Showing results for 
Search instead for 
Did you mean: 
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in:
Encryption Bug Search
Encryption Plug-in:
Cloud Mailbox Notification Service
Outlook Add-in(s): More info


Message Splintering and rcpt-to-group

Hi folks,


I have a bit of an implementation issue I'm trying to work through.


I need to be able to evaluate individual envelope recipients against different LDAP groups on incoming messages to ensure that those who are in the right group are able to receive the mails. right now rcpt-to-group seems to be doing an "ANY" match,so as long as at least once recipient is on the LDAP group result as a match, every recipient gets a copy of the message.


Now mail policies are well and good if it's just one individual LDAP Group, but i have 6 different groups that any user can be a combination of and that's 6 potential combinations of permissions for recipients as a result. Creating a Mail policy for each combination is cumbersome, let alone resource hungry considering the number of LDAP queries around. but i need to be able to individually evaluate each recipients LDAP privileges and block if appropriate.


When i use a content filter, (which supposedly works after splintering), the messages are the same MID until delivery because they land on the mail policy.


I have tried flipping the logic and having a "if any recipient is NOT in the LDAP group, quarantine for all recipients" by trying an if (rcpt-to-group != ) and not (if rcpt-to-group==) but neither of them worked.


I really need to find a way to create an efficient implementation of this without resorting to 36+ mail policies, does anyone have any suggestions? Being able to force a splinter for all messages inside a MID would be perfect if i could ensure all content filters would evaluate, i'm find with eating additional processing resources to achieve that, but it appears that there's no way to accomplish this. Even starting a BCC and dropping the original MID at the start of the content filter chain creates one new MID for all recipients until delivery.

Recognize Your Peers
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (37%)

Content for Community-Ad