Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - LDAP and Merak integration
  FAQ FAQ  Forum Search   Register Register  Login Login

LDAP and Merak integration

 Post Reply Post Reply
Author
starbase View Drop Down
Newbie
Newbie


Joined: 01 May 2009
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote starbase Quote  Post ReplyReply Direct Link To This Post Topic: LDAP and Merak integration
    Posted: 20 May 2009 at 10:25am
Hi,

I've spam filter isp installed and testing. It really works and stops almost all spam. but I have a problem:

I use a Merak Mail server as my relay smtp and account managing. This server has LDAP exportation so I can export my users to a LDAP and here is the problem:

I need to use SMTP Auth, when I connect spam filter isp to the LDAP it connects, but I can't ask any user/password because always return 'Account failed: User not found'.

I assume that the mask search can be altered, but when I try to change it to search to accomodate the values of my LDAP it always shows 'Account failed: Credenciales no válidas'

I need to use spam filter isp with this merak mail server because I have almost 500 users and I can't think on migrate to another mail server.

Can anyone give me a hand? Any idea?
thanks a lot and king regards.
Back to Top
starbase View Drop Down
Newbie
Newbie


Joined: 01 May 2009
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote starbase Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2009 at 6:52am
Hi, I've been investigating and I need to know how exactly Spam Filter ISP queries the LDAP. If I delete all filter mask, it shows an 'filter error'. But using a LDAP navigation software I can filter with a empty filter to LDAP.

So I assume that the query internally adds some string to the filter mask. Is there any way to know how exactly  it queries the LDAP?

It's imperative for us if we want to apply the software, it filters very great but we need to put ok the LDAP authentication.

Thanks a lot and king regards.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 3953
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2009 at 9:51am
starbase,

When you exported the accounts from merak to LDAP, did you export both the username and the passwords? If so, what is the full DN path to the users? This would be something like:

ou=users,dc=your_domain,dc=com

and the users will be identified by something like:
uid=starbase

The DN to the "starbase" user could thus be for example:

uid=starbase,ou=users,dc=your_domain,dc=com

SpamFilter will need a "Search Base", which is a DN underneath which all user accounts will be located (ou=users,dc=your_domain,dc=com in the example above), and it will also need a "filter" that lets it know how the user accounts are identified - (uid=%0:s)   in the example above.

If you can describe your LDAP structure a bit more in detail we can try to help further.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
starbase View Drop Down
Newbie
Newbie


Joined: 01 May 2009
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote starbase Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2009 at 10:54am
Hi!

1. Thanks for your help and support.

2. This is the LDAP connection parameters:
cn=admin,dc=root is the DN where the accounts are located.
Then all the users have a cn='username' .

For to explain me better, I've stored two pics of the LDAP configuration:

http://demo.cerdanyolalr.com/portal1/images/content/ldap1.jpg
http://demo.cerdanyolalr.com/portal1/images/content/ldap2.jpg

This is how the exportation leaves the user info, I assume i will have to fitgh something with Merak to modify this export info, but the fact is that I needd at least a way from spam filter isp to connect and filter the actual data.

I connect, but not filter. Here is the screen capture on spam filter:

http://demo.cerdanyolalr.com/portal1/images/content/ldap3.jpg

I will be very appreciated for your help, as I've said I'm impressed with the filtering power with your software.
thanks a lot.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 3953
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 May 2009 at 12:47pm
starbase,

Based on your screenshots, assuming the username is "Oscar6", as it is indicated by the "cn" attribute, your "Search Mask" in SpamFilter should be:

(cn=%0:s)

However from your screenshots I do not see a "password" attribute. Without a password, users cannot be authenticated. Are you certain that passwords are being exported into LDAP?
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
starbase View Drop Down
Newbie
Newbie


Joined: 01 May 2009
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote starbase Quote  Post ReplyReply Direct Link To This Post Posted: 27 May 2009 at 8:32am
Hi Roberto.

Thanks for your help. I'm workingaround the password Merak exportation.

Bytheway, I've seen that my users only can send email to external domains when I include them on the 'excluded domains /IP list'.
We are not a ISP but provide hosting to some customers and I manage all their mail.
 I don't understand why I must include this domains in excluded domain's list, because this causes that some filter rules are not applied to the users.

How can I allow the users send email to external domains without having to include them on the excluded domains list?

Thanks again for your help.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 3953
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 27 May 2009 at 10:50am
starbase,

SpamFilter will not allow to relay emails to anything except the domains listed in your "Local Domains". This is done to prevent spammers from using your server as an open relay to send emails out to the internet.

There are two exceptions to this, which allow your legitimate users to relay their emails thru SpamFilter out to the internet.

Case #1 - you implement SMTP Authentication. In this case, all users who authenticate successfully are whitelisted and able to relay out to the internet thru SpamFilter.

Case #2 - any IP address (or subnet) added to the "Excluded Domains /IP" list is whitelisted and is allowed to relay emails thru SpamFilter. Please note that only IPs are allowed to relay from that list. Any domain names you add to the list (as whitelisted email "from" addresses) are still not allowed to relay.

So in summary, both of the above exceptions cause the senders to be whitelisted, so no spam rules are applied to them, and they are also able to freely relay. Please note that is you purchased the anti-virus plugin, all emails will still be scanned for viruses.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.125 seconds.

Spam Filter ISP - Copyright © 2002-2013 LogSat Software LLC - PO BOX 916340 Longwood, FL 32791 USA

 Sales: sales@LogSat.com - Support: support@LogSat.com - Tel. (sales only): +1 407-650-3008