Restricting users from receiving Internet mail

Domino® provides SMTP intended recipient filters that let you control the users for whom the server accepts mail sent over SMTP connections. One filter triggers a directory lookup that enables the server to verify that an intended recipient exists before accepting a message. The other two filters let you explicitly specify the Internet addresses that can and cannot receive mail. To ensure that you don't unintentionally block desirable mail, use discretion when applying these settings.

About this task

During the SMTP conversation, the connecting host sends the Domino SMTP listener a RCPT TO command, which specifies the recipient's Internet address. Each of the Inbound Intended Recipient Controls works by examining the addresses specified as arguments to the RCPT TO command. For example, if you enable directory verification and the address specified in the RCPT TO command is in the local Internet domain, the SMTP listener refers to the Domino Directory to determine whether the address is valid. Messages for invalid addresses are rejected, preventing them from becoming "dead" messages in MAIL.BOX.

Note: Because enabling this setting results in messages for recipients not found in the directory being rejected, do not use this setting in environments that require mail to be forwarded to a smart host for further processing.

The "Allow messages" setting lets you list Internet addresses that are allowed to receive mail. If the RCPT TO command contains one of the specified addresses, the SMTP listener accepts the message; messages for all other recipients are rejected. The "Deny messages" setting lets you explicitly deny mail to certain addresses. If the RCPT To command contains a denied address, the SMTP listener rejects the message, but messages for all other recipients are accepted.

Note: If the server supports Local Part name lookups, users whose addresses are listed in the Deny field may still receive mail addressed to any alternate Internet addresses configured for them. To ensure greater control, specify the Internet address in each user's Person document and allow users to receive inbound mail destined for their fullname addresses only.

SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. These groups must be in the primary directory. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.

For information on restricting how Domino looks up recipient names, see the related links.

Procedure

  1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
  2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.
  3. Click Configurations.
  4. Select the Configuration Settings document for the mail server or servers you want to administer, and click Edit Configuration.
  5. Click the Router/SMTP > Restrictions and Controls > SMTP Inbound Controls tab.
  6. Complete these fields , and then click Save & Close:
    Table 1. Inbound Intended Recipients Controls fields

    Field

    Description

    Verify that local domain recipients exist in the Domino Directory

    Specifies whether the SMTP listener checks recipient names specified in RCPT TO commands against entries in the Domino Directory

    Choose one:

    • Enabled - If the domain part of an address specified in an SMTP RCPT TO command matches one of the configured local Internet domains, the SMTP listener checks all configured directories to determine whether the specified recipient is a valid user. If all lookups complete successfully and no matching user name is found, the SMTP server returns a 550 permanent failure response indicating that the user is unknown. For example:
    550 bad_user@yourdomain.com ... No such user

    Choosing this setting can help prevent messages sent to nonexistent users (for example, spam messages and messages intended for users who are no longer part of the organization) from accumulating in MAIL.BOX as dead mail.

    To avoid messages from being rejected as a result of directory unavailability, Domino accepts messages when an attempted directory lookup does not complete successfully.

    To avoid unnecessary directory lookups, Domino applies this setting only after performing all other configured SMTP inbound checks (inbound relay, sender, and recipient controls).

    Note: When this setting is enabled, and there is an entry in the field Local Internet domain smart host, messages that cannot be resolved are not accepted; therefore, they will not be forwarded to the smart host. When this setting is enabled, and the field Smart host is used for all local Internet domain recipients is enabled, only those messages sent to recipients that can be resolved are accepted, and these will be forwarded to the smart host.
    • Disabled - (default) The SMTP listener does not check whether local domain recipients specified in the RCPT TO command are listed in the Domino Directory.

    Allow messages intended only for the following Internet addresses

    Internet addresses that are within the local Internet domain and that are allowed to receive mail from the Internet. If you enter addresses in this field, only those recipients can receive Internet mail. Domino denies mail for all other recipients.

    You can create a Notes® group containing a list of addresses allowed to receive mail from the Internet and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot (.).

    Deny messages intended for the following Internet addresses

    Internet addresses within the local Internet domain that are prohibited from receiving mail from the Internet. If you enter addresses in this field, all addresses except those listed in this field can receive Internet mail. Domino denies mail for only the addresses in this field.

    You can create a Notes group containing a list of addresses that cannot receive mail from the Internet and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot (.).

    Note: The SMTP listener accepts messages addressed to any variant of a user's name that is not explicitly denied and that is otherwise acceptable to Domino. For example, if you deny mail to Kieran.Campion@acme.com, a message addressed to Kcampion@acme.com may be accepted and delivered to the same user.
  7. Reload the SMTP task, or update the SMTP configuration to put changes into effect.