With the configuration and implementation of an anti-virus, anti-spam solution, I always check if the security appliance has the option to block unknown recipients via LDAP. This prevents unnecessary e-mail from being sent to the backend servers.
While configuring a TrendMicro IMSVA 8.0 I noticed that the LDAP option was available, as shown below.
The option can be found under Administration – IMSVA Configuration – SMTP routing. I enabled the option and configured a LDAP connection to the backend database. I started testing the LDAP check via telnet and noticed that all secondary e-mail addresses were rejected by the security appliance.
I started looking at the specific LDAP records from an user with a LDAP browser, like Softerra LDAP Browser. I noticed that all secondary e-mail addresses are under the name ProxyAddresses and the primary e-mail address falls under the name mail.
I started searching the TrendMicro knowledge base but couldn’t find a solution. I found an article about the problem, which also provided the correct solution. To enable TrendMicro IMSVA to check secondary e-mail addresses you have to login to the appliance via a SSH session and change some settings within the PostgreSQL database. You need to execute the following commands:
[root@mail ~]# cd /opt/trend/imss/PostgreSQL/bin/
[root@mail bin]# ./psql -U sa -d imss
Welcome to psql 8.1.3, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit
imss=# update tb_global_setting set value=’proxyAddresses’ where name =’mail_attr’;
Next I needed to reboot the server. After the reboot I did some more testing and this time all secondary e-mail addresses were accepted by the security appliance.
You can check your newly added entry in the PostgreSQL database with the following command:
imss=# select * from tb_global_setting where value=’proxyAddresses’;
section | name | value | inifile | notes
LDAP | mail_attr | proxyAddresses | ldap.ini |
At the end I found the solution but I am very curious why this isn’t default behavior. I mean, I guess I am not the only one who is using secondary e-mail addresses?!?!