hello Cristian,

 

Yes: for one of our use case, I want to care that any email sent outbound from your domain of unige.ch are being sent from existing email address only. For example if a mopier is used to send email (scan to email function) with the From address 'mopier@unige.ch', this address must exist on our Exchange servers. The mopier doesn't need to be authenticated to send email: i.e. it send email via smtp protocol port 25.

 

I hope I was clear enough. If not don't hesitate to ask me more details !

 

Thanks by advance,

 

PL 

 

0 Helpful

marc.luescherFRE
Spotlight
Spotlight
In response to plb_ge

‎03-23-2020 02:46 PM

There are some options for you, but all of them are out of the box thinking:

 

a) On your original email server like Exchange or O365 insert an X-header for all outbound messages. Then verify the presence of this x-header on the Ironport and reject if not present otherwise deliver to outbound.

 

b) Create a dictionary with all your exported AD email addresses and create a message filter which validates every outbound message against this dictionary, assuming you have less than 2048 entries. You just need to define a good daily/weekly update process.

 

I hope that helps

 

-Marc

 

 

 

0 Helpful

plb_ge
Level 1
Level 1
In response to marc.luescherFRE

‎03-24-2020 10:51 PM

Thank you very much Marc for your idea !!!

 

option a) is a very good idea (I didn't think about) but if not applicable in our environment as we are not only receiving e-mail from our Exchange server but from many many other systems (like Unix boxes or scan to e-mail systems and so and so ...).

 

Generally Unix boxes are badly configured and From header are invalid (something like www-data@linuxsystem01.unige.ch or other bad things) ...

 

option b) doesn't apply as we have more than 35'000 mailboxes ...

 

I imagine the only option for me is to put all our e-mail address in a group and use a message filter rule and check e-mail validity using the rule mail-from-group. However I think this will have an impact on our ESA virtual appliances ???

 

Thanks,

 

PL

0 Helpful
Customers Also Viewed These Support Documents