>I have been having an issue with partial email matches passing LDAP > verification. For example, if an valid entry is > "[EMAIL PROTECTED]", then a spammer using the address > "[EMAIL PROTECTED]" will be able to pass the LDAP check. > > <snip>an LDAP directory can't search for an exact match, and that if you > perform a search like the example above it will always return a match. > > Can anyone offer any advice or suggestions on this?
I did a test using jsmith@<mydomain>.com and sent an email to smith@<mydomain>.com and got invalid recipient as ASSP did not get a positive LDAP lookup against our Active Directory LDAP service even though jsmith is in the LDAP. I do not have any users with first.last naming convention that I can test. If you send an email from an outside address to [EMAIL PROTECTED] (minus the first "r") does it pass LDAP lookup? Doug ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
