CONFIGURING


Working with DNS whitelists for SMTP connections

Use DNS whitelist filters as a means to help identify legitimate email. When DNS whitelist filters are enabled, the SMTP listener task determines whether a connecting host is a member of a DNS whitelist by relying on the results of a DNS query of a DNS blacklist-style host name. If the query returns an IP address, the host is added to the whitelist and the remaining DNS whitelists are not searched. If the host is not found in the DNS whitelist , processing continues with DNS blacklist filters. If the query returns an error indicating that the host name is not valid, the host is not added to the whitelist and may be subject to blacklist filtering if that is enabled.

Before you begin

Make sure you have a Configuration Settings document for the server on which you are enabling DNS whitelist filters.

About this task

DNS whitelists can be used independently of blacklists but private blacklists override DNS whitelists.

Procedure

1. From the Domino® Administrator, click the Configuration tab and expand the Messaging section.

2. Click Configurations.

3. Select the Configuration Settings document for the server on which you are enabling DNS whitelist filters.

4. Click Router / SMTP -> Restrictions and Controls -> SMTP Inbound Controls.

5. Complete these fields in the DNS Whitelist Filters section and then click Save and Close.


Viewing DNS whitelist statistics

About this task

The SMTP listener task maintains a statistic to keep a cumulative count of the number of connections accepted from DNS whitelisted hosts. The statistic, SMTP.DNSWL.TotalHits, can be viewed using the Domino Administrator client, or by issuing this command from the server console:

show stat SMTP

To determine the number of times a particular IP address is listed in one of the configured DNS whitelists, expand the SMTP.DNSWL.<WhitelistSite>.IP address.Hits statistic.

To collect the expanded information, set the NOTES.INI variable SMTPExpandDNSWLStats =1.

Related tasks
Enabling DNS blacklist filters for SMTP connections
Restricting inbound SMTP connections