We are recently reviewing the McAfee Email Gateway (MEG) appliance against our existing Barracuda Email Gateway appliance. One of the tasks was to put in Recipient Validation. You know…. where we make sure the email is valid before allowing it through. Otherwise, why have your email servers to do all that processing for a mail address that doesn’t exist?
The LDAP query built into MEG is ok. Very basic. It just checks for the primary address of a Person class. The problem is, it does not check for:
- Email Aliases applied to a Person document
- Group/Distribution email addresses
- Mailin Database email addresses
In order to fix this, I had to do two things. First, many of the mailin databases are not assigned to an organization (O=org). This was strange to me, and I need to find out why. So, I had to remove the BaseDN search filter. Not a horrible thing, but can make your LDAP query sub-optimal. Next, I had to create a more extensive query:
(&(|(Objectclass=dominoPerson)(Objectclass=dominoGroup)(Objectclass=dominoServerMailInDatabase))(|(mail=%email%)(uid=%email%)(mailaddress=%email%)(cn=%email%)))
Basically, this is placing a logical AND between two filters:
- Filter 1
- Objectclass = dominoPerson (OR)
- Objectclass = dominoGroup (OR)
- Objectclass – dominoServerMailInDatabase
- Filter 2 (AND)
- mail = {{email_addr}} (OR)
- uid = {{email_addr}} (OR)
- mailaddress = {{email_addr}} (OR)
- cn = {{email_addr}}
I hope this helps someone else out, and saves them 2 hours of troubleshooting and LDAP writing.
