LDAP accept query (space within email) got pass

Version: 5.1.2-005
ldap accept query is very effective here and have been using since day-1.
Recently, we discover some backend mta log that rejecting invalid address.
We haven't change ironport or the backend ldap software for a while. So it is not something that due to recent change.
Here is a funny finding, note the space.
> ldaptest
Select which LDAP query to test:
1. MXLDAP.accept
2. MXLDAP.smtpauth
3. VDELDAP.accept
4. group
[1]> 1
Address to use in query:
[]> sys [email protected]
LDAP query test results:
Query: MXLDAP.accept
Address: sys [email protected]
Action: pass
LDAP query test finished.
I run a ldapsearch on the backend LDAP server and the ldapsearch does not return the 'sys [email protected]' as valid LDAP entry. So it seems it is not related to LDAP.
This is our ldap accept query
(&(|(mail={a})(mailalternateaddress={a}))(mailboxstatus=A)
Our ldap backend is Openwave MX LDAP directory.
We do considering upgrading to 5.5 version but it was not due to this problem. but rather than try to keep our version reasonably up-to-date.

In the latest version it is also accepting addresses that contain spaces. However, the exact behavior depends on how address parsing is configured on your listener.
If it is set to "loose parsing", it accepts but actually delivers the message to .
When using "strict parsing", it doesn't alter the recipient address and the message gets delivered to .
In the LDAP accept query however, it seems to ignore that setting. It always strips spaces from the address before it sends the query (you can see this in ldap debug).
I don't know whether all this is by design or not. Especially the ldapaccept part looks more like a bug to me, i'd expect it to check the address its going to use to deliver the mail. Its probably best to create a support request for this.

Similar Messages

  • LDAP Acceptance Query

    Hello everybody,
    I would like to know if it's possible to enable a "LDAP Acceptance query" only for one domain protected by Ironport?
    I explain myself:
    Our Ironport is used by 3 companies. One company has an exchange server and so LDAP is possible - and it works well. But (badly but) the others has another product as mail server which does not support LDAP query.
    So I would like to enable LDAP acceptance query for the first company and nothing fir the 2 others.
    Last, I would like to enable LDAP authentication for Spam Quarantine if possible.
    Regards,
    GALLEZ Antony

    Hi there, Bypass LDAP Accept is the easiest way, but a way to give you more control would be to create a seperate MX record for each company.
    On the IronPort have an individual listener for each company, that way you can have multiple routing, accept and group queries for each company.
    But as you have already found the Bypass LDAP in the RAT is the easiest option :lol:
    Different MX Records means that we need different public IP adresses and we only have one. So, I'll use the "Bypass LDAP Accept" option.
    BTW, thanks for your response, I haven't thought at different MX Record...

  • LDAP Accept query for "catch all" domains

    I'm far from an LDAP expert so I'm posting this both as a "look what I did!" and an "is there a better way?"
    The query feels fairly typical until the end where I look for "absolute-catchall@[the domain]". Effectively this accepts "anything"@"domain." Is this what you do? Is there a better way? Is this already in the manual somewhere :)
    (|(|(gecos={u})(|(mail={a})(mail={u})))(mail=absolute-catchall@{d}))

    I don't think these kind of tricks are in the handbook, but you're not the only one using something like this. A similar query was posted here: http://www.ironportnation.com/forums/viewtopic.php?p=718#718
    I'm using this to skip recipient checking for domains where i'm only acting as backup MX and can't verify the addresses.

  • LDAP Routing Query

    Hi,
    we have the following scenario:
    There is just one single mail domain.
    500 Mailboxes are on an Microsoft Exchange server with Active Directory, 500 Mailboxes are on a different server hosting POP3 Mailboxes.
    Obviously I cannot use a LDAP Accept Query, as the AD doesn't have any knowledge about the POP3 mailboxes. The question is, can I still use LDAP for mailrouting, even if some account are not in the AD?

    Well.... there are more LDAP directories that MS-Active Directory.
    If I understand you right your main problem is how to route 50% of your recipient addresses to Exchange and 50% of them to the POP3 system. If you could, it would be nice to have a message accept policy that is LDAP driven.
    I suggest you try to install a dedicated LDAP server for your Ironport(s). That LDAP server should be updated daily with the details from your AD and an export from the POP3 system. On the LINUX platform there are several options (OpenLDAP, Apache Directory, Fedora 389, etc).
    If you make sure your import scripts also provisions the mail addresses of all users and (at least) an attribute like "mailHost" (your Exchange based 50% of your recipients would have a static value of "your.exchange.server" (=hostname of your Exchange bridgehead) as value, the other 50% would have "your.pop3.server" (=hostname of your POP3 server) as value.
    After that you can create a mail routing LDAP query that makes sure the messages are routed correctly. The mailHost attribute will be used to determine where the message should be routed to. If needed, you can also run a message acceptance query against that same LDAP. That query would reject all mail addresses that are unknown to the directory.
    If you have more questions about this, jus send me a message; I have some experience with this matter.
    Steven

