Home
IBM® Domino 10.0.1 Documentation
Welcome to the IBM® Domino 10.0.1 Administrator Help.
Configuring
Use this information to configure an IBM® Domino® network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters. Also use this information to set up IBM iNotes® on a server using Domino Off-Line Services (DOLS).
Configuring messaging
This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
Customizing mail
After you set up basic mail routing, you can customize the IBM® Domino® messaging system to improve performance and meet the specific needs of your organization.
Customizing SMTP Routing
If you enabled SMTP routing, you can customize it by stopping and starting the SMTP service, changing the inbound and outbound SMTP port settings, restricting inbound SMTP routing, restricting outbound SMTP routing, and specifying inbound and outbound MIME settings.
Restricting SMTP inbound routing
You can set up your Domino® system to control, verify, and restrict inbound mail. Restricting inbound mail routing prevents Domino from accepting unwanted commercial e-mail (UCE) sent to your users and consequently reduces the load on your system.
Preventing unauthorized SMTP hosts from using Domino® as a relay
To protect SMTP servers from unauthorized relaying, Domino® provides inbound relay controls used to define the hosts to which and from which a server can relay messages. The Domino SMTP listener denies requests to relay messages to or from unauthorized hosts

IBM® Domino 10.0.1 Documentation
Welcome to the IBM® Domino 10.0.1 Administrator Help.
- What's new in IBM® Domino® 10?
  Learn about all of the new features for administrators in IBM® Domino® 10.
- Overview
  Welcome to IBM® Domino® Administrator Help.
- Installing
  Use this documentation to install the IBM® Domino® server and subsequently deploy the IBM Notes® client.
- Planning
  Use this topic as an overview of planning task.
- Configuring
  Use this information to configure an IBM® Domino® network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters. Also use this information to set up IBM iNotes® on a server using Domino Off-Line Services (DOLS).
  - Configuring a network
    This section presents the planning concepts and setup procedures necessary for a successful IBM® Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
  - Configuring users and servers
    Topics in this section describe how to set up users and servers.
  - Editing the NOTES.INI file
    You should rarely, if ever, need to modify a server's or client's NOTES.INI file. The NOTES.INI file contains many settings that Domino® and Notes® rely on to work properly. An accidental or incorrect change may cause Domino or Notes to run unpredictably. Therefore, you should edit the NOTES.INI file only if special circumstances occur or if IBM® Support Services recommends that you do so.
  - Configuring directory services
    This section describes how to plan, set up, and use IBM® Domino® directory services.
  - Configuring messaging
    This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
    - The Domino® mail router
      The Domino® mail router (the Router) is a special server task responsible for the delivery and transfer of the messages in MAIL.BOX. Delivery refers to moving messages from MAIL.BOX into a local mail file or database; while transfer refers to sending messages from MAIL.BOX across the network to another server.
    - The POP3 service
      POP3 (Post Office Protocol Version 3) is an Internet mail protocol that allows a user running a POP3 client -- for example, the Notes® POP3 client, Eudora Pro, or Microsoft™ Outlook Express® -- to retrieve mail from a server that runs the POP3 service. You can set up a Domino® server to run the POP3 service. The Domino server receives and stores mail for POP3 users, who can then connect to the server to retrieve their mail.
    - The IMAP service
      The Domino® server supports the Internet Mail Access Protocol (IMAP4rev1), defined in RFC 2060, for reading mail. The Domino IMAP service lets users with IMAP mail clients access mail files on a Domino server. The IMAP service differs from the POP3 service in that users are not required to download messages to a local computer to read and manipulate them. Users can work with messages over the network, while the messages remain on the server.
    - Customizing mail
      After you set up basic mail routing, you can customize the IBM® Domino® messaging system to improve performance and meet the specific needs of your organization.
      - Controlling messaging
        After you set up basic mail routing, use IBM® Domino® administrative controls to customize the messaging system to your environment. Using the Domino Administrator and other tools you can change settings that affect routing performance, protect the system from unauthorized use, schedule message transfer, and ensure efficient use of network bandwidth and storage space.
      - Controlling message delivery
