Home
Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
Configuring users and servers
Topics in this section describe how to set up users and servers.
Configuring messaging
This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
Customizing mail
After you set up basic mail routing, you can customize the HCL Domino® messaging system to improve performance and meet the specific needs of your organization.
Customizing SMTP Routing
If you enabled SMTP routing, you can customize it by stopping and starting the SMTP service, changing the inbound and outbound SMTP port settings, restricting inbound SMTP routing, restricting outbound SMTP routing, and specifying inbound and outbound MIME settings.
Restricting SMTP inbound routing
You can set up your Domino® system to control, verify, and restrict inbound mail. Restricting inbound mail routing prevents Domino from accepting unwanted commercial e-mail (UCE) sent to your users and consequently reduces the load on your system.
How Domino® uses reverse DNS lookups to control inbound SMTP sessions
Domino® inbound relay controls, DNS blacklist filters, and inbound connection controls allow or deny mail based on where messages originate. For these controls to work, Domino must be able to identify the connecting host's IP address, host name, and Internet domain.

Configuring
Use this information to configure your network, users, servers (including Web servers), directory services, security, messaging, widgets and live text, and server clusters.
- Configuring a network
  This section presents the planning concepts and setup procedures necessary for a successful HCL Domino® deployment over a network. It provides information on network protocols from a Domino perspective but does not attempt to provide general network information.
- Configuring users and servers
  Topics in this section describe how to set up users and servers.
  - Understanding the Server document
    The Server document is set up when you register a server. It contains many of the settings that define how your server operates.
  - Policies
    Use Domino® policy settings to control how users work with Notes®. A policy is a document that identifies a collection of individual policy settings. Policy settings documents define a set of defaults that apply to the users and groups to which the policy is assigned. You can change policy settings and they will be automatically applied to the assigned users and groups.
  - Defining default settings for Notes® user registration
    Before you register new Notes® users, you can specify default settings that apply to all users. Default settings simplify user registration and ensure user settings consistency. You can define many default settings, such as what mail server users have or what certifier ID to use for user registration. You can also specify a default workstation execution control list (ECL) to protect data from unauthorized workstation access.
  - Using groups
    Groups are lists of users, groups, and servers that have common traits. They are useful for mailing lists and access control lists. Using groups can simplify administration tasks.
  - Replicas
    You can make a database available to users in different locations, on different networks, or in different time zones, by creating replicas of the database.
  - Calendars and scheduling
    The calendar and scheduling features allow users to check the free time of other users, schedule meetings with them, and reserve resources, such as conference rooms and equipment.
  - Editing the notes.ini file
    The Domino and Notes notes.ini files contain the settings required for the server and client to operate correctly. If you modify or add settings in a notes.ini file, do so cautiously and never edit the file directly with a text editor.
  - Configuring directory services
    This section describes how to plan, set up, and use HCL Domino® directory services.
  - Configuring messaging
    This section provides an overview of messaging and describes how to set up mail routing, how to set up and customize mail servers, and how to track mail.
    - The Domino® mail router
      The Domino® mail router (the Router) is a special server task responsible for the delivery and transfer of the messages in MAIL.BOX. Delivery refers to moving messages from MAIL.BOX into a local mail file or database; while transfer refers to sending messages from MAIL.BOX across the network to another server.
    - The POP3 service
      POP3 (Post Office Protocol Version 3) is an Internet mail protocol that allows a user running a POP3 client -- for example, the Notes® POP3 client, Eudora Pro, or Microsoft™ Outlook Express® -- to retrieve mail from a server that runs the POP3 service. You can set up a Domino® server to run the POP3 service. The Domino server receives and stores mail for POP3 users, who can then connect to the server to retrieve their mail.
    - The IMAP service
      The Domino® server supports the Internet Mail Access Protocol (IMAP4rev1), defined in RFC 2060, for reading mail. The Domino IMAP service lets users with IMAP mail clients access mail files on a Domino server. The IMAP service differs from the POP3 service in that users are not required to download messages to a local computer to read and manipulate them. Users can work with messages over the network, while the messages remain on the server.
    - Customizing mail
      After you set up basic mail routing, you can customize the HCL Domino® messaging system to improve performance and meet the specific needs of your organization.
      - Controlling messaging
        After you set up basic mail routing, use HCL Domino® administrative controls to customize the messaging system to your environment. Using the Domino Administrator and other tools you can change settings that affect routing performance, protect the system from unauthorized use, schedule message transfer, and ensure efficient use of network bandwidth and storage space.
      - Controlling message delivery
        Message delivery occurs when the Router deposits a message in the recipient's mail file. You can control how the Router behaves when delivering messages to mail files on the HCL Domino® server.
      - Specifying a reverse-path setting for forwarded messages
        You can specify how the router handles messages that are forwarded by a user mail rule send copy to action. By default, delivery status reports (DSNs) are requested not to be sent to the email account that forwards the message by setting a null reverse-path. This can cause some spam filters to reject the message.
