Knowledge Base Home

Call Support


Search the Knowledge Base

Skip to end of metadata
Go to start of metadata

Environment

Netmail Secure 5.1

Synopsis

When using LDAP Auth, only Exchange users can receive email.  Distribution groups give a mailbox not found error.

Solution

The optimal way to perform user lookups against Exchange is through LDAP queries, as this populates aliases correctly.  The Exchange LDAP query used by Netmail Secure 5.1 is only setup to pull users by default as some organizations do not want to allow email from the outside world to reach their distribution groups.  If you want to enable distribution groups to receive email from the outside world then follow these steps.
 
 
1) Within the Netmail Administration Console, navigate to the domain in question under Netmail Platform > Secure > Policies > Mail Route. Under Type, change Microsoft Exchange (LDAP) to LDAP (manual) to expose all the values.  Here you can see what values our query is looking for:
 
 
 
2) To verify what values exist in your Exchange Active Directory or Global Catalog, you need to use an LDAP Browser of some sort.  We recommend Softerra LDAP Browser because it's GUI-based and free, but you can use any one: http://www.ldapbrowser.com/download.htm?download=browser
 
 
3) Compare the Netmail Secure query to a user object in Active Directory (or your Global Catalog) with your LDAP Browser.  As you can see in the figure below, everything matches up:
 
  • Netmail Secure is looking for a User Class Name value of "Person", which matches up to an objectClass value of "person" in AD/GC.
  • Netmail Secure is also looking for a Naming Attribute of "proxyAddresses" that have a Naming Prefix value of "SMTP:".
  • If both criteria are met, then the value of the "mail" field is returned to Netmail Secure as the Mail Attribute, which is the email address in this case.
 
 
 
4) If the same comparison is made with a distribution group object however, you can see there is no objectClass value of "person", hence the query fails.  There is a "group" value though, which users objects don't have:
 
 
 
So to allow your distribution groups to receive email from the outside world, change your auth type permanently from Microsoft Exchange (LDAP) to LDAP (manual), and set the value of User Class Name to a value of "person,group" (depending on what you see, of course) and save the changes.

Notes


Help us improve!
Is this article helpful?
Is it well written?
Is the content complete?