Lotus Domino Administrator 8 Help - Restricting mail routing based on Domino domains, organizations, and organizational units

MAIL

Restricting mail routing based on Domino domains, organizations, and organizational units
You can use two methods to restrict how mail routes over IBM® Lotus® Notes® routing in your infrastructure.

Create Adjacent domain documents in the IBM® Lotus® Domino™ Directory to keep users from routing mail through your domain to another domain. For example, if you have a connection from your domain, Acme, to the Lotus domain and the IBM domain, you might set up an Adjacent domain document to keep users in the Lotus domain from routing to the IBM domain through the Acme domain. Using these restrictions reduces the mail load on your system. Adjacent domain documents keep users from using your domain as a Notes mail relay.

For more information on Adjacent domain documents, see the chapter "Setting Up Mail Routing."

Specify restrictions in the Configuration Settings document in the Domino Directory to restrict mail from specified Domino domains.

Note SMTP can resolve names for group types of Mail-only or Multi-purpose. When you create or modify the SMTP and Router settings in the Configuration Settings document, be sure to enter group names that have a group type of Mail-only or Multi-purpose. This applies to settings on the Restrictions tab, the SMTP Inbound Controls tab, and the SMTP Outbound Controls tab.

To restrict Notes mail routing

1. Make sure you already have a Configuration Settings document for the server(s) to be configured.

2. From the Domino Administrator, click the Configuration tab and expand the Messaging section.

3. Click Configurations.

4. Select the Configuration document for the mail server or servers you want to administer, and click Edit Configuration.

5. Click the Router/SMTP - Restrictions and Controls - Restrictions tab.

6. Complete these fields in the Router Restrictions section, and then click Save & Close:

Field Enter

Allow mail only from domains Domino domains from which the server accepts mail. If you enter Domino domains in this field, only messages from those domains can enter your domain over Notes routing. Domino denies mail from all other Domino domains. For example, if you enter Lotus in the field, Domino accepts only messages sent from the Lotus domain to your users. Domino denies messages sent from all other Domino domains.
You can specify individual domain names or a group name. Group entries cannot contain a domain part or dot ('.'). For example, the group with the name AllowMail is valid, but the groups named Allow.iris.com or Allowmail@iris are not.
Note This restriction does not affect mail in the local Domino domain.

Deny mail from domains Domino domains from which the server denies mail. If you enter Domino domains in this field, all messages except those from the domains listed in this field can route to your users. For example, if you enter Lotus in the field, Domino accepts messages from all Domino domains except the Lotus domain. Domino denies messages from the Lotus domain.
You can specify individual domain names or a group name. Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.
Note This restriction does not affect mail in the local Domino domain.

Allow mail only from the following organizations and organizational units Organizations and/or organizational units from which the server accepts mail. If you enter organizations and/or organizational units in this field, only messages from users in those organizations and/or organizational units can enter your domain over Notes routing. Domino denies mail from all other organizations and/or organizational units. For example, if you enter */East/Lotus in the field, Domino accepts only messages from the /East/Lotus organizational unit to your users. Domino denies messages from organizations and/or organizational units other than */East/Lotus.
You can specify individual organization names, organizational unit names or a group name.

Deny mail only from the following organizations and organizational units Organizations and/or organizational units from which the server does not accept mail. If you enter organizations or organizational units in this field, all messages except those from users in the organizations and/or organizational units in this field can enter your domain over Notes routing. Domino denies mail only from organizations and/or organizational units in this field. For example, if you enter */West/Lotus in the field, Domino accepts messages from all organizations and organizational units except /West/Lotus. Domino denies messages from the /West/Lotus organizational unit.
You can specify individual organization names, organizational unit names or a group name.

Note

If you specify the same entry in an Allow field and a Deny field so there is a conflict between the two fields, Domino denies messages for that entry. The Deny setting takes precedence for security reasons. Avoid placing the same entry in both the Allow and Deny fields for the same setting.

7. The change takes effect after the next Router configuration update. To put the new setting into effect immediately, reload the routing configuration.

See also

Customizing Notes routing

Restricting SMTP inbound routing

Restricting outbound mail routing

Customizing the text of mail failure messages

Setting up routing to non-adjacent Domino domains

Restricting users from sending mail to groups listed in the Domino Directory

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Enter
Allow mail only from domains	Domino domains from which the server accepts mail. If you enter Domino domains in this field, only messages from those domains can enter your domain over Notes routing. Domino denies mail from all other Domino domains. For example, if you enter Lotus in the field, Domino accepts only messages sent from the Lotus domain to your users. Domino denies messages sent from all other Domino domains. You can specify individual domain names or a group name. Group entries cannot contain a domain part or dot ('.'). For example, the group with the name AllowMail is valid, but the groups named Allow.iris.com or Allowmail@iris are not. Note This restriction does not affect mail in the local Domino domain.
Deny mail from domains	Domino domains from which the server denies mail. If you enter Domino domains in this field, all messages except those from the domains listed in this field can route to your users. For example, if you enter Lotus in the field, Domino accepts messages from all Domino domains except the Lotus domain. Domino denies messages from the Lotus domain. You can specify individual domain names or a group name. Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not. Note This restriction does not affect mail in the local Domino domain.
Allow mail only from the following organizations and organizational units	Organizations and/or organizational units from which the server accepts mail. If you enter organizations and/or organizational units in this field, only messages from users in those organizations and/or organizational units can enter your domain over Notes routing. Domino denies mail from all other organizations and/or organizational units. For example, if you enter /East/Lotus in the field, Domino accepts only messages from the /East/Lotus organizational unit to your users. Domino denies messages from organizations and/or organizational units other than /East/Lotus. You can specify individual organization names, organizational unit names or a group name.
Deny mail only from the following organizations and organizational units	Organizations and/or organizational units from which the server does not accept mail. If you enter organizations or organizational units in this field, all messages except those from users in the organizations and/or organizational units in this field can enter your domain over Notes routing. Domino denies mail only from organizations and/or organizational units in this field. For example, if you enter */West/Lotus in the field, Domino accepts messages from all organizations and organizational units except /West/Lotus. Domino denies messages from the /West/Lotus organizational unit. You can specify individual organization names, organizational unit names or a group name.