how to get barracuda spam firewall 300 to talk to LDAP on exchange 2007 server???

we just installed a new barracuda spam firewall 300 and everything is working fine except when i go to configure the LDAP settings on the barracuda the test LDAP keeps failing.  i know when i telnet to the mail server on port 389 i get nothing so that tells me that barracuda cannot talk to LDAP on my mail server.  how do i fix this??
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

ziggykConnect With a Mentor Commented:
Pointing your Barracuda at your DC won't do anything.  The LDAP query will only look at the directory but not actually write anything to it.  I created a user called ldap and use it for my barracuda.  That account only needs to be part of the domain user's group and nothing more.

Check your LDAP settings to to make sure:
LDAP Server:
LDAP Port: 389
Exchange Accelerator: YES
Unify Email Address: YES
Require SSL: NO
Bind DN:
Bind Passwod: LDAP's PASSWORD
LDAP Filter: (|(proxyaddresses=smtp$${recipient_email})(proxyaddresses=smtp:${recipient_email}))
--the filter can be changed but this one looks at all of the user's e-mail addresses for verifcation
LDAP Search Base: ${defaultNamingContext}
LDAP UID: sAMAccountName
LDAP Primary Email Attribute: MAIL
Did you set up an account in Active Directory for the barracuda to use?

Is your barracuda internal to your domain or external?

Is your Exchange server also a domain controller?  If not, you need to tell the barracuda to use the DC not the Exchange server.

Could you post the message that the barracuda returns when you click the Test LDAP button?  It should pop up with a "LDAP Test Unsuccessful (details below)" box.

FYI, when you telnet into port 389 it should return nothing.  So, your barracuda could be talking to the LDAP.
amoosAuthor Commented:
the barracuda is internal to our network.  it is behind a firewall.  my exchange server is not a domain controller just a mail server.

below is the message that i get from the test LDAP in the barracuda

could not set open file limit to 8192: Operation not permitted
lookup order: fb
listening on localhost/56656
answering client connection request from
received from GET
email address: not found in cache
LDAP test succeeded
requesting LDAP connection to for
binding with '(null)' / '(null)'
failed to bind to LDAP directory Can't contact LDAP server
resetting LDAP connection to
reaping LDAP connection to
delisting LDAP connection to
LDAP connect failed on user Connection failed
telling FAILED
received from QUIT
hanging up on client
exiting on SIGTERM

if i point the Barracuda towards my DC for the LDAP settings will that hurt anything with the mail??
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

amoosAuthor Commented:
ok i did those changes and it works, but we are also using anti-spam on he exchange 2007 server for extra filtering and when i send an email to an account it gets caught as spam.

why is this??

it was not like that before
That's a whole different question to be honest with you.

I would think that it has to do with the barracuda possibly changing the e-mail slightly and the Exchange server picks it up as SPAM.

I personally would turn off Exchange's SPAM and just use the barracuda.  I get about one SPAM a month just using my barracuda.

I have my settings set at:
Tag Score: 10
Quar. Score: 4
Block Score: 7
amoosAuthor Commented:
great thank you
We have a Barracuda 400 and are looking at setting this up.   My question is, WHY?
Can someone tell me the advantages and disadvantages of setting up the LDAP config?
Does it speed things up?  or What?
There has to be some disadvantages too.

- Ensures that a user/group exists before even processing the e-mail for SPAM
- Saves processing time on Barracuda because it doesn't have to process every message

- If your Barracuda and LDAP server are in the same location, you won't have any disadvantages.  Even if they aren't in the same location the LDAP queries do not take up much bandwidth.
Thanks for the response !!
Sounds like we should move ahead with this.  Your advantages match what I have read.
One more question on this.........

Is it built into the Barracuda somehow that if the LDAP query is broken for whatever reason, the server is down or network connection is down between the barracuda and the LDAP server, what happens?
Does all mail get rejected with NDR's ?  Or is all mail passed on and scrutinized the current way without LDAP ?
I hope I am making sense.
It will just process the messages regularly if it cannot query the LDAP server
Actually I think it depends on your Unify settings.  I checked with Barracuda.
ldap account to use must be in Users OU
Miro, not necessarily.  However, it is very important that you use the users email address ( for the username as demonstrated by ziggyk in his post.
All Courses

From novice to tech pro — start learning today.