Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
5
Helpful
1
Replies

Message Splintering and rcpt-to-group

MatthewWilliams4257
Level 1
Level 1

‎10-15-2021 02:33 AM - edited ‎10-15-2021 02:34 AM

Hi folks,

 

I have a bit of an implementation issue I'm trying to work through.

 

I need to be able to evaluate individual envelope recipients against different LDAP groups on incoming messages to ensure that those who are in the right group are able to receive the mails. right now rcpt-to-group seems to be doing an "ANY" match,so as long as at least once recipient is on the LDAP group result as a match, every recipient gets a copy of the message.

 

Now mail policies are well and good if it's just one individual LDAP Group, but i have 6 different groups that any user can be a combination of and that's 6 potential combinations of permissions for recipients as a result. Creating a Mail policy for each combination is cumbersome, let alone resource hungry considering the number of LDAP queries around. but i need to be able to individually evaluate each recipients LDAP privileges and block if appropriate.

 

When i use a content filter, (which supposedly works after splintering), the messages are the same MID until delivery because they land on the mail policy.

 

I have tried flipping the logic and having a "if any recipient is NOT in the LDAP group, quarantine for all recipients" by trying an if (rcpt-to-group != ) and not (if rcpt-to-group==) but neither of them worked.

 

I really need to find a way to create an efficient implementation of this without resorting to 36+ mail policies, does anyone have any suggestions? Being able to force a splinter for all messages inside a MID would be perfect if i could ensure all content filters would evaluate, i'm find with eating additional processing resources to achieve that, but it appears that there's no way to accomplish this. Even starting a BCC and dropping the original MID at the start of the content filter chain creates one new MID for all recipients until delivery.

Labels:
1 Reply 1

Libin Varghese
Cisco Employee
Cisco Employee

‎12-08-2021 09:28 PM

Message splintering would only happen at mail policy matching different for different recipients.

If mail policy A has LDAP group A, mail policy B has LDAP group B an email with recipients A and B will be splintered to go through policies A and B.

 

Filters currently cannot splinter emails.

 

Regards,

Libin

0 Helpful
Customers Also Viewed These Support Documents