Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
1
Replies

Defect #43025

reinhold.brunner_ironport
Level 1
Level 1

‎07-26-2008 10:14 AM

If LDAP Server is unreachable by recipient check all Mails are rejected by listener configruation "Ldap Accept in SMTP Conversation, If the LDAP server is unreachable: Allow Mail in".

Is the LDAP Check to Workqueue a possible Workaround ?

is the process in workqueue with ldap check like follow`?

mail is comming in
by smtp conversation reputation score check -> accept/drop
mail go to the work queue
ldap check in the work queue
when ldap server is reachable check recipient and deliver or
bounce/drop
when ldap server is unreachable --> messeage rest in the workqueue and
wait so long as ldap server is unreachable, when ldap server is up
again, ldap check recipenet and deliver or bounce/drop

is this right, and how long rest a mail in working queue when ldap
server is unreachable.

Labels:
0 Helpful
1 Reply 1

kluu_ironport
Level 2
Level 2

‎07-27-2008 09:20 PM

If you have it configured to perform ldap check in the workqueue and the ldap server is unreachable, the messages will get queued up in the workqueue until it can verify against the ldap server. There's no set time on when the messages will be able to move on until people start releasing they're not getting email.

That is one it's recommended to make it ldap check in the smtp conversation. If the system can't reach the ldap server, it will just let the mail through and process like normal and let your mailserver determine if the recipient is valid or not.

Again, remember that the ldap check is just an extra task that the IronPort system is doing on behalf of the mailserver. You should not let that process slow things down and just the mail through if it can't contact the ldap server.

Also, think of the ldap accept in the smtp conversation and ldap accept in the workqueue as the front door of your house or inside your house. Ldap accept in the smtp conversation is like the sender coming to the front door and the IronPort checking there. The IronPort won't accept the message until it can verify. If you have that option, then it'll just let it through. In the workqueue process, the IronPort will simply accept it and verify with ldap later.



If LDAP Server is unreachable by recipient check all Mails are rejected by listener configruation "Ldap Accept in SMTP Conversation, If the LDAP server is unreachable: Allow Mail in".

Is the LDAP Check to Workqueue a possible Workaround ?

is the process in workqueue with ldap check like follow`?

mail is comming in
by smtp conversation reputation score check -> accept/drop
mail go to the work queue 
ldap check in the work queue
when ldap server is reachable check recipient and deliver or 
bounce/drop
when ldap server is unreachable --> messeage rest in the workqueue and 
wait so long as ldap server is unreachable, when ldap server is up 
again, ldap check recipenet and deliver or bounce/drop

is this right, and how long rest a mail in working queue when ldap 
server is unreachable.

0 Helpful
Customers Also Viewed These Support Documents