  • Broadcast query within email

    Hello,
    Is it possible to broadcast query results "within" an email.  Currently we are sending attachments but i would like to send the results within the body of the email.  I've tested all the different settings but dont see what i am looking for.  Broadcasting an online link does not fit our requirement, we are sending a snapshot in time not current data.
    Regards,
    TMS

    Hi,
    In BEx broadcaster create a setting that has:
    Distribution Type: "Send as E-Mail"
    Output Format: "Independent HTML File"
    leave As Zip File unchecked.
    For me, this sends the web template I choose in the body of the email.
    Also, you may need to add the email address that you are sending the emails from as a trusted site in your email list. This may allow the email program (we use Outlook) to apply the CSS from the templates to the table in the email and it will look exactly like what you would see in your web portal.
    Cheers,
    Rusty

  • Mod_plsql: /pls/apex/wwv_flow.accept HTTP-400 Too many arguments passed in.

    Hi All ,
    I want one solution i have a report which fectches the ppt that r stored in db,If i search more results it errors out so i have reduced the results and it was working fine.Now i see it is giving the same error(as below) althorugh it was working fine by reducing results in query.Can anybody please help me in this.
    the error is
    Bad Request
    Your browser sent a request that this server could not understand.
    mod_plsql: /pls/apex/wwv_flow.accept HTTP-400 Too many arguments passed in. Got 3250 parameters. Upper limit is 2000
    Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server Server at insightapps.oraclecorp.com Port 80

    Section 1.10 of the Oracle HTTP Server mod_plsql User's Guide states the following
    The total number of name value pairs that can be passed to a PL/SQL procedure is 2000.
    mod_plsql limits the total number of parameters that can be passed to a single procedure to 2000.
    mod_plsql limits the size of a single parameter that can be passed to a procedure to 32000 bytes.
    It would be helpful to know how each of these apply in the APEX context
    Varad

  • Ideas for features needed in new Conversational LDAP Accept

    Mark, sorry should have given you this list months ago. My guess is you've already thought of all of these and more.
    Everyone else, feel free to add to the list or tell me I'm nuts... or better yet ask what for.
    1) A good DHAP (directory harvest attack prevention) solution. I'm guessing this would be along the same lines as current post-conversation LDAP Accept. - completely obvious
    2) Sender Group specific settings, also like the current DHAP. This allows for different bounce/drop rates based on Sender Group or SRBS. Also the ability to Drop vs. Bounce based on Sender Group, not just a global setting.
    3) The ability to do conversational bounces based on the MAIL FROM: in addition to the RCPT TO:. This allows for conversational bounces for Internet inbound emails where the MAIL FROM: may be your own domain (spoofed).
    4) LDAP Accept still needs to be post HAT, Domain Map and RAT processing.
    5) Rates and counts added to the Mail Flow monitor stats, specifically: Invalid LDAP rates: Total, Bounce and Drop.
    6) LDAP lookup status, very much like DNS with cache hit/miss rates, number of lookups, etc. Also rates along with counts.
    7) Warnings when LDAP lookup timeout is exceeded, vs. server connection failures. Configurable LDAP lookup timeout.
    8) If connection to LDAP server fails or times out, emails are accepted by default.

    Erich,
    This is all very good feedback. The vast majority of it will be included in the conversational LDAPACCEPT feature coming in a maintenance release in the short term.
    There are a couple items that we'll have to get to in a later release:
    - Drop vs. bounce in the sender group. Good idea, beyond what we'll be able to do in this release. But you'll be able to enable/disable and set thresholds per sender group.
    - Conversational bounces on the Envelope Sender. This is coming in the Hard Rock release, planned for Q405.
    - LDAP lookup status will be in the Hard Rock release
    Everything else looks to be in there.
    Peter Schlampp
    Sr. Dir., Product Management
    IronPort Systems

  • Spaces within access db field name

    I am trying to use data which was extracted to a excel file
    then imported into a access database.
    During the import access database used the first roll to be
    the field name and some names has space within.
    When I try to access those field inside CF and i will get a
    error message since the CF won's understand any field names with
    space inside the name.
    Is there a work around? Since change the field name each time
    will take lots of time beacuse the db will be exported every day.
    Thanks

    Is there a work around? Since change the field name each time
    will take
    lots of time because the db will be exported every day.
    Thanks
    Yup, two of 'em even.
    The first is in the SQL language, you can alias the columns
    with the AS
    command. This one is probably preferred by most developers.
    SELECT ['Column With Spaces'] AS NoSpaces
    FROM aTable
    Secondly you can use the array notation ability of ColdFusion
    to
    reference variables with bad names. For queries that would be
    queryName[columnName][row].
    <cfoutput query="aBadQuery">
    #aBadQuery["Column With Spaces"][currentRow]#
    </cfoutput>

  • LDAP acceptance

    I would like to configure LDAP acceptance. The mail server is Scalix. I've found some information in Scalix for LDAP:
    swa.ldap.1.type=system
    swa.ldap.1.server=mail.test.com
    swa.ldap.1.port=389
    swa.ldap.1.baseDN=o=scalix
    swa.ldap.1.displayName.resourceID=addressbooksearch_title_system
    swa.ldap.1.displayName.resourceLabel=System Directory
    swa.ldap.1.authType=none
    swa.ldap.1.filter=(|(&(cn=%s*)(mail=*))(&(sn=%s*)(mail=*))(&(gn=%s*)(mail=*))(mail=%s*)(&(omalias=%s*)(mail=*)))
    swa.ldap.1.addressSearchLimit=100
    swa.ldap.1.search.1.header=true
    swa.ldap.1.search.1.type=name
    swa.ldap.1.search.1.name.resourceID=addressbooksearch_label_name
    swa.ldap.1.search.1.name.resourceLabel=Name
    swa.ldap.1.search.1.dirAttribute=omcn
    swa.ldap.1.search.2.header=true
    swa.ldap.1.search.2.type=email
    swa.ldap.1.search.2.name.resourceID=addressbooksearch_label_email
    swa.ldap.1.search.2.name.resourceLabel=Email Address
    swa.ldap.1.search.2.dirAttribute=rfc822Mailbox
    swa.ldap.1.search.3.header=true
    swa.ldap.1.search.3.type=
    swa.ldap.1.search.3.name.resourceID=addressbooksearch_label_phone
    swa.ldap.1.search.3.name.resourceLabel=Phone
    swa.ldap.1.search.3.dirAttribute=telephoneNumber
    swa.ldap.1.search.4.header=
    swa.ldap.1.search.4.type=
    swa.ldap.1.search.4.name.resourceID=
    swa.ldap.1.search.4.name.resourceLabel=Fax Phone
    swa.ldap.1.search.4.dirAttribute=facsimileTelephoneNumber
    swa.ldap.1.search.5.header=
    swa.ldap.1.search.5.type=
    swa.ldap.1.search.5.name.resourceID=
    swa.ldap.1.search.5.name.resourceLabel=Mobile Phone
    swa.ldap.1.search.5.dirAttribute=mobileTelephoneNumber
    swa.ldap.1.search.6.header=
    swa.ldap.1.search.6.type=
    swa.ldap.1.search.6.name.resourceID=
    swa.ldap.1.search.6.name.resourceLabel=Pager Phone
    swa.ldap.1.search.6.dirAttribute=pagerTelephoneNumber
    swa.ldap.2.type=personal
    swa.ldap.2.server=mail.test.com
    swa.ldap.2.port=389
    swa.ldap.2.baseDN=o=MyContacts
    swa.ldap.2.displayName.resourceID=addressbooksearch_title_personal
    swa.ldap.2.displayName.resourceLabel=Personal Contacts
    swa.ldap.2.authType=simple
    swa.ldap.2.bindDN=rfc822mailbox=%u
    swa.ldap.2.filter=(|(&(cn=%s*)(|(mail=*)(304=4)))(&(sn=%s*)(mail=*))(&(gn=%s*)(mail=*))(mail=%s*)(&(omalias=%s*)(mail=*)))
    So what are the parameters for LDAP acceptance according to the information above?

