Remote user management and call-out

by Altospam

Automatic recipient directory management

IT managers are often responsible for managing several company directories. It would be nice if he didn’t have to deal with the additional account management of his email protection service. However, knowledge of recipients is a vital piece of information that enables us to anticipate the analysis of an email, obtain better filtering quality, lighten the analysis system and, above all, return correct information to the sender of a message.

The creation or modification of an account on your mail server must be replicated on your outsourced anti-spam and anti-virus service. But not all companies have an LDAP server to automate this task. Even when this is the case, they don’t want it to be accessible from the outside. What’s more, LDAP synchronization requires a special, restrictive configuration. This task must be automated.

ALTOSPAM has integrated a “call-out” system to automatically generate a list of users authorized to receive emails, in line with the company directory. The principle is very simple, based on a simple SMTP request to the remote server. When a sender sends an email to a recipient user@domaine.tld. Originally, this recipient is unknown to our systems, but belongs to a domain protected by ALTOSPAM, otherwise the message would have already been refused for “Relay denied”. While this email is being received, a lightweight SMTP request (HELO, MAIL FROM, RCPT TO) is made to the customer’s server. After the RCPT TO, the client server replies: 200 (user exists) or 500 (user does not exist). Following this return code :

– If the recipient exists, the information is stored for 24 hours and the e-mail is analyzed and processed.
– If the recipient does not exist, the information is kept for 1 hour and the e-mail is refused, indicating that the user is unknown.

As emails arrive for the domain: domaine.tld, a list of valid and invalid recipients is automatically created, so that you can respond instantly the next time.

The SMTP request sent to the customer’s server stops before the DATA, so it’s very small in size (between 50 and 100 bytes) and very quick to be processed by the remote server, generating no overhead. On the other hand, to avoid overloading the remote server, the information is stored for a period of time (1 or 24 hours). In some special cases, as described in the article: Mail server configuration and recipient filtering, the server response will always be 200, so all recipients are considered as existing. The following article allows you to check the remote server’s configuration to see if it performs recipient filtering.

Test Altospam’s solutions!

Thousands of companies, CTOs, CIOs, CISOs and IT managers already trust us to protect their e-mail against phishing, spear phishing, ransomware, …