MAIL
If you create a separate Configuration Settings document for your internal SMTP servers, you can use the inbound connection controls to ensure that these internal servers accept SMTP connections from specific SMTP hosts only. For example, configure servers to allow SMTP connections only from servers that receive mail from the Internet. Restricting connections in this way prevents users with POP3 or IMAP clients from sending mail through the server, helps you define valid outbound routing paths, and limits the load on the server.
Note SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. These groups must be in the primary directory. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.
In addition to these inbound connection controls, Domino provides two other means for blocking connections: DNS blacklist filters and access to the SMTP Listener through Domino Extension Manager (EM) services. DNS blacklist filters enable a server to check a host against one or more blacklists during the SMTP conversation. If a connecting host matches an entry in a blacklist, you can configure the server to reject the connection, tag any received messages, or record the transaction in the Notes Log.
Extension Manager (EM) services allow developers to access some functions of the SMTP Listener task. The Extension Manager (EM) allows an executable program library, such as a dynamic link library or shared object library, to register a callback routine that will be called before, after, or before and after Domino performs selected internal operations. Using EM hooks in the SMTP Listener can extend current functionality by providing:
To restrict inbound SMTP connection
1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.
3. Click Configurations.
4. Select the Configuration Settings document for the mail server or servers you want to restrict mail on, and click Edit Configuration.
5. Click the Router/SMTP - Restrictions and Controls - SMTP Inbound Controls tab.
6. Complete these fields in the Inbound Connection Controls section and then click Save & Close:
Enter IP addresses in brackets -- for example, [192.168.10.17].
Host name entries may be complete, as in the fully qualified host name of a particular server, or partial and imply the existence of a wildcard. That is, if you enter:
If you specify host name entries, each time a host connects, Domino checks DNS for a PTR record for the connecting host. If Domino cannot resolve the IP address to a host name because DNS is unavailable or no PTR record exists, no mail is accepted from the connection.
Host name entries may be complete, as in the fully qualified host name of a particular server, or partial and use an implied wildcard. That is, if you enter:
The entry abc.com does not prevent connections from xyzabc.com.
Do not use a leading dot (.) in an entry; for example, .abc.com. Because Domino does not match the leading dot, the entry .abc.com does not prevent connections originating from the domain abc.com.
Note Be careful not to specify the same entry in an Allow field and a Deny field because Domino will deny messages for that entry. The Deny setting takes precedence for security reasons.
Restricting the total number of inbound SMTP sessions
By default, the SMTP service supports an unlimited number of inbound sessions; that is, as many connections as the server's resources physically permit. To restrict the number of concurrent SMTP sessions that a server accepts, set the variable SMTPMaxSessions in the server's NOTES.INI file, where xxx is the maximum number of sessions allowed without any buffering. When the specified number of inbound SMTP connections is reached, the server refuses additional connections and returns the following error: