A user enters his or her
username and passphrase into the web UI login page.
The spam quarantine connects
to the specified LDAP server either to perform an anonymous search or as an
authenticated user with the specified “Server Login” DN and passphrase. For
Active Directory, you will usually need to have the server connect on the
“Global Catalog port” (it is in the 6000s) and you need to create a low
privilege LDAP user that the spam quarantine can bind as in order to execute
the search.
The spam quarantine then
searches for the user using the specified BaseDN and Query String. When a
user’s LDAP record is found, the spam quarantine then extracts the DN for that
record and attempts bind to the directory using the user records’ DN and the
passphrase they entered originally. If this passphrase check succeeds then the
user is properly authenticated, but the spam quarantine still needs to
determine which mailboxes’ contents to show for that user.
Messages are stored in the
spam quarantine using the recipient's envelope address. After a user's
passphrase is validated against LDAP, the spam quarantine then retrieves the
“Primary Email Attribute” from the LDAP record to determine which envelope
address they should show quarantined messages for. The “Primary Email
Attribute” can contain multiple email addresses which are then used to
determine what envelope addresses should be displayed from the quarantine for
the authenticated user.