Recipient Validation and Directory Synchronization Test Cases

Document created by user.oxriBaJeN4 Employee on Sep 18, 2015Last modified by user.oxriBaJeN4 Employee on Mar 27, 2017
Version 3Show Document
  • View in full screen mode

Recipient Validation forms part of Mimecast Security checks, and helps to identify legitimate email recipients for inbound emails. Directory Sync provides a simple means of user authentication and Attribute population in Mimecast, alongside Inbound Checks for LDAP users.

 

The following links provide a collection of test cases for the validation and sync elements of the Mimecast service.  The test cases presented are the minimum tests required in order to validate the core/base functionality of the service and are by no means exhaustive.

 

Mimecast recommends that the test plan is followed in the order presented and that multiple passes of the full test plan are executed in order to verify that the service is functioning as expected. It is equally important that on execution of any remediation activities against failed tests the entire plan is re-run in order to ensure that the changes made have not impacted any other elements of the service functionality.

 

Customers and partners are encouraged to develop additional test cases to suit their specific email environment requirements.

 

Test Numbering Conventions:

  • MANxx = Mandatory Test Case
  • OPTxx = Optional Test Case

You can copy / paste this page to a Microsoft Word 2010 document and above to create your own editable test plan (including Titles and Tables).

Verify Recipient Validation Configuration for Internal Domains

 

Test #: MAN16Executed by:
Date:Overseen by:
Description: Inbound Recipient Validation is set at the Domain Level. It is important that the correct form of recipient validation is set for to match the Email Infrastructure configuration. The default (and recommended) validation mechanism for Inbound Checks is set to Known Recipients, however, customers may opt for one of the alternative supported mechanisms to suit their environment.
ActionResult

Verify the policy settings:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Directories | Internal Directories menu item.
  4. Verify that the Inbound Checks Setting for each SMTP Domain is set to the Recipient Validation mechanism suited to your organization.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Contact Mimecast Support (support@mimecast.com) to change the Recipient Validation method as and where required.

 

Directory Synchronization Configuration

 

LDAP Connector Configuration

 

Test #: MAN17Executed by:
Date:Overseen by:

Description: Mimecast uses LDAP/S connectivity to a directory server in the customer’s environment for automated Directory Synchronization. It is highly recommended that customers with Active Directory or Domino Directories implement LDAP connectors to automate the synchronization process.

Customers who will not deploy Directory Synchronization should expect this test (and all subsequent related tests) to fail.

ActionResult

Verify the Policy settings:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Services | Directory Synchronization menu item.
  4. Verify that a connector has been created with the following:
    1. Description = Meaningful text
    2. Server Type = Your Directory Server Type
    3. Hostname / IP Address = Primary LDAP IP/Hostname
    4. Alternate Host = Alternate LDAP IP/Hostname
    5. Encrypt Connection = Enabled for LDAPS / Disabled for LDAP
    6. Connection Port = 636 (LDAPS) / 389 (LDAP)
    7. User Distinguished Name = user account with LDAP Read Access
    8. Password = Password for LDAP Sync Account
    9. Root Distinguished Name = LDAP Root DN for object enumeration
    10. Acknowledge Disabled Accounts in Active Directory = Enabled.
  • PASS (Expected)
  • FAIL
Repeat the process for each independent Directory / Forest Mimecast needs to integrate with.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Create the requisite LDAP Connector/s.

 

LDAP Integration Enabled on Account

 

Test #: MAN18Executed by:
Date:Overseen by:

Description: Once a Directory Connector has been configured, the Mimecast Account LDAP Integration needs to be configured to the default directory connector for synchronization and authentication to be enabled.

Customers who will not deploy Directory Synchronization should expect this test (and all subsequent related tests) to fail.

ActionResult

Verify the settings:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Account | Account Settings menu item.
  4. Expand the Directory Options.
  5. Verify that the correct (default) LDAP Connector is selected from the drop down menu
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Select the appropriate LDAP Connector and click the Save button.

 

 

Test #: OPT03Executed by:
Date:Overseen by:

Description: It is common practice incorporate email platforms for a single user, mailbox or group to have multiple email addresses (aliases) associated. In order to ensure that email is correctly delivered to the correct destination and that the appropriate policies are applied it is important that the Aliases for that user are linked to their Primary Email Address.

Customers who will not deploy Directory Synchronization should expect this test (and all subsequent related tests) to fail.

ActionResult

Confirm Account Settings:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Account | Account Settings menu item.
  4. Verify that the Automatically Link Aliases option is selected
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Check the box next to Automatically Link Aliases.
  • Save the configuration.
  • Force a Directory Synchronization or wait for the Automated Synchronization to occur.

 

LDAP Attribute Sync Configuration

 

Test #: OPT04Executed by:
Date:Overseen by:

Description: Active Directory Attributes may be synchronized to Mimecast for use in Policy and Stationery Application. Customers should configure (map) the LDAP Attributes they would like to synchronize to the Mimecast service.

Customers who will not deploy Directory Synchronization or use a spreadsheet import should expect this test (and all subsequent related tests) to fail.

