LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hi 

Is there a way to use the Active Directory to dynamically create a list of allowed email recipients so that only email addresses found in the Directory will be allowed and Quarantined.

The problem is that spammers try different email addresses all the time and they end up in the Quarantine list and will fill it up with unnecessary items.

Using the Directory ISP can create and maintain a list of allowed recipients and only Quarantine items in that list.

Is this possible?

/Keivan

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
k1 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 01 October 2009 Status: Offline Points: 2	Post Options Post Reply Quote k1 Report Post Thanks(0) Quote Reply Topic: Use LDAP or Active Directory to create WhiteList Posted: 01 October 2009 at 11:09am
	Hi Is there a way to use the Active Directory to dynamically create a list of allowed email recipients so that only email addresses found in the Directory will be allowed and Quarantined. The problem is that spammers try different email addresses all the time and they end up in the Quarantine list and will fill it up with unnecessary items. Using the Directory ISP can create and maintain a list of allowed recipients and only Quarantine items in that list. Is this possible? /Keivan

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 01 October 2009 at 10:09pm
	Keivan, SpamFilter can easily accept emails directed to valid users only. That is done using the "AuthorizedTO" email whitelist. Simply populate that list with all the valid email addresses in your domain(s), and SpamFilter will reject (not even quarantine) emails addressed to users no in that list. Please note that you can have an external application make changes to the file containing that whitelist. SpamFilter will automatically re- import the entries in that file within a minute if they have been updated by another application. You can thus schedule the export the email addresses from Active Directory via any method you prefer onto a text file (the file should contain only a list of email addresses, one per line), and SpamFilter will use that to further filter emails.
	Roberto Franceschetti LogSat Software Spam Filter ISP

k1 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 01 October 2009 Status: Offline Points: 2	Post Options Post Reply Quote k1 Report Post Thanks(0) Quote Reply Posted: 03 October 2009 at 5:42am
	Hi Yes that's correct, but I don't have a third party application that can do that I just thoght that this could be a very handy function in ISP. With many users there isn't a option doning this manually. Threre are constant changes in users and email adresses and these arn't always done by the IT department so we need a automatic way of doing this. As far as I can see you alredy have the nessesary parts to doning this in ISP, you have LDAP, AD communication and the Whitelist. Is there any chance that you could add this feature it would help us alot?! /Keivan

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 03 October 2009 at 10:04am
	Keivan, There may be a simpler script, but this is the one we use ourselves in our own environment (no extra tools required). The email addresses in Active Directory for active accounts will be exported to a text file. Simply edit the first two strDn and the ADBulkExportFile constants to fit your environment, and execute the script via command line as follows: C:\>cscript *ExportEmails.vbs* ===== save this script as "ExportEmails.vbs" ====== 'This constant defines the root DNs for the domain Const strDn = "ou=Users and Groups,dc=logsat,dc=com" 'Set the log files location Const ADBulkExportFile = "EmailAddresses.txt" Const ADS_SCOPE_SUBTREE = 2 Const ADS_CHASE_REFERRALS_ALWAYS = &H60 '------------------ 'Create the File System Object instance for exporting the AD userlist to file Set ADBulkExportObject = CreateObject("Scripting.FileSystemObject") 'Open the ADBulkExport file for writing Set ADBulkExport = ADBulkExportObject.CreateTextFile(ADBulkExportFile) 'Open an ADO Connection to Active Directory Set objConnection = CreateObject("ADODB.Connection") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" 'Open an ADO Command Connection to Active Directory Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection 'Execute the ADO Command to Active Directory and set the objRecordSet Variable to whatever is returned objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS 'NOTE - disabled accounts will have this expression equal to 2, enabled accounts will have it equal to 0: '(2 AND FixNULL(objRecordSet.Fields("userAccountControl").Value)) ' The value mask for the userAccountControl, with the AND 2 operator, will give the enabled/disabled result - value 0=enabled, value 2=disabled '--------START Export Accounts to file --------------- 'Prepare the ADO Command to be sent to Active Directory requesting the information for the previously input Username objCommand.CommandText = "<LDAP://" & strDn & ">;(&(objectCategory=User));mail,userAccountControl;subtree" Set objRecordSet = objCommand.Execute Do Until objRecordSet.EOF if (objRecordSet.Fields("mail").Value <> "") AND (2 AND objRecordSet.Fields("userAccountControl").Value) = 0 then ADBulkExport.WriteLine objRecordSet.Fields("mail").Value end if objRecordSet.MoveNext Loop ADBulkExport.Close
	Roberto Franceschetti LogSat Software Spam Filter ISP

alexxxx1 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 25 May 2007 Location: Germany Status: Offline Points: 9	Post Options Post Reply Quote alexxxx1 Report Post Thanks(0) Quote Reply Posted: 06 May 2010 at 11:40am
	Roberto, I have the requirement to create a authorizedTo List with all e-mail addresses that we using including all e-mail aliases. For that your script does not working because it delivers only the Main e-mail address for an user. I found a script that delivers also the alias. It's a powershell script: Listing: smtpaddresslist.ps1 ################################ Get-Mailbox \| select EmailAddresses \| foreach { $_.EmailAddresses \| foreach { if($_.SmtpAddress){ if($_.IsPrimaryAddress){ "$($_.SmtpAddress)" } else { "$($_.SmtpAddress)" } } } write-output "" } Get-DistributionGroup \| select EmailAddresses \| foreach { $_.EmailAddresses \| foreach { if($_.SmtpAddress){ if($_.IsPrimaryAddress){ "$($_.SmtpAddress)" } else { "$($_.SmtpAddress)" } } } write-output "" } ######################################### You can redirect the output to a textfile in this way: powershell -psconsolefile exshell.psc1 -command "& {c:\smtpaddresslist.ps1 >"'C:\Program Files (x86)\SpamFilter\domains\SFI\WL_AuthorizedTOEmails.txt'"}" But the SpamFilter can't read the Text File. When I copy the content to a new Text File it works. So I think there must be some wrong characters in the file? Thanks, Alex

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 06 May 2010 at 10:12pm
	Alex, If you can email us (support @ logsat dot com) the "broken" text file, we'll take a look to see what is causing it be unreadable.
	Roberto Franceschetti LogSat Software Spam Filter ISP

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 12 May 2010 at 6:11pm
	Mystery solved. The file has a Unicode character set encoded in UTF-16 (2-byte characters). SpamFilter does not read Unicode files - only plain ASCII files (8 byte characters - half the file/RAM size....). If you make sure the file is saved in the ANSI char set everything should be OK.
	Roberto Franceschetti LogSat Software Spam Filter ISP

alexxxx1 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 25 May 2007 Location: Germany Status: Offline Points: 9	Post Options Post Reply Quote alexxxx1 Report Post Thanks(0) Quote Reply Posted: 15 May 2010 at 10:50am
	thanks Roberto, it's working. I changed the script in this way: ################################### Get-Mailbox \| select EmailAddresses \| foreach { $_.EmailAddresses \| foreach { if($_.SmtpAddress){ if($_.IsPrimaryAddress){ "$($_.SmtpAddress)" } else { "$($_.SmtpAddress)" } } } write-host "" } \| out-file -filepath 'C:\Program Files (x86)\SpamFilter\domains\SFI\WL_AuthorizedTOEmails.txt' -encoding ASCII Get-DistributionGroup \| select EmailAddresses \| foreach { $_.EmailAddresses \| foreach { if($_.SmtpAddress){ if($_.IsPrimaryAddress){ "$($_.SmtpAddress)" } else { "$($_.SmtpAddress)" } } } write-host "" } \| out-file -filepath 'C:\Program Files (x86)\SpamFilter\domains\SFI\WL_AuthorizedTOEmails.txt' -append -encoding ASCII Edited by alexxxx1 - 15 May 2010 at 10:51am

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Use LDAP or Active Directory to create WhiteList