Introduction
In the event that you are using our spam filtering product to filter mail for your Exchange platform, specific steps need to be taken to utilise the full feature set. By its self the spam filter will filter mail and deliver it to your server. You may however desire for users to be able to log into the filter using their Exchange user name and password. This document will outline the steps for setting this functionality up. Please note, you must have full administrative access to the Exchange server and the Active Directory domain associated with it.
Adjusting Active Directory configuration settings comes with risk. We cannot be held responsible for any changes that you make that cause problems within your infrastructure. If you are unsure of any of these settings please consult your Active Directory domain administrator.

Required configuration
The control panel asks for the following fields (see Appendix A):

  • Destination Mail Server
  • Destination Mail Server Port
  • Destination Mail Server Preference
  • User Lookup Mode
  • User Lookup Server
  • User Lookup Server Port
  • User Authentication Mode
  • User Authentication Server
  • User Authentication Server Port
  • LDAP – Base Distinguished Name (DN)
  • LDAP – User Distinguished Name (DN)
  • LDAP – Password

Destination Mail Server
This is the location to deliver mail once it has been scanned in IP or hostname format.

Destination Mail Server Port
This is the port to use when forwarding scanned mail (default is 25)

Destination Mail Server Preference
The default here is 1 (don’t change this unless you are sending to more than one mail server and know why you are changing it).

User Lookup Mode
This should be set to “Microsoft Exchange 2000-2013”

User lookup Server
This should be the IP or hostname of the server where Active Directory user lookups can be performed against. This is typically the domain controller for the environment. If the Exchange server is also a Domain Controller then this can be set in this field.

User Lookup Server Port
The default for this is TCP port 389 (LDAP). In order for this to work it is necessary for any firewalls to allow traffic to this port from 89.249.65.32 (our filter server).

User Authentication Mode
This should be set to “Microsoft Exchange 2000-2013”

User Authentication Server
This should be the IP or hostname of the server where Active Directory user lookups can be performed against. This is typically the domain controller for the environment. If the Exchange server is also a Domain Controller then this can be set in this field.

User Authentication Server Port
The default for this is TCP port 389 (LDAP). In order for this to work it is necessary for any firewalls to allow traffic to this port from 89.249.65.32 (our filter server).

LDAP – Base Distinguished Name (DN)
This is the destination Active Directory domain name in DN format. For example if your AD domain is “example.local” then the DN would be “DC=example,DC=local”. This can be found by searching within the MMC tool “Active Directory Users and Computers” on your Domain Controller.

Service Account
This last two required fields relate to a service account that you will need to create in order to process authentication requests correctly. They are:

  • LDAP – User Distinguished Name (DN)
  • LDAP – Password

The user DN will be the Active Directory user logon name and the password will be the password associated with this account.

Creating a Service Account
The service account needs to be created within your AD environment and has the following requirements:

  • The password must meet your complexity requirements
  • Uncheck “User must change password at next logon” when creating the account
  • The password must be set to “Never expire”
  • The username must have only the “First name” field filled out (no “Last name”) when creating

Once created this will give you the AD user logon name to provide for the control panel User Distinguished Name field. For example if you created the user “spamfilter” on the domain “example.local” then you would type “spamfilter@example.local” into the “LDAP – User Distinguished Name (DN)” field.

Grant appropriate user account permissions
The user account needs “Read only” permissions on the top level of the domain hierarchy. This can be granted through the MMC tool “Active Directory Users and Computers” by selecting the properties of the top level of the tree (it should be labelled as the domain name) and adding the service account within the security tab and selecting only the permission “Read”.
Note: In order to do this “Advanced Features” must be selected from the view menu in the MMC console.

Conclusion
This should complete your configuration. You can verify this by logging onto the quarantine with your Exchange email address and password. If the login is a success then the authentication is being properly processed.

Kas see vastus oli kasulik? 23 Kasutajad peavad seda kasulikuks (89 Hääled)

Populaarsemad artiklid

I am not receiving my quarantine report

(Note: this only applies to account using our spam filtering service)If you are not receiving you...