LDAP and Brightmail 8.0.2-12
Updated: 21 May 2010 | 6 comments
This is what we are seeing in ref to Brightmail and LDAP;
This is from our IT Manager
We were running ldap synchronization for a long time in order to take advantage of dropping invalid recipient emails. Synchronization would no longer grab full ldap meaning new users weren't synching so valid users were having their mail rejected because they weren't synched in.
We tried using multiple ldap servers too and all resulted in the same
Discussion Filed Under:
Comments
Hello,
I would suggest that you give a call to support. This would be considered of high severity because of the lack of mail flow to your users.
LDAP issues can also be a little difficult to attempt to troubleshoot over a forum.
What is a good direct number
What is a good direct number to get them at? I am new to this and they just really threw me into this. Also, I am still getting spam coming in even after setting the bar to about 45%. An I still get people that mark items as GOOD SENDERS and they still keep getting caught.
HELP!
Hello,
Here you go,
http://www.symantec.com/business/support/contact_techsupp_static.jsp
Hi Sacosta, did you consider
Hi Sacosta,
did you consider using Recipient Validation with rejection instead? That way you don't need to synchronize the LDAP data to SBG, would allow you to reject messages at connection time and make better use of SBG resources.
The following KB article explains how to enable that in SBG version 8:
service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009050414323754
For further information on the topic you can have a look at the administrators guide as well
Any particulr reason to use drop instead of reject?
Regards,
Federico
2c
@fferaboli: RE: "Any particulr reason to use drop instead of reject?"
Could you please enlighten me a bit further or just correct me if I'm wrong. The way I understand this, rejecting invalid recipients would send back an invalid recipient email to the sender and this would allow for some DHA assuming that the percentage of non existent recipients is below the threshold.
And regarding the spam quarantine and the email logs. With this settings we can still see addresses if it came from our domain since the to and from address is contained within the email data being transmitted.
“Your most unhappy customers are your greatest source of learning.”
You want to reject.
If you drop, legitimate senders will never know why your Sales department didn't get backto them on the $1M RFP.
Since Reject happens while the remote MTA is still connected to your box, it needs to deal with the rejection. It doe NOT send back an E-MAIL.
You won't be generating backscatter spam, and you will be letting people who can type know that they messed up.
> connect
220 <your host> ESMTP xxxxx
> hello my.domain
250 Hi there
> mail from: me@my.domain
250 Mail from accepted
> rcpt to: not.there@your.host
554 Recipient Address Rejected: <custom message text>
>DATA (to start the message body)
503 5.5.1 DATA without RCPT TO
So the sending system can't send the message body until at least ONE valid recipient is supplied. It's supposed to INTERNALLY generate a bounce back to the envelope sender with the "554 Recipient Address Rejected: <your custom message text>. This happens on the sending MTA's system.
Also, once you enabled Invalid Recipient rejection, you can also tune up Directory Harvest controls.
Would you like to reply?
Login or Register to post your comment.