How to configure SMTP verification using LDAP in Kaspersky Secure Mail Gateway

 

 

Kaspersky Secure Mail Gateway

 
 
 

How to configure SMTP verification using LDAP in Kaspersky Secure Mail Gateway

Back to "Settings"
2017 May 16 ID: 12300
 
 
 
 

The guide is applicable for cases when several LDAP servers are used. If the servers have different search_base or accounts, create a configuration file for each server. Add the created files to the relay_recipient_maps options. When integrating with one of the servers through the LDAPS protocol, add version=3 to the configuration file for that server to avoid the warning which postmap generates because of the default protocol value.

 
 
 
 

To enable SMTP verification using LDAP:

  1. Open the console of the Kaspersky Secure Mail Gateway virtual machine or connect to it via SSH.
  2. Go to Technical Support Mode.
  3. Copy the file /opt/kaspersky/klms-appliance/share/postfix/main.cf.template
  4. In the original file, find  relay_recipient_maps
  5. Delete the following lines:
{% if rejectRecipient == "unlisted" -%}
{%- endif %}
  1. Add the following line below:
relay_recipient_maps = ldap:$config_directory/ldap_relay_recipients.cf
  1. Make sure the file includes the following parameters:
smtpd_recipient_restrictions = reject_unlisted_recipient,  reject_non_fqdn_recipient,  reject_unknown_recipient_domain,  permit_mynetworks,  reject_unauth_destination,  reject_unverified_recipient
smtpd_reject_unlisted_recipient = yes
  1. Save the file.
Changing of the settings related to reject_unlisted_recipient will become unavailable after you save the file main.cf.template.
  1. Open the file /etc/postfix/ldap_relay_recipients.cf
  2. Fill it in according to the example:
SSL is supported. In this case, the link must start with ldaps:// 
server_host = ldap://10.69.119.237
server_port = 389
search_base = dc=site
query_filter = mail=%s
result_attribute = mail
bind = yes
bind_dn = cn=admin,dc=site
bind_pw = <your password here>
bind parameters are optional, if anonymous access to LDAP is available. 
For description of all parameters, see the Postfix official website.
  1. Save the file and run the command:
postmap /etc/postfix/ldap_relay_recipients.cf
  1. Check if you can find users by their email addresses:
postmap -q test10@test.mail.com ldap:/etc/postfix/ldap_relay_recipients.cf  
If the address exists and the search works, the information about the address will appear on the screen.
  1. Update the configuration of postfix:
/opt/kaspersky/klms-appliance/bin/update_postfix_config.sh

If the settings are correct, upon attempts to send a message to the user outside LDAP, you will get the error:

Non existing user:
Feb 26 17:53:50 adagsd postfix/smtpd[10029]: NOQUEUE: reject: RCPT from adagsd.test.local[::1]: 550 5.1.1 <test111111@test.mail.com>: Recipient address rejected: User unknown in relay recipient table; from=<root@adagsd.test.local> to=<test111111@test.mail.com> proto=ESMTP helo=<adagsd.test.local>
 
 
 
 

The settings will not function if Trusted Networks is used. For details, please see the Postfix website.

 
 
 
 
Was this information helpful?
Yes No
 
 
 

 
 

Have you found what you were looking for?

Please let us know how we can make this website more comfortable for you

Send feedback Send feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.