      - Setting server mail rules
        You can create content filtering rules for that define actions to take on certain messages. When a new message that meets a specified condition is deposited in MAIL.BOX, Domino® automatically performs the designated action. Possible actions include journaling a message, moving it to a database, refusing to accept or deliver a message, changing the routing state of a message, or stopping the processing of subsequent rules. Rule conditions are based on content in the message headers or in the message body.
      - Enabling scheduled messages
        Domino® 10 and later mail servers support the scheduled delivery of mail messages. For example, a user can compose a message on a weekend and schedule it to be sent during the work week.
      - Setting up message recall
        Message recall provides Notes® client users with the ability to recall mail messages after they are sent. This feature is useful when a Notes client user has accidentally clicked Send and then needs to retract the message in order to complete or modify the message content.
      - Customizing message transfer
        You have many options when controlling the transfer of messages between servers in your HCL Domino® system.
      - Customizing Notes® routing
        To customize HCL Notes® routing in your organization, you can xchedule routing for optimal efficiency, change the routing cost of connections between HCL Domino® servers, and restrict mail routing based on Domino domains, organizations, and organizational units.
      - Customizing SMTP Routing
        If you enabled SMTP routing, you can customize it by stopping and starting the SMTP service, changing the inbound and outbound SMTP port settings, restricting inbound SMTP routing, restricting outbound SMTP routing, and specifying inbound and outbound MIME settings.
        Stopping and starting the Domino® SMTP service
        The Domino® SMTP service, or SMTP Server task, runs the SMTP listener, which checks for incoming SMTP connections and messages. SMTP messages can originate from any Internet host or another Domino Server in your domain. For Domino to receive inbound SMTP mail, the SMTP listener must be running on the server.
        Changing SMTP port settings
        You can modify inbound and outbound SMTP port settings.
        Restricting SMTP inbound routing
        You can set up your Domino® system to control, verify, and restrict inbound mail. Restricting inbound mail routing prevents Domino from accepting unwanted commercial e-mail (UCE) sent to your users and consequently reduces the load on your system.
        Restricting inbound SMTP connections
        To prevent your mail system from accepting unwanted mail, Domino® provides a set of controls that let you restrict incoming SMTP connections. The Inbound Connection controls let you specify whether Domino checks the names of connecting hosts in DNS or, if by host name or IP address, the remote hosts from which the server allows and denies connections.
        How Domino® uses reverse DNS lookups to control inbound SMTP sessions
        Domino® inbound relay controls, DNS blacklist filters, and inbound connection controls allow or deny mail based on where messages originate. For these controls to work, Domino must be able to identify the connecting host's IP address, host name, and Internet domain.
        Preventing unauthorized SMTP hosts from using Domino® as a relay
        To protect SMTP servers from unauthorized relaying, Domino® provides inbound relay controls used to define the hosts to which and from which a server can relay messages. The Domino SMTP listener denies requests to relay messages to or from unauthorized hosts
        Enabling DNS blacklist filters for SMTP connections
        To prevent unsolicited commercial e-mail (UCE), or spam, from entering your system, you can set up Domino® to check whether incoming SMTP connections originate from servers listed in one or more DNS blacklists (DNSBLs). DNSBLs are databases that keep a record of Internet SMTP hosts that are known sources of spam or permit third-party, open relaying.
        Working with DNS whitelists for SMTP connections
        Use DNS whitelist filters as a means to help identify legitimate email. When DNS whitelist filters are enabled, the SMTP listener task determines whether a connecting host is a member of a DNS whitelist by relying on the results of a DNS query of a DNS blacklist-style host name. If the query returns an IP address, the host is added to the whitelist and the remaining DNS whitelists are not searched. If the host is not found in the DNS whitelist , processing continues with DNS blacklist filters. If the query returns an error indicating that the host name is not valid, the host is not added to the whitelist and may be subject to blacklist filtering if that is enabled.
        Working with private blacklists for SMTP connections
        Use private blacklists to specify hosts and/or domains responsible for sending unnecessary, unwanted mail to your Internet domain. For consistency, Domino® private blacklists follow the model currently used by existing anit-spam functionality. Private blacklists are stored in the Domino Directory to simplify the process of maintaining and distributing blacklist information between servers.
        Working with private whitelists for SMTP connections
        Use Domino® private whitelist filters to specify exceptions to blacklist filters. Prior to the introduction of private whitelist filters, to exclude a host from blacklist filter processing, you had to either define the client's mail server as a relay exception -- which creates a security risk, or disable the DNS blacklists filters. Now you can use private whitelist filters to specify the hosts and/or domains to exclude from blacklist processing. Hosts that are specified in private whitelists are exempt from blacklist checks. Whitelisted hosts bypass blacklist filter checks but there are other controls which may prevent the message from being accepted. Members of the private whitelist are still subjected to connection, relay, sender, and recipient controls.
        Restricting who can send Internet mail to your users
        Unsolicited commercial e-mail (UCE) can flood your server with numerous copies of the same message. Accepting UCE reduces performance and consumes system resources. You can specify restrictions to prevent UCE from being routed to or relayed through your server. Specifying restrictions prevents malicious users from using your system to spoof addresses or send UCE.
