Messaging Gateway

Hi all,

This is my first post here and I am dealing with what I think is a simple configuration issue.

I have come into a company that had a single forest, single domain setup with Exchange server 2007 and a Symantec Brightmail Gateway 8300 appliance.

I have had to create a new tree and domain in the current forest and have installed exchange 2007 in the new domain tree.

I have migrated all Exchange users to the exchange server in the new domain (but not in Active Directory yet).

When I create a new AD user in the new domain, this user can send emails but cannot receive them.

Every external email is dropped with the "drop invalid recipient" filter.

I believe that the LDAP syncronization is not sync´ing the changes in the new domain and hence the new user isn´t being validated due to no record existing for it on the scanner.

All I have done at the moment is:

1) added the DNS Server IP address of the new domain in the Hosts Configuration >> DNS/Time >> "use the following dns servers"

2) added the new domain name in the Edit LDAP Server >> "Windows Domain Names"

Can anyone tell me how I would need to configure the appliance/scanner/LDAP to be aware (and dynamically update) changes to both domains?

Brightmail version:     7.7.0-14

Exchange version:     2007 sp1 rollup5

AD version:              2003

In short, can anyone tell me step by step (or with an article) how to configure an LDAP server for multiple domain trees?

Any help or clues is much appreciated.

Mark

Hello,

So you should be able to set up the new domain in the same way you set up your last one. You can have multiple Synchronization sources listed and they will work fine. This would be under the "LDAP servers" section of the interface. In fact, in many cases this is suggested because it splits up the users into more manageable groups.

If the new domain is under a different tree and not under the previously listed domain we wouldn't pick it up because we begin with the "Query start" and work our way down from there.

If you need more information you can find out how to set these up in either the help file or the administration guide. But you should be able to use your last source and change the Windows Domain Names and set it as just a Sync source.

Hope this helps, If not feel free to ask more questions. Also if you need links to the documentation let me know. I think they might be on one of the sticky posts on this forum though...

Thanks!

Tom

Hi Tom,

Thanks for the reply.

I suspected it was something like that so I tried to add a new LDAP server but I got an "cannot add server bcause an authentication source already exists" error.

I need the links you mentioned if that is ok so I can enter the new ldap server, sorry to be a pain.

Thanks so much for the reply again,

Cheers

Tom,

Please can you explain how I can edit my current source to create a new ldap server?

My current ldap server is set for both Authentication and Synchronisation.

Many thanks

Hey Tom,

I fixed it and it is working now.

Thanks for your advice.

I created a new ldap server but did not select it to use authentication ONLY synchronisation and recipient validation.

I forced a full sync and now I can receive emails to the new domain´s users.

Thanks again

Mark

Sorry I didn't get back to you Mark. Yes, the program will only allow you to have a single Authentication source, but you can have multiple Synchronization sources.

Thanks for the update!

Tom