        Message delivery occurs when the Router deposits a message in the recipient's mail file. You can control how the Router behaves when delivering messages to mail files on the IBM® Domino® server.
      - Specifying a reverse-path setting for forwarded messages
        You can specify how the router handles messages that are forwarded by a user mail rule send copy to action. By default, delivery status reports (DSNs) are requested not to be sent to the email account that forwards the message by setting a null reverse-path. This can cause some spam filters to reject the message.
      - Setting server mail rules
        You can create content filtering rules for that define actions to take on certain messages. When a new message that meets a specified condition is deposited in MAIL.BOX, Domino® automatically performs the designated action. Possible actions include journaling a message, moving it to a database, refusing to accept or deliver a message, changing the routing state of a message, or stopping the processing of subsequent rules. Rule conditions are based on content in the message headers or in the message body.
      - Enabling scheduled messages
        IBM Domino® 10 mail servers support the scheduled delivery of mail messages. For example, a user can compose a message on a weekend and schedule it to be sent during the work week.
      - Setting up message recall
        Message recall provides Notes® client users with the ability to recall mail messages after they are sent. This feature is useful when a Notes client user has accidentally clicked Send and then needs to retract the message in order to complete or modify the message content.
      - Customizing message transfer
        You have many options when controlling the transfer of messages between servers in your IBM® Domino® system.
      - Customizing Notes® routing
        To customize IBM® Notes® routing in your organization, you can xchedule routing for optimal efficiency, change the routing cost of connections between IBM Domino® servers, and restrict mail routing based on Domino domains, organizations, and organizational units.
      - Customizing SMTP Routing
        If you enabled SMTP routing, you can customize it by stopping and starting the SMTP service, changing the inbound and outbound SMTP port settings, restricting inbound SMTP routing, restricting outbound SMTP routing, and specifying inbound and outbound MIME settings.
        Stopping and starting the Domino® SMTP service
        The Domino® SMTP service, or SMTP Server task, runs the SMTP listener, which checks for incoming SMTP connections and messages. SMTP messages can originate from any Internet host or another Domino Server in your domain. For Domino to receive inbound SMTP mail, the SMTP listener must be running on the server.
        Changing SMTP port settings
        You can modify inbound and outbound SMTP port settings.
        Restricting SMTP inbound routing
        You can set up your Domino® system to control, verify, and restrict inbound mail. Restricting inbound mail routing prevents Domino from accepting unwanted commercial e-mail (UCE) sent to your users and consequently reduces the load on your system.
        Restricting inbound SMTP connections
        To prevent your mail system from accepting unwanted mail, Domino® provides a set of controls that let you restrict incoming SMTP connections. The Inbound Connection controls let you specify whether Domino checks the names of connecting hosts in DNS or, if by host name or IP address, the remote hosts from which the server allows and denies connections.
        How Domino® uses reverse DNS lookups to control inbound SMTP sessions
        Domino® inbound relay controls, DNS blacklist filters, and inbound connection controls allow or deny mail based on where messages originate. For these controls to work, Domino must be able to identify the connecting host's IP address, host name, and Internet domain.
        Preventing unauthorized SMTP hosts from using Domino® as a relay
        To protect SMTP servers from unauthorized relaying, Domino® provides inbound relay controls used to define the hosts to which and from which a server can relay messages. The Domino SMTP listener denies requests to relay messages to or from unauthorized hosts
        Understanding open relays
        An SMTP server that indiscriminately accepts mail from outside the local Internet domain and attempts to dispatch it to another external destination is known variously as a spam relay, third-party relay, or open relay host (open relay, for short). Leaving a mail server open to use by anonymous third parties is generally considered irresponsible, largely because open relays are often the target of Internet mass-mailers who use them to distribute unsolicited commercial email (UCE), commonly referred to as electronic junk mail or spam. Spam vendors use open relays as waypoints between themselves and their target recipients, allowing them to distribute vast quantities of mail anonymously.
        Setting inbound relay controls
