MAIL


Enabling private whitelist filters for SMTP connections
Use IBM® Lotus® Domino® private whitelist filters to specify exceptions to blacklist filters.

Prior to the introduction of private whitelist filters, to exclude a host from blacklist filter processing, you had to either define the client's mail server as a relay exception -- which creates a security risk, or disable the DNS blacklists filters. Now you can use private whitelist filters to specify the hosts and/or domains to exclude from blacklist processing. Hosts that are specified in private whitelists are exempt from blacklist checks. Whitelisted hosts bypass blacklist filter checks but there are other controls which may prevent the message from being accepted. Members of the private whitelist are still subjected to connection, relay, sender, and recipient controls. Being whitelisted does not guarantee that the message will be delivered to the recipient.

Whitelists can be used independently of blacklists.

When private whitelists are enabled, the SMTP listener task compares hosts that may be subject to relay enforcement against the defined private whitelist. If there is a match, the private blacklist, DNS whitelists, and DNS blacklists are skipped. Otherwise, processing continues beginning with the private blacklist.

Setting up private whitelist filters

This procedure assumes you have previously set up a Configuration Settings document for the server.

1. From the Domino Administrator, click the Configuration tab and expand the Messaging section.

2. Click Configurations.

3. Select the Configuration Settings document for the server on which you are enabling private whitelist filters.

4. Click Router / SMTP - Restrictions and Controls - SMTP Inbound Controls.

5. Complete these fields in the Private Whitelist Filters section and then click Save and Close.
FieldAction
Private Whitelist FiltersNote Private whitelist filtering applies only to hosts subject to inbound relay enforcement.

Choose "Enabled" to allow the SMTP listener task to determine if connecting hosts have been whitelisted, that is, to determine whether they have been entered in the field "Whitelist the following hosts."

By default this setting is disabled.

Whitelist the following hostsEnter IP addresses or host names of the systems to add to the whitelist.

IP ranges and masks are supported. Wildcards can be used except within ranges.

Desired action when a connecting host is found in the private whitelistChoose one of these:
  • Silently skip blacklist filters -- All actions skip blacklist filter checks. No logging occurs and all actions skip blacklist filters. This is the default setting.
  • Log only -- Records the host name and IP address of the connecting server found in the private whitelist.
  • Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSWLSite, to messages accepted from whitelisted hosts. The value of $DNSWLSite will be PrivateWhitelist.

Private whitelist statistic

The SMTP listener task maintains a statistic to keep a cumulative count of the number of connections accepted from whitelisted hosts. The statistic, SMTP.PrivateWL.TotalHits, can be viewed using the Domino Administrator client, or by issuing this command from the server console:


Related topics