McAfee Email Gateway and Domino

intel_securityWe are recently reviewing the McAfee Email Gateway (MEG) appliance against our existing Barracuda Email Gateway appliance.   One of the tasks was to put in Recipient Validation.  You know…. where we make sure the email is valid before allowing it through.  Otherwise, why have your email servers to do all that processing for a mail address that doesn’t exist?

The LDAP query built into MEG is ok.  Very basic.  It just checks for the primary address of a Person class.  The problem is, it does not check for:

  • Email Aliases applied to a Person document
  • Group/Distribution email addresses
  • Mailin Database email addresses

In order to fix this, I had to do two things.  First, many of the mailin databases are not assigned to an organization (O=org).  This was strange to me, and I need to find out why.  So, I had to remove the BaseDN search filter.  Not a horrible thing, but can make your LDAP query sub-optimal.  Next, I had to create a more extensive query:

(&(|(Objectclass=dominoPerson)(Objectclass=dominoGroup)(Objectclass=dominoServerMailInDatabase))(|(mail=%email%)(uid=%email%)(mailaddress=%email%)(cn=%email%)))

Basically, this is placing a logical AND between two filters:

  • Filter 1
    • Objectclass = dominoPerson (OR)
    • Objectclass = dominoGroup (OR)
    • Objectclass – dominoServerMailInDatabase
  • Filter 2 (AND)
    • mail = {{email_addr}} (OR)
    • uid = {{email_addr}} (OR)
    • mailaddress = {{email_addr}} (OR)
    • cn = {{email_addr}}

I hope this helps someone else out, and saves them 2 hours of troubleshooting and LDAP writing.

 

Share This Page : Share on TwitterShare on FacebookShare on GooglePlusShare on PinterestShare on Linkedin
  • Brian Kirk

    Aaron!!! You Rock!!! Now I need one more thing maybe you can help or not I don’t know where else to go. No one else users domino :) I would like to create a blacklist sender group in domino and if that user is in that group block emails for them. Any help would be great so far I have this but I need to put a variable in for the group name since MEG doesn’t like a explicit space:

    (&(objectClass=dominoGroup)(CN=My Blacklist))