(|(mail={a})(uid={a})(mailaddress={a})(cn={a}))
2. Example: The Allowance Query String can be used for Mail Relay SMTP Authentication Profile
more Infos about the cisco ironport Mail ESA Box config:
https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/esa_user_guide_11-1/b_ESA_Admin_Guide_ces_11_1.html
Posted in internet, Mail, security Tagged with: cisco, ironport, malware
The Ironport Spam Filter ESA can query the IBM Domino LDAP to check if the email address is member of a lotus domino group
Goto the Ironport LDAP Server Profile
1. Query to scan for email addresses in group document
(&(objectclass=dominoGroup)(cn={g})(member=*{a}))
Queries are only possible for valid email addresse e.g. name@domain.com (query is case sensitive lower/upper case) and no support for partial addresses
Hint: With a newer Ironport OS (6.x or higher) the „Base DN“ get filled automaticly with the Hostname. The Base DN should be empty for „normal“ Lotus Domino Domains. In complex environments the Base DN can helpto reduce the results from the ldap query
Tip:
-The Domino Addressbook names.nsf should be full index for a better performance
– Lotus Domino and the Ironport are caching the ldap lookup result. To push quickly new infos to the ironport, flush the ironport ldap cache and restart the Lotus Domino ldap server task
Link: LDAP accept query
Add. Infos for Ldap Lookup http://www-01.ibm.com/support/docview.wss?rs=463&context=SSKTMJ&dc=DB520&dc=DB560&uid=swg21270777&loc=en_US&cs=UTF-8&lang=en&rss=ct463lotus
PS: If you don‘ want to use the LDAP accept feature you can use the Ironport SMTP Call Ahead function
Posted in domino, internet, server Tagged with: cisco, ironport, ldap, spam
Create a Lotus Domino Groups like: „ironport.mail-smtp-relay.lookup1“ for later use create also „ironport.mail-smtp-relay.lookup2“ … (Lotus Notes Text field limit!)
Settings Ironport LDAP Server Profile:
Example: Allowance Query String
(&(objectclass=dominoGroup)(cn=ironport.mail-smtp-relay.lookup*)(member=*{a}))
Posted in domino, internet Tagged with: cisco, ironport, ldap, spam