For example, if you enter abc.com and xyz.com in this field, Domino accepts only messages to recipients with addresses that end in abc.com or xyz.com domains. Messages for recipients in other domains are denied.

To name a domain explicitly, prefix an @ sign to the entry. For example, if you enter @xyz.com the server relays messages only if the domain part of the address matches xyz.com exactly, such as User@xyz.com. Messages to addresses in other domains that end in xyz.com, such as User@uvwxyz.com or User@abc.xyz.com, are denied.

Prefix a percent sign (%) to specify the name of a Domino domain to which mail can be sent; for example, enter %AcmeEast to specify that the server can send mail to the Domino domain AcmeEast.

Group entries cannot contain a domain part or dot ('.'). For example, the group with the name AllowMail is valid, but the groups named Allow.iris.com or Allowmail@iris are not.

Domino denies only messages destined for recipient addresses in the specified domains. All other messages may relay.

For example, if you enter abc.com in the field, Domino relays messages to recipients in all external Internet domains except abc.com. Domino denies messages for recipients in the abc.com domain.

You can specify individual domain names or a group name. To name a domain explicitly, prefix an @ sign to the entry. For example if you enter @xyz.com, the server rejects messages addressed to users if the domain part of the address matches xyz.com exactly, such as user@xyz.com, but allows messages to relay to other domains that end in xyz.com, such as user@server.xyz.com.

Prefix a percent sign (%) to specify a Domino domain name; for example, entering %AcmeEast specifies the Domino domain AcmeEast. This lets you prevent SMTP users from sending mail to certain internal Domino domains or even Notes servers such as FAX systems.

Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.

Enter host names or IP addresses to designate the sites that are authorized to use Domino to relay messages to recipients outside your local Internet domain. For example, if you enter lotus.com, ibm.com in the field. Domino accepts messages to recipients in external Internet domains only from servers with host names ending in lotus.com or ibm.com. Domino rejects messages for external recipients from any server not listed in this field.

Enter host names or IP addresses to designate the sites that cannot use Domino to relay messages to recipients outside the your local Internet domain.

For example, you enter lotus.com in the field. Domino accepts messages to recipients in external Internet domains from all servers except those with host names ending in lotus.com. Domino denies messages to recipients in external Internet domains from servers in the lotus.com domain.

An asterisk (*) in this field prevents Domino from relaying messages from any host subject to the relay controls.

• External hosts (default) - The server applies the inbound relay controls only to hosts that connect to it from outside the local Internet domain. Hosts in the local Internet domain are exempt from anit-relay restrictions. The local Internet domain is defined by either a Global Domain document, if one exists; or as the Internet domain of the host server.
• All connecting hosts - The server applies the Inbound relay controls to all hosts attempting to relay mail to external Internet domains.
• None - The server ignores the settings in the Inbound relay controls. All hosts can always relay.

• Perform anti-relay checks for authenticated users - The server does not allow exceptions for authenticated users. Authenticated users are subject to the same enforcement as non-authenticated users.
• Allow all authenticated users to relay - User who logs in with a valid name and password are exempt from the applicable inbound relay controls. Use this to enable relaying by POP3 or IMAP users who connect to the network from ISP accounts outside the local Internet domain.

When entering an IP address, enclose it within square brackets; for example, [127.0.0.1]. You can use wildcards to represent an entire subnet address, but not to represent values in a range. For example, [127.*.0.1] is valid; [123.123.12-*.123] is not.

• Enabled - When Domino receives an SMTP connection request, it checks whether the connecting host is listed in the Blacklist at the specified sites.
• Disabled - Domino does not check whether a connecting host is on the Blacklist.

• Log - When Domino finds that a connecting host is on the Blacklist, it accepts messages from the host, and records the host name and IP address of the connecting server, and the name of the site where the server was listed.
• Log and tag message - When Domino finds that a connecting host is on the Blacklist, it accepts messages from the hosts; the host name and IP address of the connecting server, and the name of the site where the server was listed; and adds the Note item, $DNSBLSite, to each accepted message.
• Log and reject message - When Domino finds that a connecting host is on the Blacklist, it rejects the connection and returns a configurable error message to the host.

You can use the format specifier '%s' to specify the IP address of the denied host and the DNS Blacklist site where Domino found the host listed. For example, if you enter the following:

Your host %s was found in the DNS Blacklist at %s

Your host 127.0.0.2 was found in the DNS Blacklist at blackholes.mail-abuse.org

Choose "Enabled" to allow the SMTP listener task to perform DNS queries against whitelist sites that you enter in the "DNS Whitelist filters" field.

By default this setting is disabled.

• Silently skip blacklist filters -- All whitelist actions skip blacklist filters. Performs no logging.
• Log only -- Records the host name and IP address of the connecting server, as well as the name of the site where the server was listed.
• Log and tag message -- Adds the Note item, $DNSWLSite, to messages accepted from whitelisted hosts. Records the host name and IP address of the connecting server, as well as the name of the site where the server was listed.

Choose "Enabled" to allow the SMTP listener task to determine if connecting hosts have been blacklisted, that is, if connecting hosts have been entered in the field "Blacklist the following hosts".

By default, this setting is disabled.

IP ranges and masks are supported. Wildcards can be used except within ranges.

• Log only -- Records the host name and IP address of the connecting server found in the private blacklist. This is the default setting.
• Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSBLSite, to messages accepted from blacklisted hosts. The value of $DNSBLSite will be PrivateBlacklist.
• Log and reject message -- Logging occurs in the same manner as in the Log only option. Rejects messages by returning an error response to the blacklisted host.