        To block relays to a specific domain or from a specific host, set restrictions in the inbound relay controls on the Router/SMTP > Restrictions and Controls > SMTP Inbound Controls tab of the Configuration Settings document.
        Specifying enforcement of inbound relay controls
        When you create a Configuration Settings document for a server, by default, the SMTP inbound relay controls, or anti-relay settings, apply to all external hosts only, that is, to hosts that are not located in the local Internet domain. After you set inbound relay controls, you can customize how Domino® applies them by selecting inbound relay enforcement options.
        How inbound anti-relay settings control message transfer to external Internet domains
        The following description shows the checks that are made before a message is transferred to an external Internet domain.
        Enabling DNS blacklist filters for SMTP connections
        To prevent unsolicited commercial e-mail (UCE), or spam, from entering your system, you can set up Domino® to check whether incoming SMTP connections originate from servers listed in one or more DNS blacklists (DNSBLs). DNSBLs are databases that keep a record of Internet SMTP hosts that are known sources of spam or permit third-party, open relaying.
        Working with DNS whitelists for SMTP connections
        Use DNS whitelist filters as a means to help identify legitimate email. When DNS whitelist filters are enabled, the SMTP listener task determines whether a connecting host is a member of a DNS whitelist by relying on the results of a DNS query of a DNS blacklist-style host name. If the query returns an IP address, the host is added to the whitelist and the remaining DNS whitelists are not searched. If the host is not found in the DNS whitelist , processing continues with DNS blacklist filters. If the query returns an error indicating that the host name is not valid, the host is not added to the whitelist and may be subject to blacklist filtering if that is enabled.
        Working with private blacklists for SMTP connections
        Use private blacklists to specify hosts and/or domains responsible for sending unnecessary, unwanted mail to your Internet domain. For consistency, Domino® private blacklists follow the model currently used by existing anit-spam functionality. Private blacklists are stored in the Domino Directory to simplify the process of maintaining and distributing blacklist information between servers.
        Working with private whitelists for SMTP connections
        Use Domino® private whitelist filters to specify exceptions to blacklist filters. Prior to the introduction of private whitelist filters, to exclude a host from blacklist filter processing, you had to either define the client's mail server as a relay exception -- which creates a security risk, or disable the DNS blacklists filters. Now you can use private whitelist filters to specify the hosts and/or domains to exclude from blacklist processing. Hosts that are specified in private whitelists are exempt from blacklist checks. Whitelisted hosts bypass blacklist filter checks but there are other controls which may prevent the message from being accepted. Members of the private whitelist are still subjected to connection, relay, sender, and recipient controls.
        Restricting who can send Internet mail to your users
        Unsolicited commercial e-mail (UCE) can flood your server with numerous copies of the same message. Accepting UCE reduces performance and consumes system resources. You can specify restrictions to prevent UCE from being routed to or relayed through your server. Specifying restrictions prevents malicious users from using your system to spoof addresses or send UCE.
        Restricting users from receiving Internet mail
        Domino® provides SMTP intended recipient filters that let you control the users for whom the server accepts mail sent over SMTP connections. One filter triggers a directory lookup that enables the server to verify that an intended recipient exists before accepting a message. The other two filters let you explicitly specify the Internet addresses that can and cannot receive mail. To ensure that you don't unintentionally block desirable mail, use discretion when applying these settings.
        Defining the maximum error limit before a connection terminates
        You can specify the number of protocol errors that can be returned for a session before the session connection is terminated. When the number of errors returned for a session exceeds the specified value, the session is terminated. For example, blacklist rejections and RCPT To rejections are protocol errors.
        Resolving directory lookups containing ambiguous or group names
        You can specify whether to reject ambiguous names that are returned during directory lookups. If directory lookups are successful and multiple matches are returned for the user name, you can specify whether or not to reject the ambiguous names. When ambiguous names are rejected, mail is not sent to the email addresses for the ambiguous user names.
