Lotus Domino Administrator 8 Help - Enabling private blacklist filters for SMTP connections

MAIL

Enabling private blacklist filters for SMTP connections
Use private blacklists to specify hosts and/or domains responsible for sending unnecessary, unwanted mail to your Internet domain. For consistency, IBM® Lotus® Domino's™ private blacklists follow the model currently used by existing anit-spam functionality. Private blacklists are stored in the Domino Directory to simplify the process of maintaining and distributing blacklist information between servers.

When private blacklists are enabled, the SMTP listener task compares the names of hosts that may be subject to relay enforcement against the private blacklist prior to performing DNS blacklist queries. This prevents unnecessary DNS lookups. If the host is found in the private blacklist, the action specified in the field "Desired action when a connecting host is found in a private blacklist" in the Private Blacklist Filters section of the Configuration Settings document applies. If the host is not found in the private blacklists, processing continues with DNS whitelist filters and then DNS blacklist filters.

Enabling the use of private blacklist filters

This procedure assumes you have previously set up a Configuration Settings document for the server.

1. From the Domino Administrator, click the Configuration tab and expand the Messaging section.

2. Click Configurations.

3. Select the Configuration Settings document for the server on which you are enabling the private blacklist filters.

4. Click Router / SMTP - Restrictions and Controls - SMTP Inbound Controls.

5. Complete these fields in the Private Blacklist Filters section and then click Save and Close.

Field Action

Private Blacklist filter Note Private blacklist filters apply only to hosts that are subject to inbound relay enforcement.
Choose "Enabled" to allow the SMTP listener task to determine if connecting hosts have been blacklisted, that is, if connecting hosts have been entered in the field "Blacklist the following hosts".
By default, this setting is disabled.

Blacklist the following hosts Enter IP addresses or host names of the systems to blacklist.
IP ranges and masks are supported. Wildcards can be used except within ranges.

Desired action when a connecting host is found in the private blacklist Choose one:

Log only -- Records the host name and IP address of the connecting server found in the private blacklist. This is the default setting.
Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSBLSite, to messages accepted from blacklisted hosts. The value of $DNSBLSite will be PrivateBlacklist.
Log and reject message -- Logging occurs in the same manner as in the Log only option. Rejects messages by returning an error response to the blacklisted host.

Custom SMTP error response for rejected messages Enter the custom error message text to be sent when the connecting host's name is found in the private blacklist.
The format specifier '%s' can be used to insert the IP address of the connecting host. For example, enter the following text: Your host %s was blacklisted. When Domino rejects a message from the blacklisted host 127.0.0.1, the following error message appears: Your host 127.0.0.1 was blacklisted.

Private blacklist statistic

The SMTP listener task maintains a cumulative count of the number of connections accepted from blacklisted hosts, and stores that count in the SMTP.PrivateBL.TotalHits statistic. The SMTP.PrivateBL.TotalHits statistic is part of the SMTP statistics package and can be viewed using the Domino Administrator client or from the server console by entering the following command:

show stat SMTP

Restricting inbound SMTP connections

Glossary

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Glossary

Field	Action
Private Blacklist filter	Note Private blacklist filters apply only to hosts that are subject to inbound relay enforcement. Choose "Enabled" to allow the SMTP listener task to determine if connecting hosts have been blacklisted, that is, if connecting hosts have been entered in the field "Blacklist the following hosts". By default, this setting is disabled.
Blacklist the following hosts	Enter IP addresses or host names of the systems to blacklist. IP ranges and masks are supported. Wildcards can be used except within ranges.
Desired action when a connecting host is found in the private blacklist	Choose one: Log only -- Records the host name and IP address of the connecting server found in the private blacklist. This is the default setting. Log and tag message -- Logging occurs in the same manner as in the Log only option. Tags the message by adding the Note item, $DNSBLSite, to messages accepted from blacklisted hosts. The value of $DNSBLSite will be PrivateBlacklist. Log and reject message -- Logging occurs in the same manner as in the Log only option. Rejects messages by returning an error response to the blacklisted host.
Custom SMTP error response for rejected messages	Enter the custom error message text to be sent when the connecting host's name is found in the private blacklist. The format specifier '%s' can be used to insert the IP address of the connecting host. For example, enter the following text: Your host %s was blacklisted. When Domino rejects a message from the blacklisted host 127.0.0.1, the following error message appears: Your host 127.0.0.1 was blacklisted.