    Can you have more information be exported for this user? From scanning over the output below, I cannot identify where a user's email address would be except for this one value:
    swa.ldap.1.search.2.name.resourceLabel=Email Address
    I would like to configure LDAP acceptance. The mail server is Scalix. I've found some information in Scalix for LDAP:
    swa.ldap.1.type=system
    swa.ldap.1.server=mail.test.com
    swa.ldap.1.port=389
    swa.ldap.1.baseDN=o=scalix
    swa.ldap.1.displayName.resourceID=addressbooksearch_title_system
    swa.ldap.1.displayName.resourceLabel=System Directory
    swa.ldap.1.authType=none
    swa.ldap.1.filter=(|(&(cn=%s*)(mail=*))(&(sn=%s*)(mail=*))(&(gn=%s*)(mail=*))(mail=%s*)(&(omalias=%s*)(mail=*)))
    swa.ldap.1.addressSearchLimit=100
    swa.ldap.1.search.1.header=true
    swa.ldap.1.search.1.type=name
    swa.ldap.1.search.1.name.resourceID=addressbooksearch_label_name
    swa.ldap.1.search.1.name.resourceLabel=Name
    swa.ldap.1.search.1.dirAttribute=omcn
    swa.ldap.1.search.2.header=true
    swa.ldap.1.search.2.type=email
    swa.ldap.1.search.2.name.resourceID=addressbooksearch_label_email
    swa.ldap.1.search.2.name.resourceLabel=Email Address
    swa.ldap.1.search.2.dirAttribute=rfc822Mailbox
    swa.ldap.1.search.3.header=true
    swa.ldap.1.search.3.type=
    swa.ldap.1.search.3.name.resourceID=addressbooksearch_label_phone
    swa.ldap.1.search.3.name.resourceLabel=Phone
    swa.ldap.1.search.3.dirAttribute=telephoneNumber
    swa.ldap.1.search.4.header=
    swa.ldap.1.search.4.type=
    swa.ldap.1.search.4.name.resourceID=
    swa.ldap.1.search.4.name.resourceLabel=Fax Phone
    swa.ldap.1.search.4.dirAttribute=facsimileTelephoneNumber
    swa.ldap.1.search.5.header=
    swa.ldap.1.search.5.type=
    swa.ldap.1.search.5.name.resourceID=
    swa.ldap.1.search.5.name.resourceLabel=Mobile Phone
    swa.ldap.1.search.5.dirAttribute=mobileTelephoneNumber
    swa.ldap.1.search.6.header=
    swa.ldap.1.search.6.type=
    swa.ldap.1.search.6.name.resourceID=
    swa.ldap.1.search.6.name.resourceLabel=Pager Phone
    swa.ldap.1.search.6.dirAttribute=pagerTelephoneNumber
    swa.ldap.2.type=personal
    swa.ldap.2.server=mail.test.com
    swa.ldap.2.port=389
    swa.ldap.2.baseDN=o=MyContacts
    swa.ldap.2.displayName.resourceID=addressbooksearch_title_personal
    swa.ldap.2.displayName.resourceLabel=Personal Contacts
    swa.ldap.2.authType=simple
    swa.ldap.2.bindDN=rfc822mailbox=%u
    swa.ldap.2.filter=(|(&(cn=%s*)(|(mail=*)(304=4)))(&(sn=%s*)(mail=*))(&(gn=%s*)(mail=*))(mail=%s*)(&(omalias=%s*)(mail=*)))
    So what are the parameters for LDAP acceptance according to the information above?

  • Merge space within database.

    Hi,
    Our company is moving a production database from one storage subsystem to another, more efficient. Objects within the database are highly fragmanted. The data wihin the database uses about 1TB. If somebody performed a full export and an import to another database, the same data would need less than 600GB. There is an idea to recreate and rebuild all objects during the mentioned maintenance.
    Full imp/exp is not an option as it would cause a long database outage what is not acceptable. My idea is to copy the whole database to the new storage, create a new tablesace and perioically (weekly) move several objects to it (using ALTER TABLE... MOVE and ALTER INDEX REUBUILT... TABLESPACE...). When all objects are moved, drop the old tablespace and realese space. Is there any other more convenient way to merge space within database?
    The database uses a lot of small, 2GB files. Wouldn't it be better to create a smaller number of bigger files? Would it influence the performance of the database?
    Thank you in advance,
    Tim

    Thank you very much for the reply!
    The version that is currently used is 10.1.0.5 (EE).
    To be honest mainly indexes are fragmented. We don't suffer from table's data chaining or migration.
    I have made a full database export recently (using data pump) and imported it into an other database. In the source database indexes utilize about 500GB whereas in the target only about 300GB. The indexes haven't been rebuilt for ...years. According to many publications, index defragmentation vastly improves overall system performance, especially for queries that use index scans.
    As I know during checkpoint the headers of all data files are updated with current SCN. I thought that decreasing the number of data files would decrease the number of writes. That's why I asked about performance differences.
    In what way do you consider ASM as the perfect tool for migration?
    Regards,
    Tim

  • LDAP group query failure during per-recipient scanning, poss

    I am trying to figure out what this is referring to:
    LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server
    I can still send test messages from my e-mail.
    Is it possible tht a user is trying to send in corectly..hmmm

    If you create a LDAP debug log from within the GUI, this will give you a more in depth look into the query that is being sent to your LDAP server and also more important any errors that are being returned.
    Great log for troubleshooting any LDAP related issues.

