Is It Possible to Report to Syslog from the AUTH_REWRITE Mapping Table ?
(Doc ID 2481807.1)
Last updated on FEBRUARY 21, 2019
Applies to:Oracle Communications Messaging Server - Version 8.0.2 and later
Information in this document applies to any platform.
Define a way to report to syslog from the AUTH_REWRITE mapping table.
To implement "AUTH_REWRITE mapping that prevents authenticated users from sending messages from addresses other than the ones listed in their mail, mailAltnerateAddress, or mailEquivalentAddress"
as in https://msg.wikidoc.info/index.php?title=AUTH_REWRITE_mapping_table
To do this in a staged fashion, first report who/what would be blocked.
Reporting this in splunk is possible, but challenging. The problem is that the authentication information is in the record while the From: header info is in the record. Doing a splunk query to tie those together (by the 'pi= ' field) should be possible, but would be challenging.
One option would be to implement the config to do the mail blocking. Alternately, report it to syslog with the '$<' mapping template flag.
However, '$<' is only available in Recipient Access mapping tables and not AUTH_REWRITE.
How can we configure this to block spoofing, but report instead of block ?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document