CONFIGURING
To block relays to a specific domain or from a specific host, set restrictions in the inbound relay controls on the Router/SMTP -> Restrictions and Controls -> SMTP Inbound Controls tab of the Configuration Settings document.
About this task
Use the inbound relay controls to define:
Note: SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. These groups must be in the primary directory. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.
To set inbound relay controls
Procedure
1. Make sure you already have a Configuration Settings document for the server(s) to be configured.
2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.
3. Click Configurations.
4. Select the Configuration Settings document for the mail server or servers you want to administer and click Edit Configuration.
5. Click the Router/SMTP -> Restrictions and Controls -> SMTP Inbound Controls tab.
6. Complete these fields in the Inbound Relay Controls section, and then click Save & Close:
For example, if you enter abc.com and xyz.com in this field, Domino accepts only messages to recipients with addresses that end in abc.com or xyz.com domains. Messages for recipients in other domains are denied.
To name a domain explicitly, prefix an @ sign to the entry. For example, if you enter @xyz.com the server relays messages only if the domain part of the address matches xyz.com exactly, such as User@xyz.com.
Prefix a percent sign (%) to specify the name of a Domino domain to which mail can be sent; for example, enter %RenovationsEast to specify that the server can send mail to the Domino domain RenovationsEast.
Group entries cannot contain a domain part or dot (.).
Domino denies only messages destined for recipient addresses in the specified domains. All other messages may relay.
For example, if you enter abc.com in the field, Domino relays messages to recipients in all external Internet domains except abc.com. Domino denies messages for recipients in the abc.com domain.
To name a domain explicitly, prefix an @ sign to the entry. For example, if you enter @xyz.com, the server rejects messages addressed to users if the domain part of the address matches xyz.com exactly, such as user@xyz.com, but allows messages to relay to other domains that end in xyz.com, such as user@server.xyz.com.
Prefix a percent sign (%) to specify a Domino domain name; for example, entering %RenovationsEast specifies the Domino domain RenovationsEast. This lets you prevent SMTP users from sending mail to certain internal Domino domains or even foreign domain servers, such as FAX systems.
Enter host names or IP addresses to designate the sites that are authorized to use Domino to relay messages to recipients outside your local Internet domain.
Enter host names or IP addresses to designate the sites that cannot use Domino to relay messages to recipients outside the local Internet domain.
For example, you enter renovations.com in the field. Domino accepts messages to recipients in external Internet domains from all servers except those with host names ending in renovations.com. Domino denies messages to recipients in external Internet domains from servers in the renovations.com domain.
An asterisk (*) in this field prevents Domino from relaying messages from any host subject to the relay controls.
How Domino resolves conflicts between settings in the inbound relay controls
When there is a conflict between the allowed and denied relay destinations, and the allowed/denied relay sources, the entry in the Allow field takes precedence. Thus, a host that you explicitly allow to relay can always relay to any destination, including denied destinations. Similarly, if you allow relays to a given domain, all hosts can relay to that destination, including hosts to which you have explicitly denied relaying. Denied hosts cannot relay to domains other than those that you specifically list in the Allow field. The following table provides several examples of how Domino resolves conflicts between entries in the Allow and Deny fields of the Inbound relay controls.
Table 2. Example of conflict between an allowed relay destination and denied relay source
Table 3. Example of conflict between a denied relay destination and allowed relay source
Note: This differs from the behavior of Domino Release 5, where if you denied relays to a destination domain, an allowed source host could not relay to the denied domain, and a denied source could not relay to any destination. You can revert to the Release 5 behavior by setting the variable in the NOTES.INI file.
If the same entry is placed in the list of allowed and denied destinations, or the list of allowed and denied sources, Domino honors the entry in the Deny list. For example, Domino rejects relays to xyz.com if you configure the relay controls as follows:
Table 4. Example of conflict between allowed and denied relay destinations
Related concepts Understanding open relays
Related tasks Creating a Configuration Settings document Stopping and starting the Domino SMTP service Updating the SMTP configuration Preventing unauthorized SMTP hosts from using Domino as a relay Specifying enforcement of inbound relay controls Enabling DNS blacklist filters for SMTP connections
Related reference How inbound anti-relay settings control message transfer to external Internet domains