Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

LDAP query with headers

Hi. The problem I'm trying to solve is preventing Internet senders from specifying a distribution list in either the Cc: or Bcc: headers. It's trivial to prevent the envelope recipient from being a distribution list by modifying the accept query, but I can't think of a way to invoke an LDAP query against a header.

Anyone have a solution to this other than setting up content filters for "other headers" and manually typing in distribution list addresses by hand?

New Member

Re: LDAP query with headers

Hello jtw,

As far as I know the actual address that triggers the filter in Ironport is the RCPT TO address in the header, before the DATA command.
Specifying is an address is a TO, CC or BCC address is done by specifying (or leaving it out, in case of BCC) the appropriate field after the DATA command.
So I should expect the LDAP query to do the same, which means you do not have to make any distinct between TO, CC and BCC in your policies and LDAP queries.

(Please shoot when I’m wrong citizens…)

Best regards Steven

New Member

Re: LDAP query with headers

LDAP queries are always in terms of the envelope sender or recipient addresses, not the header addresses.

Steven: if I'm understanding jtw properly, what he's trying to do is suppress messages containing certain header recipient addresses (in this case distribution lists), by using LDAP queries. There doesn't seem to be any way to do this with AsyncOS. The error you're making is assuming that everything in the recipient headers will be reflected in the envelope. That's not always the case. However, it does bring up a relevant question for jtw to answer: What exactly are you trying to accomplish? In other words, why are you trying to suppress the use of distribution lists in the recipient headers rather than in the envelope? The envelope is what affects actual delivery. The headers only affect what the recipient sees in his mail client.

Cisco Employee

Re: LDAP query with headers

When you specify email addresses in the Cc: or Bcc: field of your MUA(Outlook, thunderbird, etc), your MUA will convert them to envelope 'RCPT TO' addresses when it delivers the message to the next hop mail server.

So you can essentially use LDAP to block messages Cc'ed or Bcc'ed to distribution lists. However, if someone just spoofs the Cc header, then you are dealing with another issue.

CreatePlease to create content