Directories Becoming Important Infrastructure at the Internet Boundary

Directory technology is becoming an important part of the infrastructure, at the Internet boundary.

Sendmail's new email gateway appliance, Sentrion (http://www.sendmail.com/products/mailstream/sentrion/), illustrates. Sentrion is designed to make LDAP calls to a secure messaging directory to help make more intelligent messaging policy decisions, such as:

  • Deciding whether to accept a connection.  For example, if user A does not exist in the directory, reject the connection at the SMTP level before doing any processing/filtering on the message.
  • Helping respond to directory harvest attacks by detecting a certain number of invalid recipient attempts from the same source. Block connections if more than 10 attempts to invalid recipients are attempted from the same IP address, for example.
  • Minimizing the spam filter's false positives by leveraging user-based allow- and blocklists that are stored in the directory.
  • Determining whether spam or virus filtering or policy enforcement should take place for a particular user. For service providers, this decision could be based on whether or not a subscriber had paid for these filters. For enterprises, certain groups may be exempt from scanning or policy enforcement, based on their role in the organization.
  • Intelligent policy enforcement such as deciding which messages should be encrypted. Executive communications to the Board of Directors concerning SEC filings, for example, need to be encrypted, but messages from sales to customers do not, based on these users’ roles within the organization.
  • Rewrite addresses.  For example, being able to map external email aliases to more fine-grained internal aliases. Like sales.rep@company.com to sales.repA@westregion.company.com.

... David Ferris

Post a comment

You must be logged in to post a comment. To comment, first join our community.