How to configure SMTP verification using LDAP in Kaspersky Secure Mail Gateway
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.
Accept and close

 

 

Kaspersky Secure Mail Gateway

 
 
 

How to configure SMTP verification using LDAP in Kaspersky Secure Mail Gateway

Back to "Settings"
2019 Jan 18 ID: 12300
 
 
 
 

The guide is applicable for cases when several LDAP servers are used. If the servers have different search_base or accounts, create a configuration file for each server. Add the created files to the relay_recipient_maps options. When integrating with one of the servers through the LDAPS protocol, add version=3 to the configuration file for that server to avoid the warning which postmap generates because of the default protocol value.

 
 
 
 

To enable SMTP verification using LDAP:

  1. Open the console of the Kaspersky Secure Mail Gateway virtual machine or connect to it via SSH.
  2. Go to Technical Support Mode.
  3. Copy the file /opt/kaspersky/klms-appliance/share/postfix/main.cf.template
  4. In the original file, find  relay_recipient_maps
  5. Delete the following lines:
{% if rejectRecipient == "unlisted" -%}
{%- endif %}
  1. Add the following line below:
relay_recipient_maps = ldap:$config_directory/ldap_relay_recipients.cf
  1. Make sure the file includes the following parameters:
smtpd_recipient_restrictions = reject_unlisted_recipient,  reject_non_fqdn_recipient,  reject_unknown_recipient_domain,  permit_mynetworks,  reject_unauth_destination,  reject_unverified_recipient
smtpd_reject_unlisted_recipient = yes
  1. Save the file.
Changing of the settings related to reject_unlisted_recipient will become unavailable after you save the file main.cf.template.
  1. Open the file /etc/postfix/ldap_relay_recipients.cf
  2. Fill it in according to the example:
SSL is supported. In this case, the link must start with ldaps:// 
server_host = ldap://10.69.119.237
server_port = 389
search_base = dc=site
query_filter = mail=%s
result_attribute = mail
bind = yes
bind_dn = cn=admin,dc=site
bind_pw = <your password here>
bind parameters are optional, if anonymous access to LDAP is available. 
For description of all parameters, see the Postfix official website.
  1. Save the file and run the command:
postmap /etc/postfix/ldap_relay_recipients.cf
  1. Check if you can find users by their email addresses:
postmap -q test10@test.mail.com ldap:/etc/postfix/ldap_relay_recipients.cf  
If the address exists and the search works, the information about the address will appear on the screen.
  1. Update the configuration of postfix:
/opt/kaspersky/klms-appliance/bin/update_postfix_config.sh

If the settings are correct, upon attempts to send a message to the user outside LDAP, you will get the error:

Non existing user:
Feb 26 17:53:50 adagsd postfix/smtpd[10029]: NOQUEUE: reject: RCPT from adagsd.test.local[::1]: 550 5.1.1 <test111111@test.mail.com>: Recipient address rejected: User unknown in relay recipient table; from=<root@adagsd.test.local> to=<test111111@test.mail.com> proto=ESMTP helo=<adagsd.test.local>
 
 
 
 

The settings will not function if Trusted Networks is used. For details, please see the Postfix website.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 
 
 

 
 

Feedback on Technical Support Site

Please let us know what you think about the site design, improvements we could add and any errors we need to eliminate

Send My Website Feedback Send My Website Feedback

Thank you!

Thank you for submitting your feedback.
We will review your feedback shortly.

 

How can we improve this article?

We will not be able to contact you if you leave your email address or phone number. To contact technical support, please sign in to your Personal Account.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK