The setup of LDAP synchronization is a one-time process with a few steps, which are detailed below. When this is configured for a given domain, the spam filtering system automatically connects to your organization's LDAP server (for instance, Microsoft's Active Directory or Novell's Directory Server) at periodic intervals. The LDAP query requests a list of the current email addresses and aliases for that company's domain(s), and updates the spam filtering systems so that they are automatically kept in sync with any changes to the email addresses in use at the organization.
The steps to set up the LDAP synchronization are as follows:
- Set up a user for the spam filter within the organization's directory
- Update the organization's firewall to allow an inbound LDAP request from the spam filter
- Configure the current control panel for the LDAP synchronization
1. User Setup
A new user should be set up for the spam filter in the organization's user directory (Microsoft Active Directory, Novell Directory Server, etc.). This user can and should have minimal rights (i.e. it does not need any access to files, printers, etc.) - it simply needs to be able to login, and should have an email address, e.g., firstname.lastname@example.org or email@example.com.
2. Firewall Configuration
A port on the organization's firewall should be opened to allow inbound LDAP traffic from our networks to the organization's directory server. For standard LDAP, the port is 389. If you are using LDAPS (Secure LDAP), it is port 636. The networks that must be allowed are:
220.127.116.11 / 255.255.255.0 18.104.22.168 / 255.255.255.0 22.214.171.124 / 255.255.255.0 126.96.36.199 / 255.255.255.0 188.8.131.52 / 255.255.255.0 184.108.40.206 / 255.255.255.0 220.127.116.11 / 255.255.255.0 18.104.22.168 / 255.255.255.0 22.214.171.124 / 255.255.255.0 126.96.36.199 / 255.255.255.0 188.8.131.52 / 255.255.255.0
3. Spam Filter Configuration
In the Management > User Management > Synchronization area, select LDAP synchronization in the pulldown menu and then enter the information requested, including the IP address or hostname of the directory server, the username and password you established, the desired synchronization interval, and the type of LDAP server you are using (Microsoft Active Directory Server, Novell Directory Server, OpenLDAP, etc.).
Note that the username is referred to in LDAP lingo as the UserDN or BindDN, and is usually the email address for the user you established on your server for purposes all the LDAP integration. The BaseDN, another element of data requested for the LDAP synchronization, typically follows the convention of
cn=Users,dc=yourdomain,dc=com but is dependent on how your directory structure was established.
Once your data has been saved, click on the Test Now button to verify that the spam filter can connect to the directory server and that the mail accounts can be successfully determined by the LDAP query.