Changing SMTP port settings
You can modify inbound and outbound SMTP port settings.
- Inbound SMTP port settings determine how the HCL Domino® SMTP listener receives SMTP connections from other servers. For inbound connections, you can specify the port numbers, port status, and authentication methods required for both TCP/IP and TLS ports.
- Outbound SMTP settings determine how Domino® makes SMTP connections to other servers. For outbound connections, you can change the default port numbers and status of the TCP/IP and TLS ports.
Configuring SMTP authentication options on servers that use Internet Site documents
On servers that use Internet Site documents, the SMTP service obtains inbound port authentication settings from the Security tab of the SMTP Site document, rather than from the Server document. As a result, when Internet Site documents are used, the TCP/IP and TLS port authentication settings described in the procedures that follow are not available in the Server document. Settings in the Server document continue to provide the inbound SMTP port number and status and determine whether the Domino® server allows incoming connections from the authenticated user.
To determine whether the use of Internet Site documents is enabled for a server, check the value of the Load Internet configurations from Server\Internet Sites documents field on the Basics tab of the Server document. If this field is set to Enabled, the server uses Internet Site documents to configure all of its Internet protocols (SMTP, POP3, IMAP, and so forth).
If the server uses Internet Site documents, and an Inbound SMTP Site document is not present in the Domino® Directory, or the authentication options in a configured Inbound SMTP Site document are set to No, the SMTP service rejects incoming connections. In each case, connecting hosts receive the following error when attempting to authenticate with the SMTP service:
This site is not enabled on the server.
Ensuring that SMTP clients can connect to a nonstandard port
Because remote SMTP clients attempt to connect to port 25 by default, if you specify a different port number, be sure to configure connecting clients to use the new port, otherwise inbound SMTP connections will fail. This can cause routing problems, especially if the server with the nonstandard SMTP port acts as a relay host for outbound Internet mail.
To configure your other Domino® servers to transfer outbound SMTP mail to a nonstandard SMTP port, change the Outbound SMTP setting on the tab of the Server document.
For example, if a server must initiate an SMTP session with a receiving server on which the SMTP task is listening on port 26, set the SMTP Outbound port to 26 on the Server document of the initiating server.
Configuring SMTP port security
To prevent unauthorized access to the SMTP Listener and to protect SMTP sessions from eavesdropping, you can require users and servers to provide name and password credentials to authenticate with the server, and you can enable the use of TLS to encrypt both inbound and outbound SMTP sessions.
On servers that support TLS, you can encrypt SMTP mail sessions by having the server send and receive mail over the TLS port (port 465 by default). Domino® also supports negotiated TLS for both inbound and outbound sessions, which allows for encryption over the TCP/IP port between servers that support the STARTTLS command.
You can restrict access to the SMTP listener so that only users who are allowed to access the server can connect to the server's inbound SMTP port.