Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3167
Views
5
Helpful
8
Replies

Recipient address resolution on the ESA

Go to solution
tsilveruits
Level 1
Level 1

‎03-17-2017 05:54 AM

Hi. I work in higher ed. We use the IronPort ESAs in combination with Linux servers running sendmail. We would like to reduce the complexity of our environment. To do that, we would need to have the IronPorts resolve an address like user@domain.edu to user@exchange.domain.edu, or should the user forward their campus email to Gmail, user@gmail.com. We use a locally-managed database to do this now and not all of this data is in our Active Directory environment. So, we send some emails to the Linux servers where sendmail will open the envelopes and query the virtual user table for the recipient's actual delivery addresses, routing the email to the appropriate destinations. Could the IronPorts take over this management somehow? Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎03-17-2017 06:46 AM

Hi,

Alias tables provide a mechanism to redirect messages to one or more recipients. You can construct a mapping table of aliases to usernames and other aliases in a similar fashion to the /etc/mail/aliases feature of a sendmail configuration on some Unix systems.

When the Envelope Recipient (also known as the Envelope To, or RCPT TO) of an email accepted by a listener matches an alias as defined in an alias table, the Envelope Recipient address of the email will be rewritten.

The "aliasconfig" command is used to construct an alias table.

Please review the end user guide below to understand working and usage of the aliasconfig.

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

Thank You!
Libin Varghese

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎03-17-2017 06:46 AM

Hi,

Alias tables provide a mechanism to redirect messages to one or more recipients. You can construct a mapping table of aliases to usernames and other aliases in a similar fashion to the /etc/mail/aliases feature of a sendmail configuration on some Unix systems.

When the Envelope Recipient (also known as the Envelope To, or RCPT TO) of an email accepted by a listener matches an alias as defined in an alias table, the Envelope Recipient address of the email will be rewritten.

The "aliasconfig" command is used to construct an alias table.

Please review the end user guide below to understand working and usage of the aliasconfig.

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf

Thank You!
Libin Varghese

0 Helpful

Go to solution
tsilveruits
Level 1
Level 1
In response to Libin Varghese

‎03-17-2017 08:09 AM

Thanks. Indeed, that works, but we have hundreds of thousands of active email aliases. Plus, they are constantly changing. We would have to be able to export the SQL database data regularly and import it into the ESA. The alias option in the ESA seems to use its own proprietary formatting.

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to tsilveruits

‎03-17-2017 08:14 AM

I do not see a way to control the formatting used by alias tables.

It does provide an option to export, edit and then import back to the appliance however, you would need to go by the available formatting.

The domain map feature is also something you can review.

- Libin V

0 Helpful

Go to solution
tsilveruits
Level 1
Level 1
In response to Libin Varghese

‎03-17-2017 08:37 AM

Thanks. I really appreciate the info. The domain table would be an option for some cases, and in smaller organizations, I can see it being useful. But it isn't quite what we would need. Per the User Guide, "You can configure up to 20,000 separate, unique domain mappings." We have a lot more than that.

0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎03-17-2017 08:24 AM

Before you get crazy with importing alias tables, tell me about your Exchange environment?

Is it one exchange organization (eg one LDAP), or multiple?

One AD forest? or multiple?

One email scheme (everyone  is person@exchange.school.edu)?

I feel like this could be solved with a routing query... You'll have to do something to deal with the forward it to gmail (maybe create contacts in Exchange)...

But all doable with an ldap query...

Go to solution
tsilveruits
Level 1
Level 1
In response to Ken Stieers

‎03-28-2017 01:45 PM

We allow a lot of flexibility with our addressing, which is why this is so challenging. Not all of the addresses live in ADS. We maintain a separate database, which is the source for the Unix MTA virtual user table file, which performs the address resolution (e.g., me@domain.edu --> me@exchange.domain.edu). Users can deliver the '@domain.edu' wherever they want. Student email is hosted off-site, but students still receive an address within our domain. And not all staff have an Exchange account. Also, users may have multiple top-level accounts (e.g., me@domain1.edu, me@domain2.edu, my_alias@domain2.edu). So, unless we put all of these addresses into ADS, I don't think we can use LDAP. We may get there, but we're a long way from that point. I do appreciate your interest.

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to tsilveruits

‎03-28-2017 02:01 PM

If the data is in a SQL table, you may be able to query it via LDAP using something like this:

http://www.clusterdb.com/mysql-cluster/accessing-the-same-data-through-ldap-and-sql

0 Helpful

Go to solution
tsilveruits
Level 1
Level 1
In response to Ken Stieers

‎03-29-2017 07:15 AM

Thanks. I will take a look.

0 Helpful
Customers Also Viewed These Support Documents