Creating an Adjacent domain document

For example, if you are in domain B and want to prevent mail from an adjacent domain A from traversing your domain to reach another adjacent domain C, create an Adjacent domain document that names C as the adjacent domain and denies mail from A.

The restrictions you define in the Adjacent domain document apply to the domain of the previous hop only. That is, in the Adjacent domain document created in the previous example, adding A to the Deny list prevents mail originating in A from routing to C. This includes mail that domain A may receive from domain Z for eventual transfer to C.

But suppose you want to allow mail from A, but deny mail from domain Z, which uses A and B as intermediate domains to reach C. If the administrator in domain B removes domain A from the deny list of the Adjacent domain document for domain C, and adds domain Z, domain Z is allowed to route mail to C. This is because once the message arrives in domain B the domain of origin appears to be A, rather than Z. In the absence of restrictions on transferring mail from A to C, IBM® Domino® allows the message to route.

You also use Adjacent domain documents to allow Free Time searches across domains.

Adjacent Domain documents do not provide connectivity to adjacent domains, and are not required to enable connections between adjacent domains. To define routes between adjacent domains, create a Connection document.

By default, a domain that can route mail to your domain can also route mail through your domain to another adjacent domain. When mail routes from one domain to another through your domain, it ties up your resources. To prevent your servers from being used to transfer mail between other domains, you can selectively allow and deny mail routing through your domain to the domain named in the Adjacent domain document.

The Allow and Deny fields on the Restrictions tab of the Adjacent domain document let you control the flow of messages from other domains to the adjacent domain. Entries in these fields must be the names of adjacent domains; the Router ignores entries for non-adjacent domains beyond the previous hop. If you deny a domain from sending mail through your domain, the Router denies all mail received from that domain, including messages the domain may have passed on from another, non-adjacent domain. There is no way to restrict specific users from routing to an IBM® Notes® domain. Restrictions apply to all users in specified domain.

The settings in the Allow and Deny fields work in conjunction with the Allow and Deny fields on the Router/SMTP > Restrictions and Controls > Restrictions tab of the Configuration Settings document. In the event of any conflict between settings, Domino® applies the most restrictive entry.

Messages may be further restricted by Adjacent Domain documents, Non-adjacent Domain documents, and Configuration Settings documents set up between domains along the routing path.