How to configure SMTP verification using LDAPS in Kaspersky Secure Mail Gateway


Kaspersky Secure Mail Gateway


How to configure SMTP verification using LDAPS in Kaspersky Secure Mail Gateway

Back to "Settings"
Latest update: February 27, 2020 ID: 12300

The guide is applicable for cases when several LDAP servers are used. If the servers have different search_base or accounts, create a configuration file for each server. Add the created files to the relay_recipient_maps options.


To enable SMTP verification using LDAPS:

  1. Open the console of the Kaspersky Secure Mail Gateway virtual machine or connect to it via SSH.
  2. Go to Technical Support Mode.
  3. Copy the file /opt/kaspersky/klms-appliance/share/postfix/
  4. In the original file, find  relay_recipient_maps
  5. Delete the following lines:
{% if rejectRecipient == "unlisted" -%}
{%- endif %}
  1. Add the following line below:
relay_recipient_maps = ldap:$config_directory/
  1. Make sure the file includes the following parameters:
smtpd_recipient_restrictions = reject_unlisted_recipient,  reject_non_fqdn_recipient,  reject_unknown_recipient_domain,  permit_mynetworks,  reject_unauth_destination,  reject_unverified_recipient
smtpd_reject_unlisted_recipient = yes
  1. Save the file.
Changing of the settings related to reject_unlisted_recipient will become unavailable after you save the file
  1. Open the file /etc/postfix/
  2. Fill it in according to the example:
SSL is supported. In this case, the link must start with ldaps:// 
server_host = ldaps:// 
server_port = 389 
search_base = DC=domain,DC=com 
query_filter = mail=%s 
result_attribute = mail 
bind = yes 
version = 3 
debuglevel = 0 
bind_dn = CN=admin,OU=tech,DC=domain,DC=com
bind parameters are optional, if anonymous access to LDAP is available. 
For description of all parameters, see the Postfix official website.
  1. Check if you can find users by their email addresses:
postmap -q ldap:/etc/postfix/  
If the address exists and the search works, the information about the address will appear on the screen.
  1. Update the configuration of postfix:

If the settings are correct, upon attempts to send a message to the user outside LDAP, you will get the error:

Non existing user:
Feb 26 17:53:50 adagsd postfix/smtpd[10029]: NOQUEUE: reject: RCPT from adagsd.test.local[::1]: 550 5.1.1 <>: Recipient address rejected: User unknown in relay recipient table; from=<root@adagsd.test.local> to=<> proto=ESMTP helo=<adagsd.test.local>

The settings will not function if Trusted Networks is used. For details, please see the Postfix website.

Was this information helpful?
Yes No
Thank you


How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.