I Need To Make A Change With My IT Support! Call (225) 706-8414

SpamTitan’s Recipient Verification is breaking delivery of emails

After a configuration change, a SpamTitan mail filter stops forwarding email for some users but not everyone

Solution

This is likely a problem with the Recipient Verification for the domain.

  1. Log in to the SpamTitan web console and select “Mail Relay” under the “System Setup” tab.
  2. You should see a list of domains that SpamTitan accepts mail for. If the “Verification Type” field is “None”, no recipient verification is being done and the problem lies elsewhere.  Otherwise, click the Edit button next to the affected domain.
  3. There are 4 types of recipient verification:
    • Dynamic Recipient Verification
      This is probably the easiest to set up as you just have to provide the address of your Exchange Edge Transport server and let Exchange do the actually filtering based on the Recipient Filter configuration

      Any issues with this type of verification will have to be resolved on the Exchange server, not in SpamTitan
    • LDAP Recipient Verification
      This is probably the most cumbersome to configure but also the most versatile (i.e. doesn’t require the receiving relay to be Exchange) and requires the least maintenance. You’ll need to specify several items for this to work:

      • LDAP Server
        server to query (a domain controller for Active Directory/Exchange sites)
      • LDAP Port
        TCP port on which to connect. 389 is the default and unencrypted
      • LDAP Search User DN/LDAP Password
        Credentials used to authenticate with the LDAP server: the distinguished name of a service account that has permission to query user objects in the directory and it’s password
      • LDAP Query Filter
        The search filter that will be used when querying the LDAP server; any instance of “%s” will be replaced with the recipient address that is being verified. This should already have a reasonable query string, though you may need to tweak it for non-AD directories.
      • LDAP Result Attribute
        The attribute that should be checked in the search results to verify that the recipient is valid
      • LDAP Search Base
        The root of the directory tree where searches should be done.  Normally this would be the root of the domain but you could base the search at any point in the hierarchy if needed.

      Possible problems with this type of verification:

      • LDAP server is not correct/not responding to queries. You’ll need to verify the LDAP server is working correctly
      • LDAP port is incorrect.  If the server is configured to require SSL, you’ll need to connect on a different port (636 by default).
      • Search User DN is incorrect
      • Search User password is incorrect
      • Query Filter is incorrect

      All of these issues can verified using an LDAP client such as LDP.exe.

    • Specify Allowed
      This is a simple whitelist of valid recipients that must be maintained manually.  For any but the smallest, most static sites, this will quickly become a large burden on the mail admins

      Make sure the affected users are in the list.
    • Specify Regular Expression
      Slightly better than the whitelist above, you can specify multiple regular expressions that, if any matched, would validate the recipient.
      Make sure the affected users’ addresses match at least one of the regular expressions

Concerned About Cyber Attacks?

CLICK HERE >

Want to Migrate to the Cloud?

CLICK HERE >
Office 365

Ready to Experience Microsoft Office 365?

Want the latest IT news directly in your inbox? Subscribe now!