CONFIGURING


Restricting inbound SMTP connections

To prevent your mail system from accepting unwanted mail, Domino® provides a set of controls that let you restrict incoming SMTP connections. The Inbound Connection controls let you specify whether Domino checks the names of connecting hosts in DNS or, if by host name or IP address, the remote hosts from which the server allows and denies connections.

About this task

To determine whether a connection attempt is allowed or denied, the Domino SMTP task first checks the remote host's IP address, which the server's TCP/IP stack reads from the incoming IP packet headers. If the IP address does not match any entry in the Inbound Connection control fields, the SMTP task performs a second check, querying DNS to obtain the host name for the given address. If the query is successful, Domino compares the name obtained against the host names in Allow and Deny fields.

If you create a separate Configuration Settings document for your internal SMTP servers, you can use the inbound connection controls to ensure that these internal servers accept SMTP connections from specific SMTP hosts only. For example, configure servers to allow SMTP connections only from servers that receive mail from the Internet. Restricting connections in this way prevents users with POP3 or IMAP clients from sending mail through the server, helps you define valid outbound routing paths, and limits the load on the server.

Note: SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. These groups must be in the primary directory. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.

In addition to these inbound connection controls, Domino provides two other means for blocking connections:


To restrict inbound SMTP connection

Procedure

1. Make sure you already have a Configuration Settings document for the server(s) to be configured.

2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.

3. Click Configurations.

4. Select the Configuration Settings document for the mail server or servers you want to restrict mail on, and click Edit Configuration.

5. Click the Router/SMTP -> Restrictions and Controls -> SMTP Inbound Controls tab.

6. Complete these fields in the Inbound Connection Controls section and then click Save & Close.


7. Reload the SMTP task or update the SMTP configuration to put changes into effect.

Restricting the total number of inbound SMTP sessions

About this task

By default, the SMTP service supports an unlimited number of inbound sessions; that is, as many connections as the server's resources physically permit. To restrict the number of concurrent SMTP sessions that a server accepts, set the variable SMTPMaxSessions in the server's NOTES.INI file, where xxx is the maximum number of sessions allowed without any buffering. When the specified number of inbound SMTP connections is reached, the server refuses additional connections and returns the following error:

421 Server.domain.com SMTP service not available, closing transmission channel

Related concepts
Customizing SMTP Routing
Restricting SMTP inbound routing

Related tasks
Enabling DNS blacklist filters for SMTP connections
Creating a Configuration Settings document
Stopping and starting the Domino SMTP service
Updating the SMTP configuration
Restricting mail routing based on domain, organization, and organizational unit
Restricting who can send Internet mail to your users
Restricting users from receiving Internet mail
Supporting inbound SMTP extensions
Setting server mail rules