  • Cell definition in Query Design within Bex Analyzer

    Hello,
    I would like to use special cell definition to visualizing the difference row definition between 2 columns (last year and actual year). With "Cell Definition" function in Query Design within Bex Analyzer there's a option to select a new restricted key figure for a related cell. But as a result I just can see a star (*) against a result number in that field. Do you have an idea, how can I solve this problem?
    Thanks and Regards,
    Nuran

    Hi again Dirk,
    there's not a unit problem. We use 2 different restricted key figure definition for a same row. The first restricted (or can be decribed as calculated key figure) key figure must be used in the first column to represent the value of the last year. And at the same row with usage of same text (for example: cost of goods sold)the second restricted key figure should be used to show the value of actual year (B2:costs in euro). The problem is the key figure definitions are totaly different; they're using different account groups etc. Cause of, I wanted to use cell definition function. In the first value field (B1) should be shown first key figure but I just get star (*) and a wrong value in the formula field of excel (between the toolbars and the result area).
    Thanks for your reply.
    Nuran

  • CSCul66951 LDAP routing query fails when user name is the same (6 july 2014)

    in the case CSCul66951 LDAP routing query fails when user name is the same it is mentionned that the version 8.0.2-055 correct this bug ? How come i don't see this version on my menu Available upgrades from my IronPort C370 ?
    Is there someone on the support team that have try this LDAP query on a IronPort C370 with this version in the development lab ?
    Do i have to open a support Case to have this version of AsyncOS ?
    Best regards,
    Benoit Belair
    University of Quebec in Montreal

    Yes - CSCul66951 - this was included w/ the 8.0.1-HP1, and is rolled into 8.5.6-074 GA release.
    See release notes, resolved issues:
    http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-0/release_notes/ESA_8-0-1_HP1_Release_Notes.pdf
    CSCun02766 - 8.5.6-063, which was superseded by the 8.5.6-074 GA release.  
    See release notes, resolved issues:
    http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-6/ESA_8-5-6_Release_Notes.pdf

  • I cannot download the creative cloud i have havent got passed the first step

    I cannot download the creative cloud i have havent got passed the first step

    Maybe you are taking the wrong first step.  What is the first step that you have not gotten passed yet?

  • Query Distribution via email

    Hi Gurus,
    Iu2019m preparing a proposal for query distribution via email and have found the following as the steps involved
    Prerequisites:
    1     Enable web functionality in BI server     Basis consultant       1 MD
    2     Setup mail server                             Basis consultant       1 MD
    3     Maintain email address for users             Basis consultant       1 MD
    4     Create broadcasting setting for queries     BW consultant              0.5 MD * (Number of queries)
    Please advice if I have missed out anything
    Iu2019m also curious to know how the authorization concept will be applied (i.e. specific company code report for specific user based on the users authorization)
    How to configure this?
    Is there separate task involve for this? how do I include this on the above effort estimation.
    Your help highly appreciated
    Thank you
    BR
    Saravanan Ramasamy

    Hi,,
    try this: https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b7658119-0a01-0010-39a9-b600c816f370
    hope it helps

Maybe you are looking for

  • Deletion of setup data : what are the consequences ?

    Hello, I am a sap basis guy, and currently perfroming an Upgrade (4.7-->ECC6). during the preparation phase, I had some problems with BW estraction data that correspond to the symptoms described in sap note 1083709; I executed the report RMCEXCHK and

  • Double clicking for editing JCheckBox in JTable under java 1.6?

    Hi all, I have a JTable with JCheckboxes in a column (and associated renderer and editor). All worked good with/until java 1.5. Now with java 1.6 I have to click two times on the checkbox in order to change the selection... Anyone has experimented a

  • Transfering SIM Card data to new phone?

    Hi, I was wondering if my SIM card holds all my addressbook data? I have just purchased a 6085 and want to transfer the data from my 6061 to my new phone. Will it all be in my SIM card or do I have to re-enter the contents of my old phone data manual

  • Help with right click menu!

    Hello. I have a little problem with my right click menu and Firefox. When I right click a document and go to "open with" menu I get about 5 Firefox options along with other applications to open the file; how can I get rid of all this Firefox entries?

  • Can't Start svrmgrl or sqlplus

    Whenever I try to launch the aforementioned apps, I get the following errors: svrmgrl: error in loading shared libraries libclnsh.so.1.0: cannot open shared object: no such file or dir So... what's the deal here? Where did I goof it up? -Tim null