The Ironport Spam Filter ESA can query the IBM Domino LDAP to check if the email address is member of a lotus domino group
Goto the Ironport LDAP Server Profile
1. Query to scan for email addresses in group document
(&(objectclass=dominoGroup)(cn={g})(member=*{a}))
Queries are only possible for valid email addresse e.g. name@domain.com (query is case sensitive lower/upper case) and no support for partial addresses
Hint: With a newer Ironport OS (6.x or higher) the „Base DN“ get filled automaticly with the Hostname. The Base DN should be empty for „normal“ Lotus Domino Domains. In complex environments the Base DN can helpto reduce the results from the ldap query
Tip:
-The Domino Addressbook names.nsf should be full index for a better performance
– Lotus Domino and the Ironport are caching the ldap lookup result. To push quickly new infos to the ironport, flush the ironport ldap cache and restart the Lotus Domino ldap server task
Link: LDAP accept query
Add. Infos for Ldap Lookup http://www-01.ibm.com/support/docview.wss?rs=463&context=SSKTMJ&dc=DB520&dc=DB560&uid=swg21270777&loc=en_US&cs=UTF-8&lang=en&rss=ct463lotus
PS: If you don‘ want to use the LDAP accept feature you can use the Ironport SMTP Call Ahead function