configuring SMTP authentication limited to specific Active Directory Group


Article ID: 157279


Updated On:


Messaging Gateway


There is a need to reduce the number of email users who will be succesfully able to authenticate and use SMTP authentication service to relay their email.  Default configuration will scan through all user accounts in Active Directory, so there is a requirement to reduce this to specific Active Directory group.


This can be achieved by adjusting DDS query for SMTP Auhentication:

- please go to Administration->Directory Integration->(LDAP source)->Authentication->SMTP Authentication Query->Customize Query

- under Query filter default filter is defined as follows: (|(sAMAccountName=%u)(userPrincipalName=%s))

- please modify it following way: (&(|(sAMAccountName=%u)(userPrincipalName=%s))(memberOf=CN=<DN_OF_YOUR_GROUP>))

(&(|(sAMAccountName=%u)(userPrincipalName=%s))(memberOf=CN=SMSMSE Admins,CN=Users,DC=example,DC=com))

NOTE: "memberOf" attribute takes as argument exact Distinguished Name (DN) of the group, wildcards are not allowed
NOTE: above information is provided only as convenience for our customers. Symantec Technical Support does not support the creation of custom content filter rules or customized Directory/LDAP queries on behalf of customers, for more info please have a look at: