Messaging Gateway

 View Only
  • 1.  LDAP and Brightmail 8.0.2-12

    Posted Sep 30, 2009 10:35 AM
    This is what we are seeing in ref to Brightmail and LDAP;

    This is from our IT Manager

    We were running ldap synchronization for a long time in order to take advantage of dropping invalid recipient emails. Synchronization would no longer grab full ldap meaning new users weren't synching so valid users were having their mail rejected because they weren't synched in.

    We tried using multiple ldap servers too and all resulted in the same



  • 2.  RE: LDAP and Brightmail 8.0.2-12

    Posted Sep 30, 2009 11:02 AM
    I would suggest that you give a call to support. This would be considered of high severity because of the lack of mail flow to your users.

    LDAP issues can also be a little difficult to attempt to troubleshoot over a forum. 


  • 3.  RE: LDAP and Brightmail 8.0.2-12

    Posted Sep 30, 2009 11:56 AM
    What is a good direct number to get them at?  I am new to this and they just really threw me into this.  Also, I am still getting spam coming in even after setting the bar to about 45%.  An I still get people that mark items as GOOD SENDERS and they still keep getting caught.

    HELP!


  • 4.  RE: LDAP and Brightmail 8.0.2-12



  • 5.  RE: LDAP and Brightmail 8.0.2-12

    Posted Oct 01, 2009 06:38 AM
    Hi Sacosta,

    did you consider using Recipient Validation with rejection instead?  That way you don't need to synchronize the LDAP data to SBG,  would allow you to reject messages at connection time and make better use of SBG resources.
    The following KB article explains how to enable that in SBG version 8:
    service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009050414323754
    For further information on the topic you can have a look at the administrators guide as well

    Any particulr reason to use drop instead of reject?

    Regards,

    Federico


  • 6.  RE: LDAP and Brightmail 8.0.2-12

    Posted Oct 13, 2009 11:25 PM
    @fferaboli: RE: "Any particulr reason to use drop instead of reject?"

    Could you please enlighten me a bit further or just correct me if I'm wrong. The way I understand this, rejecting invalid recipients would send back an invalid recipient email to the sender and this would allow for some DHA assuming that the percentage of non existent recipients is below the threshold.

    And regarding the spam quarantine and the email logs. With this settings we can still see addresses if it came from our domain since the to and from address is contained within the email data being transmitted.


  • 7.  RE: LDAP and Brightmail 8.0.2-12

    Posted Oct 15, 2009 10:59 PM
    If you drop, legitimate senders will never know why your Sales department didn't get backto them on the $1M RFP.

    Since Reject happens while the remote MTA is still connected to your box, it needs to deal with the rejection. It doe NOT send back an E-MAIL.
    You won't be generating backscatter spam, and you will be letting people who can type know that they messed up.

    > connect
    220 <your host> ESMTP xxxxx
    > hello my.domain
    250 Hi there
    > mail from: me@my.domain
    250 Mail from accepted
    > rcpt to: not.there@your.host
    554 Recipient Address Rejected: <custom message text>
    >DATA  (to start the message body)
    503 5.5.1 DATA without RCPT TO

    So the sending system can't send the message body until at least ONE valid recipient is supplied.  It's supposed to INTERNALLY generate a bounce back to the envelope sender with the "554 Recipient Address Rejected: <your custom message text>.  This happens on the sending MTA's system.

    Also, once you enabled Invalid Recipient rejection, you can also tune up Directory Harvest controls.