Answer
When the LDAP Directory Harvesting feature is requested to check if an email address belongs to an internal user, it will construct a query filter string using the email address. By default only two LDAP properties are checked the mail and the proxyAddresses properties.
Other properties can contain the email address, and can be queried using LDAP. These can be specified in the registry key under the following location:
- [HKLM\Sofware\gfi\meXX\Config]
- (on 64 bit installations) [HKLM\Sofware\Wow6432Node\gfi\meXX\Config]
- ldapmailobject REG_SZ.
- GFI MailEsentials 2012 will have the format [...GFI\MailEssentials\Config]
- GFI MailEssentials 2014 and 2015
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\EmailSecurity\Config
ldapmailobject - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\Antispam\Config
ldapmailobject
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\EmailSecurity\Config
The format of the key s value is a string of entries separated by semicolons.
- Example: Rfc822Mailbox;otherMailbox=smtp$%s
The entries can be of two types:
- Plain entries which have been supported since the release of GFI MailEssentials version 11. These entries are used as is in the search, therefore the above example, Rfc822Mailbox, when used to search for user@domain.com becomes: Rfc822Mailbox=user@domain.com
- The newer type of entry, which can be recognized by having an = in it, is used as a format string. This new type of entry has been introduced in GFI MailEssentials 11 build 20050526 and allows for more flexible queries. The requirements for this entry to be valid are:
- must contain an =
- must contain only one %s, which will be replaced with the email address..
To continue with the above example using this entry the search string would be: otherMailbox=smtp$user@domain.com