The format specifier '%s' can be used to insert the IP address of the connecting host. For example, enter the following text: Your host %s was blacklisted. When Domino rejects a message from the blacklisted host 127.0.0.1, the following error message appears: Your host 127.0.0.1 was blacklisted.

Choose "Enabled" to allow the SMTP listener task to determine if connecting hosts have been whitelisted, that is, to determine whether they have been entered in the field "Whitelist the following hosts."

By default this setting is disabled.

Wildcards can be used except within ranges.

• Silently skip blacklist filters -- All actions skip blacklist filter checks. No logging occurs and all actions skip blacklist filters. This is the default setting.
• Log only -- Records the host name and IP address of the connecting server found in the private whitelist.
• Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSWLSite, to messages accepted from whitelisted hosts. The value of $DNSWLSite will be PrivateWhitelist.

• Enabled - Domino verifies the name of the connecting host by performing a reverse DNS lookup. Domino checks DNS for a PTR record that matches the IP address of the connecting host to a host name. If Domino cannot determine the name of the remote host, because DNS is not available or no PTR record exists, it does not allow the host to transfer mail. Although Domino accepts the initial connection, later in the SMTP transaction it returns an error to the connecting host in response to the MAIL FROM command.

• Disabled - (default) Domino does not check DNS to verify the name of the connecting host.

Enter IP addresses in brackets -- for example, [192.168.10.17]

Host name entries may be complete, as in the fully-qualified host name of a particular server, or partial, and imply the existence of a wildcard. That is, if you enter:

abc.com

If you specify host name entries, each time a host connects, Domino checks DNS for a PTR record for the connecting host. If Domino cannot resolve the IP address to a host name because DNS is unavailable or no PTR record exists, no mail is accepted from the connection.

Enter IP addresses in brackets -- for example, [192.168.10.17].

Host name entries may be complete, as in the fully qualified host name of a particular server, or partial and use an implied wildcard. That is, if you enter:

abc.com    

Do not use a leading dot (.) in an entry; for example, .abc.com. Because Domino does not match the leading dot, the entry .abc.com does not prevent connections originating from the domain abc.com.

• Enabled - Domino verifies that the sender's domain exists, by checking the DNS for an MX, CNAME, or A record that matches the domain part of the address in the MAIL FROM command received from the sending host. If no match is found, Domino rejects inbound mail from the host.

• Disabled - (default) Domino does not check DNS to verify that the sender's domain exists.

During the SMTP conversation, the Domino SMTP listener compares the address in the MAIL FROM command received from the connecting host with the entries in this field.

For example, if you enter lotus.com in the field. Domino accepts incoming mail only if the address in the MAIL FROM command ends in lotus.com. Domino denies messages from all other Internet addresses.

You can create a Notes group containing a list of addresses from which to allow messages and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot ('.'). For example, the group with the name group1 is valid, but the groups named iris.com or group2@iris are not

During the SMTP conversation, the Domino SMTP listener compares the address in the MAIL FROM command received from the connecting host with the entries in this field.

If you enter addresses in this field, all messages except those matching addresses listed in this field can route to your users. Mail is denied only from addresses matching the entries in this field. You can also enter group names in this field.

For example, if you enter lotus.com in the field. Domino accepts messages from all Internet addresses and domains except those ending in lotus.com. Domino denies messages from senders whose addresses end in lotus.com.

You can create a Notes group containing a list of addresses from which to deny messages and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot ('.'). For example, the group with the name group1 is valid, but the groups named iris.com or group2@iris are not.

Choose one:

• Enabled - If the domain part an address specified in an SMTP RCPT TO command matches one of the configured local Internet domains, the SMTP listener checks all configured directories to determine whether the specified recipient is a valid user. If all lookups complete successfully and no matching username is found, the SMTP server returns a 550 permanent failure response indicating that the user is unknown. For example:
  550 bad_user@yourdomain.com ... No such user

  Choosing this setting can help prevent messages sent to nonexistent users (for example, spam messages and messages intended for users who have left the organization) from accumulating in MAIL.BOX as dead mail.

  To avoid messages from being rejected as a result of directory unavailability, Domino accepts messages when an attempted directory lookup does not complete successfully.

  To avoid unnecessary directory lookups, Domino completes the other SMTP inbound tests configured in the relay, sender, and recipient controls before verifying names in the Domino Directory.

• Disabled - (default) The SMTP listener does not check whether local domain recipients specified in the RCPT TO command are listed in the Domino Directory.

You can create a Notes group containing a list of addresses allowed to receive mail from the Internet and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot ('.'). For example, the group with the name group1 is valid, but the groups named yourdomain.com or group2@yourdomain are not.

You can create a Notes group containing a list of addresses who cannot receive mail from the Internet and enter the group name in this field. A group entry is valid only if it does not contain a domain part or dot ('.'). For example, the group with the name group1 is valid, but the groups named yourdomain.com or group2@yourdomain are not.

Note If the server supports Local Part name lookups, users whose addresses are listed in the Deny field may still receive mail addressed to alternate Internet addresses. To prevent use of alternate addresses, complete the Internet address field in each user's Person document and allow users to receive inbound mail destined for their fullname addresses only. Refer to "Specifying how Domino looks up users in the Domino Directory" for information on restricting name lookups.