ActionResult
  1. Identify the LDAP Attributes that need to be synchronized/used in Stationery signatures.
  2. Verify that there is an attribute mapping for each LDAP Attribute that needs to be synchronized:
    1. Log in to the Administration Console.
    2. Click on the Administration menu item.
    3. Click on the Directories | Attributes menu item.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Add the necessary Attribute

 

Verify Directory Synchronization

 

Verify LDAP Connector

 

Test #: MAN19Executed by:
Date:|Overseen by:

Description: Mimecast uses LDAP/S connectivity to a directory server in the customer’s environment for automated Directory Synchronization. In order for the LDAP Connector to function as expected it is important to verify the ability to connect to the LDAP server and authenticate.

Customers who will not deploy Directory Synchronization should expect this test (and all subsequent related tests) to fail.

ActionResult

Test the LDAP/S connection:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item
  3. Click on the Services | Directory Synchronization menu item.
  4. Click on the Directory Connector you wish to Test.
  5. Click Test Connection.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Check your Firewall Rules (NAT, ACL, Filters, Protocol Inspection, etc.).
  • Check the Listening Ports on the Server, Firewall and Connector configuration.
  • Check the encryption settings (“Strict – Trust Enforced” requires Public SSL Certificate).
  • Check the user account / password combination.
  • Check the Root Distinguished Name.
  • Ensure that connections are accepted from Mimecast Datacentre IPs.

 

Verify LDAP Integration – Automated Synchronization

 

Test #: MAN20Executed by:
Date:Overseen by:

Description: Mimecast will synchronize Directory Information for customers three times daily in order to ensure that the information retained in the Mimecast Directory is as up to date as possible. It is important to validate that this automated Sync Schedule is occurring.

Customers who will not deploy Directory Synchronization should expect this test (and all subsequent related tests) to fail.

ActionResult
  1. Ensure that the Directory Connector is functional (MAN19)
  2. Ensure that the Account is LDAP Integrated (MAN18)
  3. Verify that the object created in the Directory has been added to your Mimecast Account, in either Internal Directory or Groups:
    1. Modify / Create a New User or Group Object in your Directory
    2. Allow up to eight hours for synchronization to occur
    3. Log in to the Administration Console.
    4. Click on the Administration menu item.
    5. Either:
      1. For users, click on the Directories | Internal Directories menu item and select the domain of the new object.
      2. For groups, click on the Directories | Directory Groups menu item.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Verify that your LDAP Connector is working (MAN19).
  • Verify that you have set your Account to LDAP Integrated (MAN18).

 

Verify LDAP Integration – Directory Authentication

 

Test #: MAN21Executed by:
Date:Overseen by:

Description: Administrators and Users may authenticate with the Mimecast Service using their LDAP Directory Credentials when Directory Sync has been configured.

Customers who will not deploy Directory Synchronization should expect this test (and all subsequent related tests) to fail.

ActionResult

Log in to the Administration Console.

  1. Log in to the Administration Console.
  2. Authenticate using your domain Email Address and LDAP Directory Password.
  • PASS (Expected)
  • FAIL

Log in to Mimecast Personal Portal.

  1. Log in to the Mimecast Personal Portal.
  2. Authenticate using your Email Address as Username and LDAP Directory Password.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Ensure that you LDAP Connection is configured correctly and is functional.
  • Ensure that your LDAP Server supports Authentication.

 

Verify Automatic Linking of Aliases

 

Test #: OPT05Executed by:
Date:Overseen  by:

Description: It is common practice in corporate email platforms for a single user, mailbox or group to have multiple email addresses (aliases) associated. In order to ensure that email is correctly delivered to the correct destination and that the appropriate policies are applied it is important that the Aliases for that user are linked to their Primary Email Address

Customers who will not deploy Directory Sync should expect this test (and all subsequent related tests) to fail.

ActionResult

Find a known Alias and check to see that it has been linked to the Primary Email Address of the User:

  1. Log in to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Directories | Internal Directories menu item.
  4. Select the appropriate domain, then the user address.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Check that Automatically Link Aliases is enabled on the account.
  • Check that directory synchronization is configured and working.

 

Verify LDAP Attribute Synchronization

 

Test #: OPT06Executed by:
Date:Overseen by:

Description: Active Directory Attributes may be synchronized to Mimecast for use in Policy and Stationery signatures. Customers should configure (map) the LDAP Attributes they would like to synchronize to the Mimecast service. Mapped Attributed will be visible in the User / Group Object in the Administration Console once synchronized.

Customers who will not deploy Directory Synchronization should expect this test (and all subsequent related tests) to fail.

ActionResult

Verify that the Mapped Attribute is present and the value presented matches the one configured in your directory:

  1. Log n to the Administration Console.
  2. Click on the Administration menu item.
  3. Click on the Directories | Internal Directories menu item.
  4. Click on one of your internal domains, then open the user address.
  5. Review the attributes.
  • PASS (Expected)
  • FAIL

Corrective Action for FAIL Results:

  • Check the attribute mapping in your account.
  • Check that Directory Synchronization has occurred since mapping the attribute.
  • Check that the user object has the attribute populated in your directory.
  • Ensure that directory replication has completed successfully.
  • Run a manual synchronization of the LDAP Connector.

Attachments

    Outcomes