Lotus Domino Administrator 8.5 Help - Enabling private whitelist filters for SMTP connections

MAIL

Enabling private whitelist filters for SMTP connections
Use IBM® Lotus® Domino® private whitelist filters to specify exceptions to blacklist filters.

Prior to the introduction of private whitelist filters, to exclude a host from blacklist filter processing, you had to either define the client's mail server as a relay exception -- which creates a security risk, or disable the DNS blacklists filters. Now you can use private whitelist filters to specify the hosts and/or domains to exclude from blacklist processing. Hosts that are specified in private whitelists are exempt from blacklist checks. Whitelisted hosts bypass blacklist filter checks but there are other controls which may prevent the message from being accepted. Members of the private whitelist are still subjected to connection, relay, sender, and recipient controls. Being whitelisted does not guarantee that the message will be delivered to the recipient.

Whitelists can be used independently of blacklists.

When private whitelists are enabled, the SMTP listener task compares hosts that may be subject to relay enforcement against the defined private whitelist. If there is a match, the private blacklist, DNS whitelists, and DNS blacklists are skipped. Otherwise, processing continues beginning with the private blacklist.

Setting up private whitelist filters

This procedure assumes you have previously set up a Configuration Settings document for the server.

1. From the Domino Administrator, click the Configuration tab and expand the Messaging section.

2. Click Configurations.

3. Select the Configuration Settings document for the server on which you are enabling private whitelist filters.

4. Click Router / SMTP - Restrictions and Controls - SMTP Inbound Controls.

5. Complete these fields in the Private Whitelist Filters section and then click Save and Close.

Field Action

Private Whitelist Filters Note Private whitelist filtering applies only to hosts subject to inbound relay enforcement.
Choose "Enabled" to allow the SMTP listener task to determine if connecting hosts have been whitelisted, that is, to determine whether they have been entered in the field "Whitelist the following hosts."
By default this setting is disabled.

Whitelist the following hosts Enter IP addresses or host names of the systems to add to the whitelist.
IP ranges and masks are supported. Wildcards can be used except within ranges.

Desired action when a connecting host is found in the private whitelist Choose one of these:

Silently skip blacklist filters -- All actions skip blacklist filter checks. No logging occurs and all actions skip blacklist filters. This is the default setting.
Log only -- Records the host name and IP address of the connecting server found in the private whitelist.
Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSWLSite, to messages accepted from whitelisted hosts. The value of $DNSWLSite will be PrivateWhitelist.

Private whitelist statistic

The SMTP listener task maintains a statistic to keep a cumulative count of the number of connections accepted from whitelisted hosts. The statistic, SMTP.PrivateWL.TotalHits, can be viewed using the Domino Administrator client, or by issuing this command from the server console:

show stat SMTP

Restricting inbound SMTP connections

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
Private Whitelist Filters	Note Private whitelist filtering applies only to hosts subject to inbound relay enforcement. Choose "Enabled" to allow the SMTP listener task to determine if connecting hosts have been whitelisted, that is, to determine whether they have been entered in the field "Whitelist the following hosts." By default this setting is disabled.
Whitelist the following hosts	Enter IP addresses or host names of the systems to add to the whitelist. IP ranges and masks are supported. Wildcards can be used except within ranges.
Desired action when a connecting host is found in the private whitelist	Choose one of these: Silently skip blacklist filters -- All actions skip blacklist filter checks. No logging occurs and all actions skip blacklist filters. This is the default setting. Log only -- Records the host name and IP address of the connecting server found in the private whitelist. Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSWLSite, to messages accepted from whitelisted hosts. The value of $DNSWLSite will be PrivateWhitelist.