Restricting mail routing based on domain, organization, and organizational unit

You can use two methods to restrict Notes® mail routing in your infrastructure.

About this task

  • Create Adjacent domain documents in the Domino® Directory to keep users from routing mail through your domain to another domain. For example, if you have a connection from your domain, Renovations, to the RenStores domain and the RenSales domain, you might set up an Adjacent domain document to keep users in the RenStores domain from routing to the RenSales domain through the Renovations domain. Using these restrictions reduces the mail load on your system. Adjacent domain documents keep users from using your domain as a Notes® mail relay.
  • Specify restrictions in the Configuration Settings document in the Domino® Directory to restrict mail from specified Domino® domains.
Note: SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.

Procedure

  1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
  2. From the Domino® Administrator, click the Configuration tab and expand the Messaging section.
  3. Click Configurations.
  4. Select the Configuration document for the mail server or servers you want to administer, and click Edit Configuration.
  5. Click the Router/SMTP > Restrictions and Controls > Restrictions tab.
  6. Complete these fields in the Router Restrictions section, and then click Save & Close:
    Table 1. Router Restrictions fields
    Field Enter
    Allow mail only from domains Domino® domains from which the server accepts mail. If you enter Domino® domains in this field, only messages from those domains can enter your domain over Notes® routing. Domino® denies mail from all other Domino® domains. For example, if you enter RenSales in the field, Domino® accepts only messages sent from the RenSales domain to your users. Domino® denies messages sent from all other Domino® domains.

    You can specify individual domain names or a group name. Group entries cannot contain a domain part or dot (.). For example, the group with the name AllowMail is valid, but the groups named Allow.ibm.com or Allowmail@ibm are not.

    Note: This restriction does not affect mail in the local Domino® domain.
    Deny mail from domains Domino® domains from which the server denies mail. If you enter Domino® domains in this field, all messages except those from the domains listed in this field can route to your users. For example, if you enter RenStores in the field, Domino® accepts messages from all Domino® domains except the RenStores domain. Domino® denies messages from the RenStores domain.

    You can specify individual domain names or a group name. Group entries cannot contain a domain part or dot (.). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.

    Note: This restriction does not affect mail in the local Domino® domain.
    Allow mail only from the following organizations and organizational units Organizations and/or organizational units from which the server accepts mail. If you enter organizations and/or organizational units in this field, only messages from users in those organizations and/or organizational units can enter your domain over Notes® routing. Domino® denies mail from all other organizations and/or organizational units. For example, if you enter */East/Renovations in the field, Domino® accepts only messages from the /East/Renovations organizational unit to your users. Domino® denies messages from organizations and/or organizational units other than */East/Renovations.

    You can specify individual organization names, organizational unit names or a group name.
    Deny mail only from the following organizations and organizational units Organizations and/or organizational units from which the server does not accept mail. If you enter organizations or organizational units in this field, all messages except those from users in the organizations and/or organizational units in this field can enter your domain over Notes® routing. Domino® denies mail only from organizations and/or organizational units in this field. For example, if you enter */West/Renovations in the field, Domino® accepts messages from all organizations and organizational units except /West/Renovations. Domino® denies messages from the /West/Renovations organizational unit.

    You can specify individual organization names, organizational unit names or a group name.
    Maximum message size The maximum message size in KB (thousands of bytes) the server accepts. The Router rejects any messages that exceed this size for both transfer and delivery. The default is 0 KB, which does not limit message size.
    Send all messages as low-priority if message size is between Choose one:
    • Enabled - Select this option to restrict messages in a specified size range to low priority routing. The maximum size is defined by the value in the preceding field (Maximum message size). If you choose Enabled, Domino® displays a new field in which you can specify the size, in KB, at which the router processes messages according to the low-priority settings. All messages larger than the specified size will be classified as low-priority.
    • Disabled (default) - Message priority is not based on size.
    Note: If you specify the same entry in an Allow field and a Deny field so there is a conflict between the two fields, Domino® denies messages for that entry. The Deny setting takes precedence for security reasons. Avoid placing the same entry in both the Allow and Deny fields for the same setting.
  7. The change takes effect after the next Router configuration update. To put the new setting into effect immediately, reload the routing configuration.