Prevent Spam/Relayed Mail (Mixed Grill)

This tip will help minimize if not stop all the mail spammed to or relayed through your system.

Prevent Spam/Relayed Mail (Mixed Grill)

I know that most administrators if not all suffer from quite an amount of unnecessary emails either sent to or relayed though their mail servers. Well not anymore, I hope, with those tips I will try to help minimize if not stop all the mail spammed to or relayed through your system.

The Restrictions and Controls section of the Server Configuration document is an important part of the Domino R5 SMTP/mail server. This is where junk, or "Spam", mail is configured for mail restrictions.

Assumptions
This document assumes that:

  • You have a working SMTP Domino R5.x server with a registered Internet domain and the corresponding settings in Domain Name System (DNS).
  • You have working knowledge of the SMTP conversation for mail transmission. For more information on the SMTP commands, refer to the Request for Comments number 821, also known as RFC821.

The error messages herein are the default error messages for each field; it is assumed that no error messages have been modified in the Failure Message section under Router/SMTP, Advanced, Controls.

Furthermore, this document uses the terms "local Internet domain" and "external Internet domain" throughout. Here, the local Internet domain refers to the Global Domain document's "Local Primary Internet Domain" and "Alternate Internet Domain aliases." All entries in these two fields are considered the local Internet domain, and all Internet domains not listed are considered the external Internet domains.

1. SMTP Inbound Controls, Inbound Relay Controls

Restrictions | SMTP Inbound Controls
Inbound Relay Controls
Allow messages from external
Internet domains to be sent only to
the following Internet domains
Deny messages from external
Internet domains to be sent to the
following Internet domains
Allow messages only from the
following external Internet hosts to
be sent to external Internet domains
Deny messages from the following
external Internet hosts to be sent to
external Internet domains

Deny messages from the following external Internet hosts to be sent to external Internet domains:
The entries in this field identify the external hosts and/or IP address restricted from relaying messages through this Domino server. A message intended for recipients outside the local Internet domain would be rejected.

For Example, if you enter Domain1.com in this field, Domino will reject the ability to relay mail from servers that belong to this Internet domain.

NOTE: If you specify the same entry in the Allow field and the Deny fields, Domino will always take the Deny field as precedence over the Allowed field. Because of security concerns, Deny must take precedence. You can also use an asterisk (*) as a wildcard to indicate all domains that are denied from relaying.

Error Message received in the form of Delivery failure reports when the domain is listed Deny: "554 Relay rejected for policy reasons"

Field Level Help: The fully qualified host names or IP addresses of connecting hosts for which we will never relay messages. * means all hosts. Items need only match the end of host names (acme.com will match serv1.acme.com). IP addresses are always enclosed in square brackets and may include * as a wildcard for subnet addresses.

2. Inbound Intended Recipients Controls

Inbound Intended Recipients Controls
Allow messages intended only for
the following Internet addresses
Deny messages intended for the
following Internet addresses

Allow messages intended only for the following Internet addresses:
If Internet addresses that are within the local Internet domain are added to this field, the SMTP server allows only those users to receive mail from the Internet. Domino will deny all other messages addressed to this domain. Only addresses for the local Internet domains are restricted; all other mail is still allowed, unless you configure this server to restrict the ability to relay. The restriction for this field uses the "rcpt to" SMTP command to match users listed in the field to the users in this field.

For example, if you enter user@acme.com in this field, Domino will allow only this user to receive Internet mail, and all other messages will be denied.

Error message when the Internet address is not listed in this field and a user listing users are listed in this field:
"01:45:46 PM SMTP Server [00ED:0004-00F0] Attempt to relay mail to user@server.lotus.com rejected for policy reasons. Relay to recipient's address denied by your configuration."

Field-Level Help: Allow only RCPT TO SMTP commands whose addresses are specified in this list.

3. SMTP Outbound Controls: Outbound Sender Controls

Outbound Sender Controls
Allow messages only from the
following Internet addresses to be
sent to the Internet
Deny messages from the following
Internet addresses to be sent to
the Internet
Allow messages only from the
following Notes addresses to be
sent to the Internet
Deny messages from the following
Notes addresses to be sent to the
Internet

Allow messages only from the following Notes addresses to be sent to the Internet:
This field gives Domino Administrators the ability to give Internet mail access for a specified number of registered Notes users. All user names entered in this field using the Notes hierarchical address (fullname) format are allowed to route mail to the Internet; all other Notes users will be restricted.

The following error message is displayed when the user is not listed in the Allow field and they attempt to send outbound SMTP mail (this is similar to the Internet address restriction, but it uses the canonical Notes address):
"03:11:28 PM Router: Policy Reason: Router: CN=First Last/O=R50 is restricted from sending mail through server SERVER/R50"

Field-Level Help: The sender may send messages outside of the local Internet domain only if their address is included in this list. This restriction only applies if the sender's address is a Notes address.

But as they say: "Curiosity killed the cat." How could I know that my system is now spam-relay free? I wanted to put those settings to the test. After surfing the net I found this great site http://www.ordb.org which offers relay test, but you have to be careful cause if it happens that you system relays they will add you to their database. Well, what do you think? It turned out that my mail server was up to the test and the result came negative, no relaying.


This was first published in February 2002

Dig deeper on Lotus Notes Domino Antispam Software and Spam Filtering

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchDataCenter

SearchExchange

SearchContentManagement

Close