IBM AH0QXML User Guide - Page 71

Inbound relay enforcement

Get IBM AH0QXML - Lotus Domino Messaging PDF manuals and user guides View all IBM AH0QXML manuals
Add to My Manuals
Save this manual to your list of manuals

Page 71 highlights

Table 4-4 Avoid these inbound relay configurations Allow to Deny to Allow from Deny from Result of inbound relay setting xyz.com abc.com All hosts, except abc.com can relay mail to any destination. abc.com can relay to any destination, except xyz.com. xyz.com * All hosts can relay mail to any destination except xyz.com xyz.com abc.com All hosts can relay mail to any destination. * abc.com All hosts, except abc.com, can relay mail to any destination xyz.com abc.com All hosts, except abc.com, can relay mail to any host. abc.com can relay mail to xyz.com 4.4.2 Inbound relay enforcement New to Domino 6 are the inbound relay enforcement configurations. These options allow tighter control over the hosts that are allowed to relay off your Domino server. You can choose whether the Domino server performs relay checking for all hosts, external hosts only, or disable relay checking all together. Enabling anti-relay enforcement allows you to further exclude certain hosts from being checked against your inbound relay controls options. You could choose to perform checking on all hosts and yet, exclude certain hosts (whether external or internal) from being checked by explicitly entering these hostnames or IP addresses in the "Exclude these connecting hosts from anti-relay checks." Domino 6 enables "Anti-relay enforcement checking for all External Hosts" by default. If you choose not to make adjustments to the default settings, you can rest assured that your server will perform inbound relay checking for external hosts. Using the "Exceptions for authenticated users" field, you can choose to allow or deny your POP or IMAP users to relay. This new field allows authenticated users to use the Domino server as a relay for messages to the Internet. POP or IMAP users have to configure their mail client to authenticate again with Domino SMTP Server. Name and password authentication must be enabled on the Domino Server. After the SMTP Listener task determines the user has been authenticated, it treats the connection as if it originated from a local user and exempts it from inbound relay controls. This is especially helpful when a POP or IMAP user accesses the Domino server by way of an Internet Service Provider. Domino would normally treat this inbound connection as a remote connection, perform anti-relay checks, and fail the relay attempt due to the address not being recognized as local. Chapter 4. Domino 6 Server anti-spam features 59

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
Chapter 4. Domino 6 Server anti-spam features
59
Table 4-4
Avoid these inbound relay configurations
4.4.2
Inbound relay enforcement
New to Domino 6 are the inbound relay enforcement configurations. These
options allow tighter control over the hosts that are allowed to relay off your
Domino server. You can choose whether the Domino server performs relay
checking for all hosts, external hosts only, or disable relay checking all together.
Enabling anti-relay enforcement allows you to further exclude certain hosts from
being checked against your inbound relay controls options. You could choose to
perform checking on all hosts and yet, exclude certain hosts (whether external or
internal) from being checked by explicitly entering these hostnames or IP
addresses in the
Exclude these connecting hosts from anti-relay checks.
Domino 6 enables
Anti-relay enforcement checking for all External Hosts
by
default. If you choose not to make adjustments to the default settings, you can
rest assured that your server will perform inbound relay checking for external
hosts.
Using the
Exceptions for authenticated users
field, you can choose to allow or
deny your POP or IMAP users to relay. This new field allows authenticated users
to use the Domino server as a relay for messages to the Internet. POP or IMAP
users have to configure their mail client to authenticate again with Domino SMTP
Server. Name and password authentication must be enabled on the Domino
Server. After the SMTP Listener task determines the user has been
authenticated, it treats the connection as if it originated from a local user and
exempts it from inbound relay controls. This is especially helpful when a POP or
IMAP user accesses the Domino server by way of an Internet Service Provider.
Domino would normally treat this inbound connection as a remote connection,
perform anti-relay checks, and fail the relay attempt due to the address not being
recognized as local.
Allow to
Deny to
Allow from
Deny from
Result of inbound relay setting
xyz.com
abc.com
All hosts, except abc.com can relay mail to any
destination. abc.com can relay to any destination,
except xyz.com.
xyz.com
*
All hosts can relay mail to any destination except
xyz.com
xyz.com
abc.com
All hosts can relay mail to any destination.
*
abc.com
All hosts, except abc.com, can relay mail to any
destination
xyz.com
abc.com
All hosts, except abc.com, can relay mail to any host.
abc.com can relay mail to xyz.com