Scope:
Email Security Gateway models 300 and above using Microsoft Exchange's Active Directory for recipient verification.
Answer:
When configuring the Barracuda's LDAP verification to work with Active Directory, the common syntax is:
- Bind DN: username (the Bind DN usually does not use a fully-qualified domain name with Microsoft Exchange 2000) or username@domain.com (the Bind DN usually must use a fully-qualified domain name with Microsoft Exchange 2003 and 2007)
- LDAP Filter: The default filter listed in the Barracuda:
( (proxyaddresses=smtp:${recipient_email})
(mail=${recipient_email})
(userPrincipalName=${recipient_email})) - LDAP Search Base: ${defaultNamingContext}
- LDAP UID: sAMAccountName
- LDAP Primary Email Attribute: mail
Additional Notes:
Microsoft Exchange 2007 has a security feature that may prevent the Email Security Gateway from properly verifying recipients, even when the configuration on the Email Security Gateway is correct and tests successfully. This feature is enabled by default and may need to be disabled; you may need to allow anonymous connections on the Exchange server to allow the Email Security Gateway to perform Active Directory checks on incoming email recipient addresses. To do this, run the following command on your Exchange server:
Set-ReceiveConnector -Identity "Default <ServerName>" -PermissionGroups "AnonymousUsers"
Where <ServerName> is the name of your Microsoft Exchange 2007 server.
Link to This Page:
https://campus.barracuda.com/solution/50160000000GmK2AAK