Sync AMS LDAP with W2K3 AD

[nicholasn2]

I'm looking to synchronize (automatically)the email addresses in AMS with the email field in Windows 2003 Active Directory Contacts.
Any suggestions on how to accomplish this?
Thanks.

PS: Our 3rd party antispam software works great in lookups of LDAP in windows AD but doesn't see anything in the AMS LDAP.

[rob]

Presently AMS doesn't have any built in support for Active Directory and so there is no simple way to achieve this. The only way I see this being able to work is by using a script or custom application that basically accessed AD and then updated the ODBC database that AMS accesses, or directly edited the INI. This however is not generally an option for the majority due to the requirement of some scripting/programming knowledge. To the LDAP problem, I would recommend ensuring that you have compiled your LDAP database (this is an option in the LDAP service settings). If the problem continues, then it may be worth editing the Anti-SPAM products LDAP setting and making sure that the fields its using to query email addresses matches our fields (mail = email address, uid = text before the @, dc = the domain name sections).

[nicholasn2]

Thanks Rob,
for LDAP configuration (3rd party software) what will be the "search base?" eg. dc=company ? or Group Object?

[rob]

Generally this field can be left blank as no search base is required for our databases. However, inserting something such as...

dc=yourdomainname (eg "dc=code-crafters" for us, without the the .com part)

...can help.

[nicholasn2]

1. Is there any program that can successfully use the AMS LDAP?
2. Any way to automatically disable sending failure messages for email addresses that don't exist?

Here's my challenge:
The MX records of all domains point to our 3rd party antispam which works great. It relays 'clean" messages to AMS. AMS Does not accept any internet-originated emails from any other server except this one. The 3rd party antispam software also does not accept emails to addresses that do not exist (+ does directory harvest protection) it knows about which email addresses are valid by doing a lookup into an Active Directory Server into which we manually import the email addresses from AMS.
The problem is that every time we add/remove a new user in AMS, we need to go to the AD server to add that addresses so the antispam software can see it and allow it through.
We are willing to disable that valid address lookup in the antispam server and allow it to receive emails for any address in the protected domains. However, we have another problem now. All these thousands of emails to non-existing users go to AMS and AMS replies back to the sender (usually fake) telling them the user doesn't exist.

Ideally it will be perfect if AMS can have a real usable LDAP feature OR if at least allow a setting to stop sending failure messages for emails to users that don't exist. Content filtering does not apply because these failure messages are generated at the SMTP level prior to being passed to content filtering.

Are any of the issues going to be addressed in upcoming AMS versions?
Thank you!

Sorry for the long message

[rob]

Generally the LDAP database is used by mail clients for quick access to address book contacts. However, our LDAP database is very minimal and we do hope to utlize Open LDAP in the future (there is no date for this unfortunatly it may not be soon).

As to your failure notices, if the mail server is configured to not be open, then the failure notices will likely be generated by the SPAM filter system (AMS will simply refuse at the SMTP, and the SPAM system if following the SMTP protocol will generate the notification and deliver to the sender). However, if the mail server is open and any address is accepted, then indeed the mail server will be generating these mails. This option is controlled by the domain setting "Do Not Try to Relay Mails Addressed to Non-Existent Users". Unforunatly the solution is not to disable that option as it would result in the mails to non-existant users flowing back to your SPAM filter and looping several times. The best method would be to lock down the SMTP and only allow relaying when a connection authenitcates (SMTP Authentication). Then hopefully the SPAM system you use trying to deliver mail will have an option to not act upon receiving any failure messages from AMS.

[nicholasn2]

Thanks for your reply Rob.
Your comments of how to turn off the failure messages to non-existing users actually made me think of something else.
The setting not to relay to non-existing users is enabled in the domain options.
AMS is indeed not open and users have to authenticate to send and receive emails. The only exception to the rule is the 1 IP address from the 3rd party antispam server that relays to AMS. Since the email is coming from the "relayed allowed IP" looks like the setting not-to-relay to non-existing users doesn't kick in.

Nevertheless, here's how I got this done for now.
I created a catch-all account for each one of the domains. Any emails to non-existing users go to this account called spamuser.
In the spamuser settings I created a filter that moves all email into the deleted folder. Then I setup to auto-delete every day.

So let's see how this works out in the next few days..all emails to non-existing users that can bypass the 3rd party antispam server will go to AMS->spamuser inbox->spamuser deleted folder->auto delete every day. No failure-message will be generated.

Thanks again for all your comments.

[rob]

Good idea, using a catchall to consume all these emails is indeed a excellent way to prevent bounces to non existant users.