386

Gateway LDAP Address Verification to Exchange

Gateway LDAP Address Verification to Exchange

MDaemon is widely deployed as an antispam/antivirus gateway to Exchange. To ensure that only mail for valid Exchange users is accepted by MDaemon, it is possible to configure MDaemon to perform a LDAP query of the Active Directory to test the validity of recipient email addresses.

If the LDAP query reports that the incoming email address is valid, then the message is processed by MDaemon and delivered to Exchange.

If the LDAP query reports that the incoming email address does not exist in the Active Directory, MDaemon returns a '550 <e-mail address>, Recipient unknown' error and the SMTP session is immediately terminated.

This article will outline the steps required to configure a MDaemon gateway to query an Active Directory.


Configuring the MDaemon gateway

From the main MDaemon window, click on the Gateways menu and select Edit Gateway. Double-click on the Gateway that you want to set up address verification for, then click the verification tab.

Complete the fields on the verification tab as follows:

Host name or IP: enter the IP address (or FQDN) of the server that holds the Active Directory (in most instances, this will be the Exchange server)

Port: enter 389 (unless the Active Directory Service is running on a different port)

Password: for the LDAP query to be successful, you need to supply the credentials of an account that has Administrator level access to the Active Directory. You will be entering the account name further down in the Bind DN section. Enter the password for this account here in the Bind Password field.

Base Entry DN: These entries are constructed using the Active Directory domain name, and information about which Organizational Unit the accounts are stored in within the Active Directory. Please see the examples section below for more information on how to complete these fields.

Search Filter: enter '(&(objectclass=*)(|(mail=$EMAIL$)(mail=SMTP:$EMAIL$)(proxyAddresses=SMTP:$EMAIL$)))'
(without the quotes)

Test the LDAP Connection

Once you have filled in all of the fields on the LDAP tab, you can test the connection by clicking the Test button.

If the information has been entered correctly, a confirmation dialog will appear. If not, an error will appear.

Additional Comments

If the Active Directory domain has more than one extension, add a dc=<extension> for each extra extenion in the Base Entry DN.  For example, if the domain name as appears in the Active Directory is abctools.co.uk, then the domain portion of the Base Entry DNs would be: dc=abctools, dc=co, dc=uk.