Anti-virus / Anti-SPAM, Configuration Example, Proxy
TrendMicro IMSVA – reject unknown recipients via LDAP
With the configuration and implementation of an anti-virus, anti-spam solution, I always check if the security appliance has the option to block unknown recipients via LDAP. This prevents unnecessary e-mail from being sent to the backend servers.
While configuring a TrendMicro IMSVA 8.0 I noticed that the LDAP option was available, as shown below.
The option can be found under Administration – IMSVA Configuration – SMTP routing. I enabled the option and configured a LDAP connection to the backend database. I started testing the LDAP check via telnet and noticed that all secondary e-mail addresses were rejected by the security appliance.
I started looking at the specific LDAP records from an user with a LDAP browser, like Softerra LDAP Browser. I noticed that all secondary e-mail addresses are under the name ProxyAddresses and the primary e-mail address falls under the name mail.
I started searching the TrendMicro knowledge base but couldn’t find a solution. I found an article about the problem, which also provided the correct solution. To enable TrendMicro IMSVA to check secondary e-mail addresses you have to login to the appliance via a SSH session and change some settings within the PostgreSQL database. You need to execute the following commands:
[root@mail ~]# cd /opt/trend/imss/PostgreSQL/bin/
[root@mail bin]# ./psql -U sa -d imss
Welcome to psql 8.1.3, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
imss=# update tb_global_setting set value=’proxyAddresses’ where name =’mail_attr’;
Next I needed to reboot the server. After the reboot I did some more testing and this time all secondary e-mail addresses were accepted by the security appliance.
You can check your newly added entry in the PostgreSQL database with the following command:
imss=# select * from tb_global_setting where value=’proxyAddresses’;
section | name | value | inifile | notes
LDAP | mail_attr | proxyAddresses | ldap.ini |
At the end I found the solution but I am very curious why this isn’t default behavior. I mean, I guess I am not the only one who is using secondary e-mail addresses?!?!
Latest posts by René Jorissen (see all)
- MacOS Big Sur and SSLKEYFILELOG - November 23, 2021
- ClearPass, Azure AD, SSO and Object ID - August 12, 2021
- ClearPass – custom MPSK - July 20, 2021
Ik ben toevalligerwijs op deze post terecht gekomen. Deze website staat vanaf nu bij m’n snelkoppelingen. Zo zie je maar dat lang googlen zich altijd uitbetaald…
Actually, this is basically a copy of IWSVA 8.0 Admin Guide, chapter 10.2.4 (this is the first method for using Active Directory), it also explains why and how.
Did you say RTFM at some time?
Hi, this solutions works fine, great and thanks. You are right, why only the mail attribute??? so there is a new version IMSVA 8.2, this version should work without changes, that’s what they say :-). Now i still have the problem with the windows versions 7.1. Do you know if there is also a possibility to change this?
Best regards ans thanks.
So it is the same table in MS SQL Server oder MS SQLExpress.
Change the mail_attr from mail to proxyAddresses and restart the SMTP Service from Trendmicro.
Thanks for the comment on the problem and the solution for MS SQL Server.
This change is not for the faint of heart but we implemented it and it worked fine in IMSS 7 years ago. Try it and see if it still works in IMSS 7.1. This allows IMSS to check all SMTP addresses rather than just the default. Hope this is helpful.
Using Microsoft Exchange
When Exchange is installed, it extends the existing Active Directory schema by adding a number of
attributes for every user. One of these attributes, “ProxyAddresses”, is used to store multiple
email addresses for a particular user. By default, IMSS does not analyze the email addresses stored
there. To enable this check, an administrator must change the mail attribute to “ProxyAddresses”
by updating the database:
E:\…>osql.exe -U sa -P sa -d imss
1> update tb_global_setting set value=’proxyAddresses’ where name=’mail_attr’
(1 row affected)
The above is in answer to the post from Bertrand
November 7th, 2011 at 3:33 pm.
Thanks, just applied this to IMSVA 8.2 Service Pack 1 (build 1580) worked a treat thanks.
No idea why secondary emails would not be included by default or even just a tickbox to enable in the admin console.