Connecting the world…

trendmicro

TrendMicro IMSVA – reject unknown recipients via LDAP

With the configuration and implementation of an anti-virus, anti-spam solution, I always check if the security appliance has the option to block unknown recipients via LDAP. This prevents unnecessary e-mail from being sent to the backend servers.

While configuring a TrendMicro IMSVA 8.0 I noticed that the LDAP option was available, as shown below.

ldap-check

The option can be found under Administration – IMSVA Configuration – SMTP routing. I enabled the option and configured a LDAP connection to the backend database. I started testing the LDAP check via telnet and noticed that all secondary e-mail addresses were rejected by the security appliance.

I started looking at the specific LDAP records from an user with a LDAP browser, like Softerra LDAP Browser. I noticed that all secondary e-mail addresses are under the name ProxyAddresses and the primary e-mail address falls under the name mail.

I started searching the TrendMicro knowledge base but couldn’t find a solution. I found an article about the problem, which also provided the correct solution. To enable TrendMicro IMSVA to check secondary e-mail addresses you have to login to the appliance via a SSH session and change some settings within the PostgreSQL database. You need to execute the following commands:

[root@mail ~]# cd /opt/trend/imss/PostgreSQL/bin/
[root@mail bin]# ./psql -U sa -d imss
Welcome to psql 8.1.3, the PostgreSQL interactive terminal.

Type:  \copyright for distribution terms
\h for help with SQL commands
\? for help with psql commands
\g or terminate with semicolon to execute query
\q to quit

imss=# update tb_global_setting set value=’proxyAddresses’ where name =’mail_attr’;

UPDATE 1
imss=# \q
[root@mail bin]#

Next I needed to reboot the server. After the reboot I did some more testing and this time all secondary e-mail addresses were accepted by the security appliance.

You can check your newly added entry in the PostgreSQL database with the following command:

imss=# select * from tb_global_setting where value=’proxyAddresses’;
section |   name    |     value      | inifile  | notes
———+———–+—————-+———-+——-
LDAP    | mail_attr | proxyAddresses | ldap.ini |
(1 row)

At the end I found the solution but I am very curious why this isn’t default behavior. I mean, I guess I am not the only one who is using secondary e-mail addresses?!?!