Print Page | Close Window

LDAP and Merak integration

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 19 July 2018 at 7:34am

Topic: LDAP and Merak integration
Posted By: starbase
Subject: LDAP and Merak integration
Date Posted: 20 May 2009 at 10:25am

I've spam filter isp installed and testing. It really works and stops almost all spam. but I have a problem:

I use a Merak Mail server as my relay smtp and account managing. This server has LDAP exportation so I can export my users to a LDAP and here is the problem:

I need to use SMTP Auth, when I connect spam filter isp to the LDAP it connects, but I can't ask any user/password because always return 'Account failed: User not found'.

I assume that the mask search can be altered, but when I try to change it to search to accomodate the values of my LDAP it always shows 'Account failed: Credenciales no vĂ¡lidas'

I need to use spam filter isp with this merak mail server because I have almost 500 users and I can't think on migrate to another mail server.

Can anyone give me a hand? Any idea?
thanks a lot and king regards.

Posted By: starbase
Date Posted: 21 May 2009 at 6:52am
Hi, I've been investigating and I need to know how exactly Spam Filter ISP queries the LDAP. If I delete all filter mask, it shows an 'filter error'. But using a LDAP navigation software I can filter with a empty filter to LDAP.

So I assume that the query internally adds some string to the filter mask. Is there any way to know how exactly  it queries the LDAP?

It's imperative for us if we want to apply the software, it filters very great but we need to put ok the LDAP authentication.

Thanks a lot and king regards.

Posted By: LogSat
Date Posted: 21 May 2009 at 9:51am

When you exported the accounts from merak to LDAP, did you export both the username and the passwords? If so, what is the full DN path to the users? This would be something like:


and the users will be identified by something like:

The DN to the "starbase" user could thus be for example:


SpamFilter will need a "Search Base", which is a DN underneath which all user accounts will be located (ou=users,dc=your_domain,dc=com in the example above), and it will also need a "filter" that lets it know how the user accounts are identified - (uid=%0:s)   in the example above.

If you can describe your LDAP structure a bit more in detail we can try to help further.

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: starbase
Date Posted: 21 May 2009 at 10:54am

1. Thanks for your help and support.

2. This is the LDAP connection parameters:
cn=admin,dc=root is the DN where the accounts are located.
Then all the users have a cn='username' .

For to explain me better, I've stored two pics of the LDAP configuration:

This is how the exportation leaves the user info, I assume i will have to fitgh something with Merak to modify this export info, but the fact is that I needd at least a way from spam filter isp to connect and filter the actual data.

I connect, but not filter. Here is the screen capture on spam filter:

I will be very appreciated for your help, as I've said I'm impressed with the filtering power with your software.
thanks a lot.

Posted By: LogSat
Date Posted: 21 May 2009 at 12:47pm

Based on your screenshots, assuming the username is "Oscar6", as it is indicated by the "cn" attribute, your "Search Mask" in SpamFilter should be:


However from your screenshots I do not see a "password" attribute. Without a password, users cannot be authenticated. Are you certain that passwords are being exported into LDAP?

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: starbase
Date Posted: 27 May 2009 at 8:32am
Hi Roberto.

Thanks for your help. I'm workingaround the password Merak exportation.

Bytheway, I've seen that my users only can send email to external domains when I include them on the 'excluded domains /IP list'.
We are not a ISP but provide hosting to some customers and I manage all their mail.
 I don't understand why I must include this domains in excluded domain's list, because this causes that some filter rules are not applied to the users.

How can I allow the users send email to external domains without having to include them on the excluded domains list?

Thanks again for your help.

Posted By: LogSat
Date Posted: 27 May 2009 at 10:50am

SpamFilter will not allow to relay emails to anything except the domains listed in your "Local Domains". This is done to prevent spammers from using your server as an open relay to send emails out to the internet.

There are two exceptions to this, which allow your legitimate users to relay their emails thru SpamFilter out to the internet.

Case #1 - you implement SMTP Authentication. In this case, all users who authenticate successfully are whitelisted and able to relay out to the internet thru SpamFilter.

Case #2 - any IP address (or subnet) added to the "Excluded Domains /IP" list is whitelisted and is allowed to relay emails thru SpamFilter. Please note that only IPs are allowed to relay from that list. Any domain names you add to the list (as whitelisted email "from" addresses) are still not allowed to relay.

So in summary, both of the above exceptions cause the senders to be whitelisted, so no spam rules are applied to them, and they are also able to freely relay. Please note that is you purchased the anti-virus plugin, all emails will still be scanned for viruses.

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Print Page | Close Window