Working with private blacklists for SMTP connections

Use private blacklists to specify hosts and/or domains responsible for sending unnecessary, unwanted mail to your Internet domain. For consistency, Domino® private blacklists follow the model currently used by existing anit-spam functionality. Private blacklists are stored in the Domino® Directory to simplify the process of maintaining and distributing blacklist information between servers.

Before you begin

Make sure you have previously set up a Configuration Settings document for the server.

About this task

When private blacklists are enabled, the SMTP listener task compares the names of hosts that may be subject to relay enforcement against the private blacklist prior to performing DNS blacklist queries. This prevents unnecessary DNS lookups. If the host is found in the private blacklist, the action specified in the field Desired action when a connecting host is found in a private blacklist in the Private Blacklist Filters section of the Configuration Settings document applies. If the host is not found in the private blacklists, processing continues with DNS whitelist filters and then DNS blacklist filters.

Using private blacklist filters

Procedure

  1. From the Domino® Administrator, click the Configuration tab and expand the Messaging section.
  2. Click Configurations.
  3. Select the Configuration Settings document for the server on which you are enabling the private blacklist filters.
  4. Click Router / SMTP > Restrictions and Controls > SMTP Inbound Controls.
  5. Complete these fields in the Private Blacklist Filters section and then click Save and Close.
    Table 1. Private Blacklist Filters

    Field

    Action

    Private Blacklist filter
    Note: Private blacklist filters apply only to hosts that are subject to inbound relay enforcement.

    Choose Enabled to allow the SMTP listener task to determine if connecting hosts have been blacklisted, that is, if connecting hosts have been entered in the field Blacklist the following hosts.

    By default, this setting is disabled.

    Blacklist the following hosts

    Enter IP addresses or host names of the systems to blacklist.

    IP ranges and masks are supported. Wildcards can be used except within ranges.

    Desired action when a connecting host is found in the private blacklist

    Choose one:

    • Log only -- Records the host name and IP address of the connecting server found in the private blacklist. This is the default setting.
    • Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSBLSite, to messages accepted from blacklisted hosts. The value of $DNSBLSite will be PrivateBlacklist.
    • Log and reject message -- Logging occurs in the same manner as in the Log only option. Rejects messages by returning an error response to the blacklisted host.

    Custom SMTP error response for rejected messages

    Enter the custom error message text to be sent when the connecting host's name is found in the private blacklist.

    The format specifier %s can be used to insert the IP address of the connecting host. For example, enter the following text: Your host %s was blacklisted. When Domino® rejects a message from the blacklisted host 127.0.0.1, the following error message appears: Your host 127.0.0.1 was blacklisted.

Viewing private blacklist statistics

About this task

The SMTP listener task maintains a cumulative count of the number of connections accepted from blacklisted hosts, and stores that count in the SMTP.PrivateBL.TotalHits statistic. The SMTP.PrivateBL.TotalHits statistic is part of the SMTP statistics package and can be viewed using the Domino® Administrator client or from the server console by entering the following command:

show stat SMTP