Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1014
Views
0
Helpful
1
Replies

SMTP Auth

hs0204
Level 1
Level 1

‎07-13-2021 09:06 AM

1. If SMTP auth, will/can it bypass DMARC?
2. How to check if user is allowed to use SMTP AUTH command using an Active Directory/LDAP group
3. How to use SMTP AUTH Client certificate and require the cert to have a subject name *.abc.com or a specific organization name.

 

#smtpauth

Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎07-21-2021 10:50 PM

Hey hs0204,

 

1. If SMTP auth, will/can it bypass DMARC?

- It's dependent on the mail flow policy configuration - so for your SMTP Auth mail flow policy you configure - you can keep SPF, DKIM and DMARC enabled and it will still do it's check. SMTP Auth just allows an external user to authenticate into your environment to send an outbound email :).


2. How to check if user is allowed to use SMTP AUTH command using an Active Directory/LDAP group

- That would be creating your LDAP profile (assuming it's not there) and if it is enabled; scroll down to enable the smtp-auth query and depending on your attribute checking with LDAP; that will determine who can and cannot. These attributes in the query can be modified to suit your needs. After that is done you need to create an SMTP Authentication profile using LDAP; then enabling this profile into the listener which the users are going to auth on... then you also need to create a new sendergroup + mail flow policy to trigger AUTH (https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118545-technote-esa-00.html)
There is some best practises I would comment on SMTP Auth as well but this is the current guidance for you.


3. How to use SMTP AUTH Client certificate and require the cert to have a subject name *.abc.com or a specific organization name.

I don't recall SMTP Auth with LDAP requiring certificate authentication.

 

Thanks,

Mathew

0 Helpful
Customers Also Viewed These Support Documents