Restricting users from receiving Internet mail
Domino® provides SMTP intended recipient filters that let you control the users for whom the server accepts mail sent over SMTP connections. One filter triggers a directory lookup that enables the server to verify that an intended recipient exists before accepting a message. The other two filters let you explicitly specify the Internet addresses that can and cannot receive mail. To ensure that you don't unintentionally block desirable mail, use discretion when applying these settings.
About this task
During the SMTP conversation, the connecting host sends the Domino® SMTP listener a RCPT TO command, which specifies the recipient's Internet address. Each of the Inbound Intended Recipient Controls works by examining the addresses specified as arguments to the RCPT TO command. For example, if you enable directory verification and the address specified in the RCPT TO command is in the local Internet domain, the SMTP listener refers to the Domino® Directory to determine whether the address is valid. Messages for invalid addresses are rejected, preventing them from becoming "dead" messages in MAIL.BOX.
The "Allow messages" setting lets you list Internet addresses that are allowed to receive mail. If the RCPT TO command contains one of the specified addresses, the SMTP listener accepts the message; messages for all other recipients are rejected. The "Deny messages" setting lets you explicitly deny mail to certain addresses. If the RCPT To command contains a denied address, the SMTP listener rejects the message, but messages for all other recipients are accepted.
SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. These groups must be in the primary directory. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.
For information on restricting how Domino® looks up recipient names, see the related links.
Procedure
- Make sure you already have a Configuration Settings document for the server(s) to be configured.
- From the Domino® Administrator, click the Configuration tab and expand the Messaging section.
- Click Configurations.
- Select the Configuration Settings document for the mail server or servers you want to administer, and click Edit Configuration.
- Click the tab.
- Complete these fields , and then click Save &
Close:
Table 1. Inbound Intended Recipients Controls fields Field
Description
Verify that local domain recipients exist in the Domino® Directory
Specifies whether the SMTP listener checks recipient names specified in RCPT TO commands against entries in the Domino® Directory
Choose one:
- Enabled - If the domain part of an address specified in an SMTP RCPT TO command matches one of the configured local Internet domains, the SMTP listener checks all configured directories to determine whether the specified recipient is a valid user. If all lookups complete successfully and no matching user name is found, the SMTP server returns a 550 permanent failure response indicating that the user is unknown. For example:
Choosing this setting can help prevent messages sent to nonexistent users (for example, spam messages and messages intended for users who are no longer part of the organization) from accumulating in MAIL.BOX as dead mail.
To avoid messages from being rejected as a result of directory unavailability, Domino® accepts messages when an attempted directory lookup does not complete successfully.
To avoid unnecessary directory lookups, Domino® applies this setting only after performing all other configured SMTP inbound checks (inbound relay, sender, and recipient controls).
Note: When this setting is enabled, and there is an entry in the field Local Internet domain smart host, messages that cannot be resolved are not accepted; therefore, they will not be forwarded to the smart host. When this setting is enabled, and the field Smart host is used for all local Internet domain recipients is enabled, only those messages sent to recipients that can be resolved are accepted, and these will be forwarded to the smart host.- Disabled - (default) The SMTP listener does not check whether local domain recipients specified in the RCPT TO command are listed in the Domino® Directory.
Allow messages intended only for the following Internet addresses
Internet addresses that are within the local Internet domain and that are allowed to receive mail from the Internet. If you enter addresses in this field, only those recipients can receive Internet mail. Domino® denies mail for all other recipients.
You can create a Notes® group containing a list of addresses allowed to receive mail from the Internet and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot (.).
Deny messages intended for the following Internet addresses
Internet addresses within the local Internet domain that are prohibited from receiving mail from the Internet. If you enter addresses in this field, all addresses except those listed in this field can receive Internet mail. Domino® denies mail for only the addresses in this field.
You can create a Notes® group containing a list of addresses that cannot receive mail from the Internet and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot (.).
Note: The SMTP listener accepts messages addressed to any variant of a user's name that is not explicitly denied and that is otherwise acceptable to Domino®. For example, if you deny mail to Kieran.Campion@acme.com, a message addressed to Kcampion@acme.com may be accepted and delivered to the same user. - Reload the SMTP task, or update the SMTP configuration to put changes into effect.