CONFIGURING
About this task
Domino® provides two methods for restricting outbound Internet mail:
The outbound sender controls let you specify who can and cannot send mail to the Internet. The controls are implemented in two sets of Allow and Deny lists:
The Outbound sender controls are not intended to restrict SMTP relay access. To configure relay restrictions, use the Inbound Relay Controls on the Router/SMTP - Restrictions and Controls -> SMTP Inbound Controls tab of the Configuration Settings document.
Note: SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. These groups must be in the primary directory. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.
Procedure
1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.
3. Click Configurations.
4. Select the Configuration Settings document for the mail server or servers you want to administer, and click Edit Configuration.
5. Click the Router/SMTP -> Restrictions and Controls -> SMTP Outbound Controls tab.
6. Complete these fields and then click Save & Close:
Enter Internet addresses in the form user@domain.com, or enter the name of a Notes group containing a list of Internet addresses allowed to send mail to the Internet. Domino expands entries for groups only if the group name can be found in the primary Domino Directory.
Wildcards (for example, *renovations.com) and isolated Internet domain suffixes (for example, renovations.com) are not acceptable values in this field.
Group entries cannot contain a domain part or dot (.).
Enter Internet addresses in the form user@domain.com, or enter the name of a Notes group listing the Internet addresses from which to deny outbound Internet mail. Domino expands entries for groups only if the group name can be found in the primary Domino Directory.
Enter fully qualified Notes addresses in the form User/Organizational_unit/Organization, or enter the name of a Notes group whose members you want to prevent from sending Internet mail. Domino expands entries for groups only if the group name can be found in the primary Domino Directory.
Enter fully qualified Notes addresses in the form User/Organizational_unit/Organization or the name of a Notes group whose members you want to prevent from sending Internet mail. Domino expands entries for groups only if the group name can be found in the primary Domino Directory.
Note: Group entries cannot contain a domain qualifier ('@' sign).
What to do next
This outbound sender controls are not intended to control relaying. For information on using Domino's inbound relay controls, see the related topics.
Setting outbound recipient controls
The Outbound recipient controls let you specify the Internet domains, and host names users are allowed to and denied from sending mail to. The controls consist of a set of pair of lists, one specifying the Internet domains or host names to which users can send mail and another listing the domains and host names to which users cannot send mail.
If you specify an Internet domain, users can send mail to any host or sub-domain in that domain. Domino matches entries against the last part of domain names or host names, so entering host.renovations.com allows mail to mail.host.renovations.com as well inbound.host.renovations.com.
Note: If you list a host name that matches an MX record for a domain, Domino allows mail to all recipients in that domain.
Note: If you enter a host name that matches an MX record for a domain, mail to all host names / MX records for that domain is denied.
Results
For security reasons, if there is a conflict between the two fields for a given setting, entries in the Deny field take precedence. For example, if renovations.com appears in both the Allow messages only to recipients in the following Internet domains or host names field and the corresponding Deny messages field, Domino denies messages sent to renovations.com. Be careful not to have the same entry in an Allow field and a Deny field for the same setting.
Domino checks each address to see if it is an Internet address or a Notes address. The Router then applies the restrictions specified for that type of address.
If you are entering multiple names in a field, consider creating a group and entering the group name in the field. Domino expands the group into a list of members. If you update the group list in this document or edit the group members in the Domino Directory, changes do not take effect immediately.
Related concepts Restricting outbound mail routing
Related tasks Customizing the text of mail failure messages Preventing unauthorized SMTP hosts from using Domino as a relay Creating a Configuration Settings document Recalculating the server's routing table Supporting outbound SMTP extensions