IronPort - advanced configuration guide

Chapter 3 LDAP Queries
Example: Using a Group Query to Skip Spam and Virus Checking
OL-25137-01
Because message filters occurs early in the pipeline, you can use a group query to skip virus and spam
checking for specified groups. For example, you want your IT group to receive all messages and to skip
spam and virus checking. In your LDAP record, you create a group entry that uses the DN as the group
name. The group name consists of the following DN entry:
cn=IT, ou=groups, o=sample.com
You create an LDAP server profile with the following group query:
(&(memberOf={g})(proxyAddresses=smtp:{a}))
You then enable this query on a listener so that when a message is received by the listener, the group
query is triggered.
To skip virus and spam filtering for members of the IT group, you create the following message filter to
check incoming messages against LDAP groups.
[]> - NEW - Create a new filter.
- IMPORT - Import a filter script from a file.
[]> new
Enter filter script. Enter '.' on its own line to end.
IT_Group_Filter:
if (rcpt-to-group == "cn=IT, ou=groups, o=sample.com"){
skip-spamcheck();
skip-viruscheck();
deliver();
}
.
1 filters added.
Note The rcpt-to-group in this message filter reflects the DN entered as the group name: cn=IT, ou=groups,
o=sample.com. Verify that you use the correct group name in the message filter to ensure that your filter
matches the name in your LDAP directory.
Messages accepted by the listener trigger a query to the LDAP server to determine group membership.
If the message recipient is a member of the IT group, the message filter skips both virus and spam
checking and delivers the message to the recipient. To enable the filter to check the results of the LDAP
query, you must create the LDAP query on the LDAP server and enable the LDAP query on a listener.
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
3-25