UPGRADING TO LOTUS NOTES 6 AND LOTUS DOMINO 6

Configuring Domino 5 SMTP inbound relay controls
If a Domino SMTP server is accessible from the Internet, people outside your organization can relay mail through it to destinations in external Internet domains. This may result not only in one of your servers burdened with extra traffic, but also mail appearing to originate in your domain, possibly even spam. To prevent the Domino server from providing an open relay, Lotus Domino 5 introduced relay controls. Using Allow and Deny destination lists, these controls determine the relay destinations to which a server can or cannot send mail and the sources from which the server can and cannot accept relays.

Because you configure the valid relay destinations separately from the valid relay sources, conflicts between the two sets of restrictions can occur. When such conflicts occur, Lotus Domino requires instructions for resolving the conflict. In Lotus Domino 5, Deny entries took precedence over Allow entries; in Lotus Domino 6, Allow entries take precedence over Deny entries.

For example, you allow relays from the following host and deny them to the following domain:


On a Domino 5 server, because the Deny entry takes precedence, the named host, 9.95.91.51, cannot relay to denied destinations. In the example, the Domino 5 server cannot relay to any address in the yahoo.com domain.

On a Domino 6 server, in the event of a conflict between entries, Allow entries take precedence. By giving a specific host "Allow" access, you allow that host to relay to any destination. In the example, the host 9.95.91.51 can relay to the yahoo.com domain even though the domain is explicitly denied as a relay destination.

Similarly, the following configuration denies relays from a specified host and allows them to a specified domain:


On a Domino 5 server, the Deny entry takes precedence, so that the named host, myhost.iris.com, is not a valid relay source. The named host cannot relay to any domain, even to allowed domains.

On a Domino 6 server, the Allow entry takes precedence. In the preceding example, myhost.iris.com is allowed to relay to any destination, including to the explicitly denied domain hotmail.com.

The differences between how Domino 5 and Domino 6 resolve conflicts apply to conflicts occurring between entries in the source and destination lists only. The rules for resolving conflicts between the list of allowed and denied sources or the allowed and denied destinations are the same for both Lotus Domino 5 and Lotus Domino 6: Deny entries take precedence. If you have the following configuration:


the server rejects relays to addresses in the yahoo.com domain.

To preserve the Domino 5 behavior for resolving conflicts in the relay controls

When you upgrade the Domino 5 SMTP mail server, you have the option to not accept this change if you do not want to reconfigure your upgraded mail servers. Lotus Domino 6 provides the NOTES.INI setting SMTPRelayAllowHostsandDomains to allow the server to follow the Domino 5 behavior. Set this setting to 1 to allow the Deny entries to take precedence. The default value for this setting is 0.

For more information about the SMTPRelayAllowHostsandDomains setting, see the topic SMTPRelayAllowHostsandDomains.

See Also