IBM AH0QXML User Guide - Page 68
Conflicts between the destination and source restrictions
View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 68 highlights
You may find that you have certain hosts that are allowed to relay off this Domino server. You could then add these hosts (name or IP address) to the "Allow messages only from the following internet hosts to be sent to external internet domains" field. Only hosts that are explicitly added to the Allow field will be able to use this server as a relay. Internal hosts (those within the same Internet domain) are exempt from relay checking by default. Any host determined to be part of your local internet domain will be allowed to relay off this Domino server, regardless of the setting described. In Domino Release 5, in order to restrict internal as well as external hosts from relaying, you would need to set the notes.ini variable SMTPAllHostsExternal=1. This variable treated all connecting hosts as external hosts and all hosts were subject to relay checking. This allowed Administrators to close down the relay capability within Domino for all hosts, including internal hosts. If it was determined that an internal host needed to relay though the Domino server, this host could be placed in the "Allow messages only from the following internet domain to be routed to external internet domains" field. Conflicts between the destination and source restrictions Domino 6 handles the conflict that can occur between the destination and source fields differently than R5 did. In Lotus Domino 5, Deny entries took precedence over Allow entries; in Lotus Domino 6, Allow entries take precedence over Deny entries. For example, let's say that you allow relays from the following host and deny them to the following domain: Allow from hosts: 9.95.91.51 Deny to domains: yahoo.com On a Domino 5 server, because the Deny entry takes precedence, the named host, 9.95.91.51, cannot relay to denied destinations. In the example, the Domino 5 server cannot relay to any address in the yahoo.com domain. On a Domino 6 server, in the event of a conflict between entries, Allow entries take precedence. By giving a specific host "Allow" access, you allow that host to relay to any destination. In the example, the host 9.95.91.51 can relay to the yahoo.com domain even though the domain is explicitly denied as a relay destination. Similarly, the following configuration denies relays from a specified host and allows them to a specified domain: Deny from hosts: myhost.iris.com Allow to domains: hotmail.com 56 Lotus Domino 6 spam Survival Guide for IBM eServer