Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1073
Views
0
Helpful
1
Replies

Message Routing/LDAP/High Availability

mattshwink_ironport
Level 1
Level 1

‎07-08-2008 10:08 PM

I am working on setting up some C350's in a rather strange environment. There are two separate e-mail environments that share the same namespace (domain.com). They both use Active directory and Exchange 2003. But they both are separate forests. This, of course, poses a problem with message routing.

I have the LDAP queries working, but I cannot really figure out how to route the mail. The current Smarthost basically says if I found you in X directory then you go to X e-mail environment (or vice versa). But the IronPort doesn't let me do this. The LDAP lookup only lets me decide to accept the message, not where to send it. The Routing query won't work because its Exchange (although we may try populating an additional field to see if we can get that to work). Masquerading won't work because they are the same domain name.

Any other ideas on how to do this?

I also have a second issue, which is we have a hot site that one of our appliances will reside in. So mail will come into the HQ site and the DR site at all times. Each path along the mail routing route has redundancy built in (gateway, front-end, back-end). The issue is if I want to configure these redundant routes they are all given the same weight. Is there any way to configure priority on the SMTP Routes, or a better way to do it?

Thanks!
Matt

Labels:
0 Helpful
1 Reply 1

kluu_ironport
Level 2
Level 2

‎07-09-2008 02:08 AM

On your first inquiry, I would set up two separate ldap profile. LdapProfile1 and LdapProfile2 that connect to two separate places. Get the ldap routing to work for each one. Let me know if I'm wrong, but from what I understand, if recipient2 gets queries against Profile1, he won't exist. If recipient2 gets queried against Profile2, it's a successful lookup. Using the routing query, there are two variables that are useful:

1. Recipient Email to Rewrite the Envelope Header:
2. Alternative Mailhost Attribute:

#1 should be set to "mail"
#2 should be set to some variable that exist in the recipients Active Directory/LDAP Profile that indicates which mailserver should receive mail for them. If this variable doesn't exist, is there a way that you can add this?

This may not be feasible if there is a huge amount of recipients. Is there any other way to differentiate a user that belongs to ServerA as opposed to ServerB?

----

Concerning the second inquiry, currently the entries in the Network > Smtproutes section are round robin manner and are not weighted by priority at the current time.

What you can do if you have a local dns server is to use a hostname for the destination host instead of IP. Then configure the local dns server to have weighted IP's. When the Ironport does a dns query, you will in effect have an ad-hoc type of weighted priority.



I am working on setting up some C350's in a rather strange environment.  There are two separate e-mail environments that share the same namespace (domain.com).  They both use Active directory and Exchange 2003.  But they both are separate forests.  This, of course, poses a problem with message routing.

I have the LDAP queries working, but I cannot really figure out how to route the mail.  The current Smarthost basically says if I found you in X directory then you go to X e-mail environment (or vice versa).  But the IronPort doesn't let me do this.  The LDAP lookup only lets me decide to accept the message, not where to send it.  The Routing query won't work because its Exchange (although we may try populating an additional field to see if we can get that to work).  Masquerading won't work because they are the same domain name.

Any other ideas on how to do this?

I also have a second issue, which is we have a hot site that one of our appliances will reside in.  So mail will come into the HQ site and the DR site at all times.  Each path along the mail routing route has redundancy built in (gateway, front-end, back-end).  The issue is if I want to configure these redundant routes they are all given the same weight.  Is there any way to configure priority on the SMTP Routes, or a better way to do it?

Thanks!
Matt

0 Helpful
Customers Also Viewed These Support Documents