Connecting the world…

TrendMicro IMSVA – reject unknown recipients via LDAP

With the configuration and implementation of an anti-virus, anti-spam solution, I always check if the security appliance has the option to block unknown recipients via LDAP. This prevents unnecessary e-mail from being sent to the backend servers.

While configuring a TrendMicro IMSVA 8.0 I noticed that the LDAP option was available, as shown below.

ldap-check

The option can be found under Administration – IMSVA Configuration – SMTP routing. I enabled the option and configured a LDAP connection to the backend database. I started testing the LDAP check via telnet and noticed that all secondary e-mail addresses were rejected by the security appliance.

I started looking at the specific LDAP records from an user with a LDAP browser, like Softerra LDAP Browser. I noticed that all secondary e-mail addresses are under the name ProxyAddresses and the primary e-mail address falls under the name mail.

I started searching the TrendMicro knowledge base but couldn’t find a solution. I found an article about the problem, which also provided the correct solution. To enable TrendMicro IMSVA to check secondary e-mail addresses you have to login to the appliance via a SSH session and change some settings within the PostgreSQL database. You need to execute the following commands:

[root@mail ~]# cd /opt/trend/imss/PostgreSQL/bin/
[root@mail bin]# ./psql -U sa -d imss
Welcome to psql 8.1.3, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit

imss=# update tb_global_setting set value=’proxyAddresses’ where name =’mail_attr’;

UPDATE 1
imss=# \q
[root@mail bin]#

Next I needed to reboot the server. After the reboot I did some more testing and this time all secondary e-mail addresses were accepted by the security appliance.

You can check your newly added entry in the PostgreSQL database with the following command:

imss=# select * from tb_global_setting where value=’proxyAddresses’;
section |   name    |     value      | inifile  | notes
———+———–+—————-+———-+——-
LDAP    | mail_attr | proxyAddresses | ldap.ini |
(1 row)

At the end I found the solution but I am very curious why this isn’t default behavior. I mean, I guess I am not the only one who is using secondary e-mail addresses?!?!

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

9 Responses to TrendMicro IMSVA – reject unknown recipients via LDAP

  • Ik ben toevalligerwijs op deze post terecht gekomen. Deze website staat vanaf nu bij m’n snelkoppelingen. Zo zie je maar dat lang googlen zich altijd uitbetaald…

  • Actually, this is basically a copy of IWSVA 8.0 Admin Guide, chapter 10.2.4 (this is the first method for using Active Directory), it also explains why and how.

    Did you say RTFM at some time?

  • Hi, this solutions works fine, great and thanks. You are right, why only the mail attribute??? so there is a new version IMSVA 8.2, this version should work without changes, that’s what they say :-). Now i still have the problem with the windows versions 7.1. Do you know if there is also a possibility to change this?

    Best regards ans thanks.

    Bertrand

  • Hi

    So it is the same table in MS SQL Server oder MS SQLExpress.
    Change the mail_attr from mail to proxyAddresses and restart the SMTP Service from Trendmicro.

    Bertrand

  • Hey Betrand,

    Thanks for the comment on the problem and the solution for MS SQL Server.

  • Regarding

    This change is not for the faint of heart but we implemented it and it worked fine in IMSS 7 years ago. Try it and see if it still works in IMSS 7.1. This allows IMSS to check all SMTP addresses rather than just the default. Hope this is helpful.

    Using Microsoft Exchange
    When Exchange is installed, it extends the existing Active Directory schema by adding a number of
    attributes for every user. One of these attributes, “ProxyAddresses”, is used to store multiple
    email addresses for a particular user. By default, IMSS does not analyze the email addresses stored
    there. To enable this check, an administrator must change the mail attribute to “ProxyAddresses”
    by updating the database:
    E:\…>osql.exe -U sa -P sa -d imss
    1> update tb_global_setting set value=’proxyAddresses’ where name=’mail_attr’
    2> go
    (1 row affected)
    1> quit

  • The above is in answer to the post from Bertrand
    November 7th, 2011 at 3:33 pm.

  • Thanks, just applied this to IMSVA 8.2 Service Pack 1 (build 1580) worked a treat thanks.
    No idea why secondary emails would not be included by default or even just a tickbox to enable in the admin console.

  • ״10012815ˮ

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.