Lotus Domino Administrator 8 Help - Enabling DNS whitelist filters for SMTP connections

MAIL

Enabling DNS whitelist filters for SMTP connections
Use DNS whitelist filters as a means to help identify legitimate email. When DNS whitelist filters are enabled, the SMTP listener task determines whether a connecting host is a member of a DNS whitelist by relying on the results of a DNS query of a DNS blacklist-style host name. If the query returns an IP address, the host is added to the whitelist and the remaining DNS whitelists are not searched. If the host is not found in the DNS whitelist , processing continues with DNS blacklist filters. If the query returns an error indicating that the host name is not valid, the host is not added to the whitelist and may be subject to blacklist filtering if that is enabled.

Note DNS whitelists can be used independently of blacklists but private blacklists override DNS whitelists.

Enabling the use of DNS whitelist filters

This procedure assumes you have previously set up a Configuration Settings document for the server on which you are enabling DNS whitelist filters.

1. From the IBM® Lotus® Domino™ Administrator, click the Configuration tab and expand the Messaging section.

2. Click Configurations.

3. Select the Configuration Settings document for the server on which you are enabling DNS whitelist filters.

4. Click Router / SMTP - Restrictions and Controls - SMTP Inbound Controls.

5. Complete these fields in the DNS Whitelist Filters section and then click Save and Close.

Field Action

DNS Whitelist Filters Note DNS whitelist filtering applies only to hosts subject to inbound relay enforcement.
Choose "Enabled" to allow the SMTP listener task to perform DNS queries against whitelist sites that you enter in the "DNS Whitelist filters" field.
By default this setting is disabled.

DNS Whitelist sites Specify the DNS whitelist sites against which the SMTP listener task will perform DNS queries. The queries are performed when Domino receives an SMTP connection request.

Desired action when a connecting host is found in a DNS whitelist When the connecting host is found in a DNS Whitelist, choose one of the options here:

Silently skip blacklist filters -- All whitelist actions skip blacklist filters. Performs no logging.
Log only -- Records the host name and IP address of the connecting server, as well as the name of the site where the server was listed.
Log and tag message -- Adds the Note item, $DNSWLSite, to messages accepted from whitelisted hosts. Records the host name and IP address of the connecting server, as well as the name of the site where the server was listed.

DNS whitelist statistic

The SMTP listener task maintains a statistic to keep a cumulative count of the number of connections accepted from DNS whitelisted hosts. The statistic, SMTP.DNSWL.TotalHits, can be viewed using the Domino Administrator client, or by issuing this command from the server console:

show stat SMTP

To determine the number of times a particular IP address is listed in one of the configured DNS whitelists, expand the statistic as shown:

SMTP.DNSWL.<WhitelistSite>.IP address.Hits

To collect the expanded information, set the NOTES.INI variable SMTPExpandDNSWLStats =1.

Restricting inbound SMTP connections

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
DNS Whitelist Filters	Note DNS whitelist filtering applies only to hosts subject to inbound relay enforcement. Choose "Enabled" to allow the SMTP listener task to perform DNS queries against whitelist sites that you enter in the "DNS Whitelist filters" field. By default this setting is disabled.
DNS Whitelist sites	Specify the DNS whitelist sites against which the SMTP listener task will perform DNS queries. The queries are performed when Domino receives an SMTP connection request.
Desired action when a connecting host is found in a DNS whitelist	When the connecting host is found in a DNS Whitelist, choose one of the options here: Silently skip blacklist filters -- All whitelist actions skip blacklist filters. Performs no logging. Log only -- Records the host name and IP address of the connecting server, as well as the name of the site where the server was listed. Log and tag message -- Adds the Note item, $DNSWLSite, to messages accepted from whitelisted hosts. Records the host name and IP address of the connecting server, as well as the name of the site where the server was listed.