        Supporting inbound SMTP extensions
        Domino® supports a number of extended SMTP (ESMTP) functions. These include the ability to combine (or pipeline) commands, set the server to check message size before accepting transfer, create a secure SSL connection with another server, and create delivery status notifications in MIME format. You enable or disable each of these options in the Configuration Settings document for the server or servers for which you want to use these extensions.
        Restricting outbound mail routing
        You can control outbound messages from your system to external Internet domains by restricting who can send these messages and by enabling extended SMTP (ESMTP) outbound features.
      - Setting up and using message disclaimers
        Message disclaimers are notices -- usually short text blocks -- that are added to email messages. They are often used by organizations in an attempt to protect the organization's legal interests. For example, message disclaimers can be used to limit an organization's exposure to vicarious liability, that is, to limit the organization's responsibility for the actions of its employees. This type of disclaimer informs the message recipient that the organization is not responsible for anything written by the author of the message.
      - Mail journaling
        By default, after the Notes® Router processes a message, it does not retain a copy of the message. That is, after ServerA successfully sends a message to ServerB, the Router on ServerA deletes the message from its MAIL.BOX database. Likewise, when ServerB successfully transfers or delivers the message to the next server on the routing path, the Router on ServerB removes the message from its MAIL.BOX database.
      - Setting inbound and outbound MIME and character set options
        You can control how servers convert MIME items and international character sets for inbound and outbound messages by specifying options on the Configuration Settings document.
      - HTML rendering for mail
        By default, HTML-formatted mail messages -- for example, mail newsletters -- are rendered using these browsers. The default use of these browsers ensures that HTML-formatted emails are readable and appear to the recipient as the sender intended. Note that such rendering is for reading only. If a user edits an HTML-formatted mail message or forwards or replies to one, the new mail message is rendered using the Notes® embedded browser, and may not retain all of the original HTML formatting.
  - Configuring iNotes®
    IBM® iNotes® (previously IBM Domino® Web Access) provides IBM Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of IBM iNotes.
  - Configuring Web servers
    This section describes how to set up the IBM® Domino® Web server, the Domino Web Navigator, and other Web servers such as IBM HTTP.
  - Setting up a cluster
    Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
- Securing
  This section describes IBM® Domino® security features, including execution control lists, IDs, and SSL.
- Administering
  This documentation provides information about the administration tools for managing and monitoring IBM Domino® servers and databases.
- Tuning
  Use this information to improve IBM® Domino® server, Domino Web server, and messaging performance through the use of resource balancing and activity trends, Server.Load commands, advanced database properties, cluster statistics, and the Server Health Monitor.
- Troubleshooting
  This section describes how to find and solve problems with IBM® Domino® server and Administrator client.
- Glossary

Preventing unauthorized SMTP hosts from using Domino® as a relay

To protect SMTP servers from unauthorized relaying, Domino® provides inbound relay controls used to define the hosts to which and from which a server can relay messages. The Domino® SMTP listener denies requests to relay messages to or from unauthorized hosts

About this task

To prevent misuse of your system, configure Domino® to prevent open relaying, while allowing relays originating from and destined for known domains and hosts. By default, a new Domino® SMTP server prevents external hosts from relaying mail to any destination. You can further customize Domino's anti-relay controls to specify when relays are and are not allowed.

The Router/SMTP > Restrictions and Controls > SMTP Inbound Controls tab of the Configuration Settings document provides two sets of controls for managing relay access:

Inbound relay controls
Inbound relay enforcement

Use the Inbound relay controls to restrict relays by destination and origin. Use the relay enforcement controls to selectively apply the relay restrictions based on the originator's relation to the local Internet domain, host name, or authentication status.

Have feedback?
Google Analytics is used to store comments and ratings. To provide a comment or rating for a topic, click Accept All Cookies or Allow All in Cookie Preferences in the footer of this page.