configuring SMTP authentication limited to specific Active Directory Group

book

Article ID: 157279

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

There is a need to reduce the number of email users who will be succesfully able to authenticate and use SMTP authentication service to relay their email.  Default configuration will scan through all user accounts in Active Directory, so there is a requirement to reduce this to specific Active Directory group.

Resolution

This can be achieved by adjusting DDS query for SMTP Auhentication:

- please go to Administration->Directory Integration->(LDAP source)->Authentication->SMTP Authentication Query->Customize Query

- under Query filter default filter is defined as follows: (|(sAMAccountName=%u)(userPrincipalName=%s))

- please modify it following way: (&(|(sAMAccountName=%u)(userPrincipalName=%s))(memberOf=CN=<DN_OF_YOUR_GROUP>))

example:
(&(|(sAMAccountName=%u)(userPrincipalName=%s))(memberOf=CN=SMSMSE Admins,CN=Users,DC=example,DC=com))
 


NOTE: "memberOf" attribute takes as argument exact Distinguished Name (DN) of the group, wildcards are not allowed
NOTE: above information is provided only as convenience for our customers. Symantec Technical Support does not support the creation of custom content filter rules or customized Directory/LDAP queries on behalf of customers, for more info please have a look at: http://www.symantec.com/docs/HOWTO59013