Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

IMSVA 8.2 doesn’t switch to the backup LDAP server when the primary server is down

    • Updated:
    • 27 May 2013
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 8.2
    • Platform:
    • N/A N/A
Summary
If InterScan Messaging Security Virtual Appliance (IMSVA) 8.2 does not switch to the backup server when the primary LDAP server is unavailable, the will could not receive emails, especially if the “Reject unknown recipients (by checking LDAP)” option is enabled. 
The following is a sample log from the Postfix maillog:
Nov 28 10:58:31 imsva82 postfix/smtpd[29511]: connect from unknown[150.70.190.6]
Nov 28 10:58:50 imsva82 postfix/smtpd[29511]: warning: dict_ldap_connect: Unable to bind to server ldap://lar-dc-dns.lar.com:3268 as LAR\Administrator: -1 (Can't contact LDAP server)
Nov 28 10:58:50 imsva82 postfix/smtpd[29511]: warning: ldap:ldapimsa: table lookup problem
Nov 28 10:58:50 imsva82 postfix/smtpd[29511]: NOQUEUE: reject: RCPT from unknown[150.70.190.6]: 451 4.3.5 <samantha_mojica@larsuporte.com> : Recipient address rejected: Server configuration error; from=<samantha_mojica@trendmicro.com>
to= <samantha_mojica@larsuporte.com > proto=ESMTP helo=<Fallback-MTA>
From sample log shows that IMSVA is still querying the primary LDAP server.
Details
Public
The “Reject unknown recipients (by checking LDAP)” feature queries the configured LDAP server for all mail addresses provided in the RCPT TO command coming from clients outside of the internal network. Once this option is enabled in the IMSVA web console, the changes are made in the Postfix’s main.cf file.
To configure IMSVA so that it switches to the backup LDAP server if the primary server is down, do the following:
  1. Log in to the IMSVA SSH console.
  2. Look for the "detach_key_postfix" key in the [imss_manager] section of the imss.ini file and add the "smtpd_recipient_restrictions" key.
    Example:
    detach_key_postfix=smtpd_recipient_restrictions
  3. Restart imssmgr by running the command "S99MANAGER restart".
  4. Open the /opt/trend/imss/postfix/etc/postfix/main.cf file.
  5. In the ldapimsa_server_host parameter, add the backup LDAP server IP address or FQDN.
    Example:
    ldapimsa_server_host = 10.206.x.x.x:389,10.204.x.x:389
    or
    ldapimsa_server_host = ldap1.domain.com:3268, ldap2.domain.com:3268
  6. Save the changes made in the main.cf file.
  7. Restart the Postfix service by typing the command “Postfix reload”.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1095745
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.