IBM AH0QXML User Guide - Page 68

Conflicts between the destination and source restrictions

Get IBM AH0QXML - Lotus Domino Messaging PDF manuals and user guides View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals

Page 68 highlights

You may find that you have certain hosts that are allowed to relay off this Domino server. You could then add these hosts (name or IP address) to the "Allow messages only from the following internet hosts to be sent to external internet domains" field. Only hosts that are explicitly added to the Allow field will be able to use this server as a relay. Internal hosts (those within the same Internet domain) are exempt from relay checking by default. Any host determined to be part of your local internet domain will be allowed to relay off this Domino server, regardless of the setting described. In Domino Release 5, in order to restrict internal as well as external hosts from relaying, you would need to set the notes.ini variable SMTPAllHostsExternal=1. This variable treated all connecting hosts as external hosts and all hosts were subject to relay checking. This allowed Administrators to close down the relay capability within Domino for all hosts, including internal hosts. If it was determined that an internal host needed to relay though the Domino server, this host could be placed in the "Allow messages only from the following internet domain to be routed to external internet domains" field. Conflicts between the destination and source restrictions Domino 6 handles the conflict that can occur between the destination and source fields differently than R5 did. In Lotus Domino 5, Deny entries took precedence over Allow entries; in Lotus Domino 6, Allow entries take precedence over Deny entries. For example, let's say that you allow relays from the following host and deny them to the following domain: Allow from hosts: 9.95.91.51 Deny to domains: yahoo.com On a Domino 5 server, because the Deny entry takes precedence, the named host, 9.95.91.51, cannot relay to denied destinations. In the example, the Domino 5 server cannot relay to any address in the yahoo.com domain. On a Domino 6 server, in the event of a conflict between entries, Allow entries take precedence. By giving a specific host "Allow" access, you allow that host to relay to any destination. In the example, the host 9.95.91.51 can relay to the yahoo.com domain even though the domain is explicitly denied as a relay destination. Similarly, the following configuration denies relays from a specified host and allows them to a specified domain: Deny from hosts: myhost.iris.com Allow to domains: hotmail.com 56 Lotus Domino 6 spam Survival Guide for IBM eServer

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
56
Lotus Domino 6 spam Survival Guide for IBM eServer
You may find that you have certain hosts that are allowed to relay off this Domino
server. You could then add these hosts (name or IP address) to the
Allow
messages only from the following internet hosts to be sent to external internet
domains
field. Only hosts that are explicitly added to the Allow field will be able
to use this server as a relay.
Internal hosts (those within the same Internet domain) are exempt from relay
checking by default. Any host determined to be part of your local internet domain
will be allowed to relay off this Domino server, regardless of the setting
described.
In Domino Release 5, in order to restrict internal as well as external hosts from
relaying, you would need to set the notes.ini variable
SMTPAllHostsExternal=1
.
This variable treated all connecting hosts as external hosts and all hosts were
subject to relay checking. This allowed Administrators to close down the relay
capability within Domino for all hosts, including internal hosts. If it was
determined that an internal host needed to relay though the Domino server, this
host could be placed in the
Allow messages only from the following internet
domain to be routed to external internet domains
field.
Conflicts between the destination and source restrictions
Domino 6 handles the conflict that can occur between the destination and source
fields differently than R5 did. In Lotus Domino 5, Deny entries took precedence
over Allow entries; in Lotus Domino 6, Allow entries take precedence over Deny
entries.
For example, let
s say that you allow relays from the following host and deny them
to the following domain:
Allow from hosts: 9.95.91.51
Deny to domains:
yahoo.com
On a Domino 5 server, because the Deny entry takes precedence, the named
host, 9.95.91.51, cannot relay to denied destinations. In the example, the
Domino 5 server cannot relay to any address in the yahoo.com domain.
On a Domino 6 server, in the event of a conflict between entries, Allow entries
take precedence. By giving a specific host
Allow
access, you allow that host to
relay to any destination. In the example, the host 9.95.91.51 can relay to the
yahoo.com domain even though the domain is explicitly denied as a relay
destination.
Similarly, the following configuration denies relays from a specified host and
allows them to a specified domain:
Deny from hosts:
myhost.iris.com
Allow to domains:
hotmail.com