LDAP and IRONmail

hcl-bot · April 16, 2008, 9:53am

We currently use Ironmail as our spam filter. The Ironmail can query Domino LDAP to verify that the addresse of the mail is valid. We setup LDAP on Dominio and the Ironmail communicates fine and verifies addresses, as long as they do not include the Domino Domain in the return address.

For example some valid email comes from the Internet addressed as aaa_bbb/ccc@ddd.com (where a and b are user name, c= Notes Domain and d-Internet Domain).

Through testing I have discovered that if the Domain field on the Basics tab of the person document is blank this does not occur.

My solution is to blank out the field in all person documents so the /cccc will not be part of the reply address to an Internet addressee. Is there another way to accomplish this?

hcl-bot · April 16, 2008, 1:26pm

Subject: LDAP and IRONmail

I appreciate your thread guys. We also use Ironmail with Domino. Always desired to filter spam based on LDP lookups. Any chance someonce could provide me with some step by step directions for both Domino and Iron to enable that successfully? personal email is akhellwig at gmail.com for forwarding any screenshots etc. We are running Domino on a AS/400. Getting LDAP to run under the right Domino instance may be another challenge as that was set up before my time.

Thanks in advance.

Andrew

hcl-bot · April 16, 2008, 7:01pm

Subject: RE: LDAP and IRONmail

Hi Andrew,I just send you an email with the configuration I have at my company. Enjoy

Adalton

hcl-bot · April 16, 2008, 11:15am

Subject: LDAP and IRONmail

Hi Doug,We also have IronMail from Secure Computing for the past 3 years and it works great.

The secret here is the “match” on the Search Filter of the LDAP Rule of the IronMail and the Configurations setting document * on the Domino Directory.

On my Iron Mail I have the following on the LDAP rule (Intrusion Defender => LDAP Configuration => LDAP Rules => Real Time ID rule => Query Browser)

Search Filter:

(|(mail=<$EMAIL$>)(cn=<$EMAIL$>)(uid=<$EMAIL$>))

On the Domino Directory (Configurations View => Configuration Settings : * - All Servers document => LDAP Tab => Anonymous Users can Query) I have various fields mapped, but the one referenced by IronMail are:

Mail = InternetAddress

cn = cn

uid = shortname

Note that I am allowing using anonymous query.

So, what is happening here is that my IronMail validates emails against the InternetAddress or cn or uid field on the person document. In your case, if the internet address is located on the InternetAddress you do not need to have those on the search field of the IronMail. On my case sometimes the user have like two or more email addresses (example: joe@mycompany.com and joe@mycompany2.com) so we use the cn and shortname to add those other alias.

After you change the map on your Domino Directory I believe you have to restart LDAP to rebuild the schema of your LDAP that might take some time.

I found a good freebie tool to see what the LDAP is returning. You can download it for free on http://www.ldapbrowser.com. Basically is a LDAP browser, you will use it to connect to your LDAP server and see what a search is returning.

I hope this helps.