Restricting who can send Internet mail to your users
Unsolicited commercial e-mail (UCE) can flood your server with numerous copies of the same message. Accepting UCE reduces performance and consumes system resources. You can specify restrictions to prevent UCE from being routed to or relayed through your server. Specifying restrictions prevents malicious users from using your system to spoof addresses or send UCE.
About this task
To save system resources, before it accepts a message, the Domino® SMTP listener checks the Mail From address specified in the message envelope during the SMTP transaction. If you set the Domino® server to deny mail from a particular source, Domino® denies it whenever that source is encountered -- for example, if users from a denied domain send mail through a relay, Domino® denies it based on its origin from that domain. Domino® creates an entry in the log file (LOG.NSF) whenever a message is rejected.
Procedure
- Make sure you already have a Configuration Settings document for the server(s) to be configured.
- From the Domino® Administrator, click the Configuration tab and expand the Messaging section.
- Click Configurations.
- Select the Configuration Settings document for the mail server or servers you want to restrict mail on, and click Edit Configuration.
- Click the tab.
- Complete these fields and then click Save &
Close:
Table 1. Inbound Sender Controls fields Inbound Sender Controls Field
Enter
Verify sender's domain in DNS
Choose one:
- Enabled - Domino® verifies that the sender's domain exists, by checking the DNS for an MX, CNAME, or A record that matches the domain part of the address in the MAIL FROM command received from the sending host. If no match is found, Domino® rejects inbound mail from the host.
Note: This can result in Domino® rejecting mail from legitimate hosts that do not have these records in their DNS entries.- Disabled - (default) Domino® does not check DNS to verify that the sender's domain exists.
Allow messages only from the following Internet addresses/domains
Internet addresses from which the server accepts messages. If you enter addresses in this field, only messages with senders matching those addresses can send Internet mail to users in your local Internet domain. Mail from all other addresses is denied.
During the SMTP conversation, the Domino® SMTP listener compares the address in the MAIL FROM command received from the connecting host with the entries in this field.
For example, if you enter renovations.com in the field, Domino® accepts incoming mail only if the address in the MAIL FROM command ends in renovations.com. Domino® denies messages from all other Internet addresses.
You can create a Notes® group containing a list of addresses from which to allow messages and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot (.).
Deny messages from the following Internet addresses/domains
Internet addresses from which the server does not accept messages.
During the SMTP conversation, the Domino® SMTP listener compares the address in the MAIL FROM command received from the connecting host with the entries in this field.
If you enter addresses in this field, all messages except those matching addresses listed in this field can route to your users. Mail is denied only from addresses matching the entries in this field.
For example, if you enter renovations.com in the field, Domino® accepts messages from all Internet addresses and domains except those ending in renovations.com. Domino® denies messages from senders whose addresses end in renovations.com.
You can create a Notes® group containing a list of addresses from which to deny messages and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot (.).
- Reload the SMTP task, or update the SMTP configuration to put changes into effect.