The Missing Manager policy relies on knowing the email addresses of the manager for each individual sender. In addition to the Missing Manager policy and content rule, Manager Relationships allow you to send informs to the sender's manager on other content rules.
The administrator can configure Secure Email Gateway to retrieve the manager information using either a remote file or from LDAP.
Define an update frequency for Manager Relationships
You can specify how often, from 1 to 24 hours, the Manager Relationships information is updated. You can also manually refresh the information; there may be a short delay (1 minute or less) between requesting an update and it starting.
- Navigate to Policy > Policy References > Manager Relationships. The Manager Relationships page is displayed.
- In the panel indicating the current update frequency, click Click here to change these settings.
-
To set an automatic update, select the Update the manager relationship every check box, followed by an interval option, such as 4 hours, from the drop-down menu. If you prefer to update the Manager Relationships manually, leave the check box unselected.
- Click Save.
Update using a remote file
You can specify that the manager relationships will be retrieved from a remote file.
The remote file can either be a single manager information file or a zip file containing single or multiple manager information files. The manager files should use UTF-8 encoding. The manager file names contained within the zip file must only contain ASCII characters.
Secure Email Gateway will validate the manager file contents before utilizing them. The validation will check that each line is split using a colon and that it contains valid email addresses. If the validation fails then the file will be rejected. When duplicate users are detected, the first one found will be used and other duplicates will be ignored.
More than one manager can be specified for a sender by using commas to separate the email addresses of the managers. You can specify a sender with no manager by omitting the address of the manager.
For example:
employee1@company.com:manager1@company.com
employee2@company.com:manager2@company.com,manager3@company.com
employee3@company.com:
You can also use a wildcard character ( * ) to specify a range of senders' email addresses. For example:
*:manager1@company.com,manager2@company.com
This acts as a catch-all entry in the list.
| If the relationships list includes a catch-all entry, the When the sender is not in the relationships list actions in Missing Manager policies will not trigger. |
Specify updating using a remote file
- Navigate to Policy > Policy References > Manager Relationships. The Manager Relationships page is displayed.
- In the Update Method panel, click Click here to change these settings.
- Select Remote file from the drop-down menu.
- Click Save.
Specify the remote file location
- Navigate to Policy > Policy References > Manager Relationships. The Manager Relationships page is displayed.
- In the Remote File Location panel, click Click here to change these settings.
-
Enter the URL from which the manager relationships should be updated. When used, the HTTP or HTTPS URLs need to point to a file name, for example:
http://<testwebsite>/<directory>/<filename.txt>http://<testwebsite>/<directory>/<filename.zip> - Click Save.
Update using LDAP
You can specify that the manager information will be retrieved from an LDAP server. A backup LDAP server can also be supported that will be used if the first one is not available.
Specify updating using LDAP
- Navigate to Policy > Policy References > Manager Relationships. The Manager Relationships page is displayed.
- In the Update Method panel, click Click here to change these settings.
- Select LDAP from the drop-down menu.
- Click Save.
Specify the LDAP server
The LDAP Server panel defines the details of the LDAP server and how to connect to it. To configure the server connection properties:
- In the LDAP Server panel, click Click here to change these settings.
-
Supply the following details for your primary LDAP server and optionally for your secondary LDAP server:
Server Connection Property Description LDAP Server Hostname or IP address of the LDAP server Secure connection Option to use Secure LDAP when connecting your Gateway to the LDAP server. Port Port number on which to connect the LDAP server. See Firewall ports for a list of default ports. User Name Account user name with which the Gateway connects to the LDAP server. Leave blank if anonymous access is required. Password Account password associated with the User name. Leave blank if anonymous access is required. Timeout Connection timeout value in seconds. - Click Save.
Specify the search criteria
The Search Criteria panel defines the criteria used to retrieve the Address List. For more information on the values for these criteria, see Defining LDAP Search Criteria.
- In the Search Criteria panel, click Click here to change these settings.
- In Target DN for sync, supply the Distinguished Name of the base node of the LDAP directory tree containing the email addresses to include in the LDAP Address List. If you have set up the server connection successfully, you can click Browse to open the Select Base DN dialog. This allows you to browse the server's LDAP directory tree to select the required base node. Maximum entries to display specifies the maximum number of nodes Secure Email Gateway shows within any one node when it is displaying the LDAP directory tree in the Select base DN dialog.
- In Scope, select whether to search the target only (the specified base node), recursively search the tree, or search the direct children of the target only.
- In Filter to Apply, define the search filter to determine which nodes to return, using the standard LDAP search filter format. For example, ObjectClass=* obtains all the LDAP nodes using the specified scope.
- In Attributes to Retrieve, supply the LDAP attributes you want to retrieve, for example mail on Secure Email Gateway. The values of the attributes you specify must be user names or email addresses. To specify two or more attributes, separate them with commas.
- In Manager Attribute, supply the attribute to be used, for example, manager.
- If Request Paging is required, select the check box to enable paging requests and indicate the page size to use.
- If Group Expansion is required, select the check box to enable group expansion, and specify a maximum group expansion depth plus a comma-separated list of expansion attributes to use, for example, member,uniquemember.
- Click Save.
|
If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information. If you use Peer Gateways (i.e. when multiple Gateways are peered), any configuration changes from a local Gateway can then be applied to all the peers at the same time. See Peer Gateways for more information. |
Synchronize Now
You can manually refresh the manager relationships.
- Navigate to Policy > Policy References > Manager Relationships. The Manager Relationships page is displayed.
- In the task panel, click Synchronize Now.
Show sender's manager
You can display the email address of the manager for a specific user to verify that the manager files have been imported successfully.
- Navigate to Policy > Policy References > Manager Relationships. The Manager Relationships page is displayed.
- In the task panel, click Show sender's manager.
-
In the Sender's manager dialog, enter a required User Name and click Run Test.
The email address of the sender's manager is displayed. If the sender matches multiple managers, a list of email addresses is displayed.
View relationships data
You can view the current relationships data.
- Navigate to Policy > Policy References > Manager Relationships. The Manager Relationships page is displayed.
- In the task panel, click View relationships data.
- A list of the current relationships is displayed.