Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Not in the LDAP Group - Content Filter Action

Unanswered Question
Aug 30th, 2008
User Badges:

Hi gurus,

I already configured LDAP on my C350 with a policy that if user is not in the ldap group i created/queried, it cannot send an email...

However, im wanted a content filter on my LDAP Policy Name that will have an action to drop dead mails..

How do i do it....

Primarily..i disabled content filters on my ldap group policy name and set the default policy to drop....

Its something like this..

# Policy Name Antispam AntiVirus Content Filters Virus Outbreak
1 mydomainAD enabled enabled disabled enabled
2 default enabled enabled drop_filter enabled

Anyone can suggest?

On the #1 policy i wanted to create a content filter that will drop if the user is not in my LDAP.. i dont see any option at the content filter that says IF NOT MEMBER OF THE LDAP GROUP... action - DROP

thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kluu_ironport Sun, 08/31/2008 - 05:03
User Badges:

I don't think there is a way to query if an email recipient is not a member of a certain group.

How many ldap groups are you comparing the recipient email addresses to?

I think the current way you're doing it is fine. In policy #1, put in all the groups that are allowed to send. You can put in mutliple groups.

Then policy #2 is for any email recipients that are not found in policy #1.

angfeglandagan Sat, 09/06/2008 - 12:25
User Badges:


I got 3 LDAP groups with different domains ...and they work perfectly fine...

I am able to queries emails with multiple aliases using the group query proxy address on search group..

I was able to test it if a user outside attempted to send deadmails... ESA will drop it and notify that user doesnt exist and is refused entry to my domain..

im going to test it the content filters ...for those domain...

hope i can get it right...

thank you.


This Discussion