LDAP query with headers

Unanswered Question
May 1st, 2008

Hi. The problem I'm trying to solve is preventing Internet senders from specifying a distribution list in either the Cc: or Bcc: headers. It's trivial to prevent the envelope recipient from being a distribution list by modifying the accept query, but I can't think of a way to invoke an LDAP query against a header.

Anyone have a solution to this other than setting up content filters for "other headers" and manually typing in distribution list addresses by hand?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
steven_geerts Tue, 05/06/2008 - 23:25

Hello jtw,

As far as I know the actual address that triggers the filter in Ironport is the RCPT TO address in the header, before the DATA command.
Specifying is an address is a TO, CC or BCC address is done by specifying (or leaving it out, in case of BCC) the appropriate field after the DATA command.
So I should expect the LDAP query to do the same, which means you do not have to make any distinct between TO, CC and BCC in your policies and LDAP queries.

(Please shoot when I’m wrong citizens…)

Best regards Steven

Donald Nash Tue, 05/06/2008 - 23:43

LDAP queries are always in terms of the envelope sender or recipient addresses, not the header addresses.

Steven: if I'm understanding jtw properly, what he's trying to do is suppress messages containing certain header recipient addresses (in this case distribution lists), by using LDAP queries. There doesn't seem to be any way to do this with AsyncOS. The error you're making is assuming that everything in the recipient headers will be reflected in the envelope. That's not always the case. However, it does bring up a relevant question for jtw to answer: What exactly are you trying to accomplish? In other words, why are you trying to suppress the use of distribution lists in the recipient headers rather than in the envelope? The envelope is what affects actual delivery. The headers only affect what the recipient sees in his mail client.

jaigill Mon, 05/12/2008 - 17:34

When you specify email addresses in the Cc: or Bcc: field of your MUA(Outlook, thunderbird, etc), your MUA will convert them to envelope 'RCPT TO' addresses when it delivers the message to the next hop mail server.

So you can essentially use LDAP to block messages Cc'ed or Bcc'ed to distribution lists. However, if someone just spoofs the Cc header, then you are dealing with another issue.


This Discussion