Cisco Ironport LDAP group query for Lotus Domino

The Ironport Spam Filter ESA can query the IBM Domino LDAP to check if the email address is member of a lotus domino group

Goto the Ironport LDAP Server Profile

1. Query to scan for email addresses in group document

(&(objectclass=dominoGroup)(cn={g})(member=*{a}))

Queries are only possible for valid email addresse e.g. name@domain.com (query is case sensitive lower/upper case) and no support for partial addresses

Hint: With a newer Ironport OS (6.x or higher) the „Base DN“ get filled automaticly with the Hostname. The Base DN should be empty for „normal“ Lotus Domino Domains. In complex environments the Base DN can helpto reduce the results from the ldap query

Tip:
-The Domino Addressbook names.nsf should be full index for a better performance
– Lotus Domino and the Ironport are caching the ldap lookup result. To push quickly new infos to the ironport, flush the ironport ldap cache and restart the Lotus Domino ldap server task

Link: LDAP accept query

Add. Infos for Ldap Lookup http://www-01.ibm.com/support/docview.wss?rs=463&context=SSKTMJ&dc=DB520&dc=DB560&uid=swg21270777&loc=en_US&cs=UTF-8&lang=en&rss=ct463lotus

PS: If you don‘ want to use the LDAP accept feature you can use the Ironport SMTP Call Ahead function