        Restricting users from receiving Internet mail
        Domino® provides SMTP intended recipient filters that let you control the users for whom the server accepts mail sent over SMTP connections. One filter triggers a directory lookup that enables the server to verify that an intended recipient exists before accepting a message. The other two filters let you explicitly specify the Internet addresses that can and cannot receive mail. To ensure that you don't unintentionally block desirable mail, use discretion when applying these settings.
        Defining the maximum error limit before a connection terminates
        You can specify the number of protocol errors that can be returned for a session before the session connection is terminated. When the number of errors returned for a session exceeds the specified value, the session is terminated. For example, blacklist rejections and RCPT To rejections are protocol errors.
        Resolving directory lookups containing ambiguous or group names
        You can specify whether to reject ambiguous names that are returned during directory lookups. If directory lookups are successful and multiple matches are returned for the user name, you can specify whether or not to reject the ambiguous names. When ambiguous names are rejected, mail is not sent to the email addresses for the ambiguous user names.
        Supporting inbound SMTP extensions
        Domino® supports a number of extended SMTP (ESMTP) functions. These include the ability to combine (or pipeline) commands, set the server to check message size before accepting transfer, create a secure TLS connection with another server, and create delivery status notifications in MIME format. You enable or disable each of these options in the Configuration Settings document for the server or servers for which you want to use these extensions.
        Restricting outbound mail routing
        You can control outbound messages from your system to external Internet domains by restricting who can send these messages and by enabling extended SMTP (ESMTP) outbound features.
      - Setting up and using message disclaimers
        Message disclaimers are notices -- usually short text blocks -- that are added to email messages. They are often used by organizations in an attempt to protect the organization's legal interests. For example, message disclaimers can be used to limit an organization's exposure to vicarious liability, that is, to limit the organization's responsibility for the actions of its employees. This type of disclaimer informs the message recipient that the organization is not responsible for anything written by the author of the message.
      - Mail journaling
        By default, after the Notes® Router processes a message, it does not retain a copy of the message. That is, after ServerA successfully sends a message to ServerB, the Router on ServerA deletes the message from its MAIL.BOX database. Likewise, when ServerB successfully transfers or delivers the message to the next server on the routing path, the Router on ServerB removes the message from its MAIL.BOX database.
      - Setting inbound and outbound MIME and character set options
        You can control how servers convert MIME items and international character sets for inbound and outbound messages by specifying options on the Configuration Settings document.
      - HTML rendering for mail
        By default, HTML-formatted mail messages -- for example, mail newsletters -- are rendered using these browsers. The default use of these browsers ensures that HTML-formatted emails are readable and appear to the recipient as the sender intended. Note that such rendering is for reading only. If a user edits an HTML-formatted mail message or forwards or replies to one, the new mail message is rendered using the Notes® embedded browser, and may not retain all of the original HTML formatting.
  - Configuring iNotes®
    HCL iNotes® provides HCL Notes® users with browser-based access to Notes mail and to Notes calendar and scheduling features. Administrators specify mail policy and security policy settings as well as notes.ini file settings to complete the full implementation of HCL iNotes.
  - Configuring Web servers
    This section describes how to set up the HCL Domino® Web server, and the Domino Web Navigator.
  - Setting up a cluster
    Setting up a cluster includes the tasks of creating and verifying that it is working correctly, and then setting up user access, mail, replications, size quotas, directory assistance, roaming, web navigation, and use of a private LAN in the cluster.
  - Configuring Widgets and Live Text
    Widgets and Live Text enables end users to see and act on Live Text in supported documents, including HCL Notes® mail, using XML extensions (widgets) created specifically for their use.
  - Domain Search
    Notes® client and Web users can use Domain Search to search an entire Domino® domain for database documents, files, and attachments that match a search query.

How Domino® uses reverse DNS lookups to control inbound SMTP sessions

Domino® inbound relay controls, DNS blacklist filters, and inbound connection controls allow or deny mail based on where messages originate. For these controls to work, Domino® must be able to identify the connecting host's IP address, host name, and Internet domain.

Domino® obtains this information from two sources: the IP stack and the Domain Name Service (DNS). When a host originates a connection to the Domino® SMTP service, the connecting host passes its IP address to the IP stack of the computer running the Domino® server. The SMTP service reads the IP address directly from this source.

For Domino® to obtain host name and domain information, it must have access to the Domain Name Service (DNS) and be able to locate a PTR record for the connecting host. A PTR record resolves an IP address to a host name.

To request a PTR record, the Domino® SMTP listener performs a reverse lookup to the DNS. From the host name returned by this query, Domino® parses out the domain name of the connecting host, comparing this domain name to the list of local Internet domains in the Global domain document. Hosts from domains listed in the Local primary Internet domain or Alternate Internet domain aliases fields of the Global Domain document are considered to be part of the local Internet domain; all others are treated as external hosts.