IBM Support

Domino Router Restrictions and Controls Explained

Technote (troubleshooting)


Problem


Introduction

The Restrictions and Controls section of the Server Configuration document is an important part of the Domino SMTP/mail server. This is where mail restrictions are configured to help prevent spam. Spam mail is also referred to as Unsolicited Commercial Email (UCE) or Unsolicited Bulk Email (UBE) and can cause many problems for Domino Administrators. This section of the Configuration document can also be used to control users, servers, domains, and Notes organizations from sending or receiving mail.

Purpose
The purpose of this Technical Paper is to assist you in configuring the Restrictions and Control section of the Server Configuration document. In describing Restrictions, SMTP inbound controls, SMTP outbound controls, Delivery controls, Transfer controls and Rules, this document not only addresses the restrictions for unwanted Internet mail, but it also describes the process for configuring threads and other router restrictions. Examples are provided of the restrictions and the error messages displayed when the restriction is applied by the server.

Assumptions
This document assumes that:

  • You have a working SMTP Domino R8.x server with a registered Internet domain and the corresponding settings in Domain Name System (DNS).
  • You have working knowledge of the SMTP conversation for mail transmission. For more information on the SMTP commands, refer to the Request for Comments number 821, also known as RFC821.

The error messages herein are the default error messages for each field; it is assumed that no error messages have been modified in the Failure Message section under Router/SMTP, Advanced, Controls.

Furthermore, this document uses the terms "local Internet domain" and "external Internet domain" throughout. Here, the local Internet domain refers to the Global Domain document's "Local Primary Internet Domain" and "Alternate Internet Domain aliases." All entries in these two fields are considered the local Internet domain, and all Internet domains not listed are considered the external Internet domains.

Resolving the problem

Restrictions




Allow mail only from domains:

This field is used to specify the Notes domains that can send mail to this domain. If a domain is added to this field, mail will be accepted only from this domain; mail from other Notes domains will be rejected. This restriction does not affect mail routing within the local Notes domain.

The following error message displays on the server console, is written to the log, and is sent back to the originator when the user's domain is not listed in this field:

"02:21:04 PM Router: Policy Reason: Your Domain does not have access to route messages to the specified domain."

Field-Level Help: Domains that will be allowed to send mail to this domain..

Deny mail from domains:

This field is used to specify the Notes domains that cannot send mail to this domain. Adding a domain to this field denies mail from this domain only; Domino will continue receiving mail from all other Notes domains. This restriction, like the "Allow mail from domains" field, does not affect mail routing in the local Notes domain.

The error message is the same as that for the "Allow mail from domains" field, except it is displayed when the domain is entered in this field.

Note: If a single Notes domain is entered in both the allow and deny fields, then the deny field would takes precedence over the allow, this is done because of security issues.

Field-Level Help: Domains that will be restricted from sending mail to this domain.

Allow mail only from the following organizations and organizational units: (*/Acme, */Sales/Corp)

This field is similar to the "Allow mail from domains" field; however, this restriction uses organizational units and/or organizations to allow mail instead of the Notes domains. An entry in this field allows mail only from this organization or organizational unit to send mail to this domain. For example, suppose you enter */acme in this field. This entry allows only users from the acme organization to send mail to the local domain. However, organizations can be split into multiple domains, so this restriction could be done with the "Allow mail from domains" field, but it would require multiple entries.

Error message when the organization is not listed in the allow field:

"02:44:01 PM Router: Policy Reason: Router: CN=First Last/O=ACME@ACME is restricted from sending mail through server SERVER/R80."

Field-Level Help: Organizations and organizational units which are allowed to send mail to this
domain. This restriction applies only if the sender's address is a Notes distinguished name.


Deny mail only from the following organizations and organizational units: (*/Acme, */Sales/Corp)

This field is very similar to "Deny mail from domains" field; however, this restriction uses the organizational units and/or organizations to restrict Notes mail routing. An entry in this field denies mail only from this organizational unit and/or organization. The Domino server will allow the server to route mail from all other organizations. For example, if you enter */north/acme in this field, it will deny all mail from this organizational unit, but it would allow mail from */south/acme to be delivered.

NOTE: If a single Notes organization is entered in both the Allow and Deny fields, the Deny takes the precedence over the Allow because of security reasons.

Error Message received on the Domino console when the sending organization is listed in this field:

"02:49:38 PM Router: Policy Reason: Router: CN=First Last/O=ACME@ACME is restricted from sending mail through server SERVER/R80"

Field-Level Help:Organizations and organizational units which are restricted from sending mail to this domain. This restriction applies only if the sender's address is a Notes distinguished name.


Maximum message size: 0 KB (default)

This is the maximum message size in KB (Kilobytes) the server will accept for routing both Internet mail and Notes mail. This restriction is used for both transfer and local delivery. The default setting 0 K, which will allow the router to deliver any message size.

There are two error messages associated with this field when the message exceeds the maximum size:

"02:53:13 PM Router: Policy Reason: Router: Unable to dispatch message. Size exceeds 1 Kbytes"

"552 Message size exceeds fixed maximum message size set by administrator"

The first is written to the Log and sent back to the registered Notes user in the form of a deliver failure report. The second error message is displayed on delivery failure reports for Internet users.

Field-Level Help: Messages larger than this size will not be transferred or delivered. A non delivery message will be returned to the sender reporting the reason for the failure.


Send all messages as low priority if message size is between: Disabled




This field works with the maximum message size; when the field is enabled, it displays another field. This hidden field allows the to set a size range in KB. If a message falls within this range, the message status would be set to low, and it would routed as low priority. For more details on setting low-priority message delivery, see "Low Priority mail routing time range" in the Transfer Controls tab.

This option can be used if network bandwidth is an issue and you want a certain-sized messages to be received but not transferred during busy production hours. This option works only if the message is being transferred; it does not work for local delivery.

No error messages given or displayed on the server. You can issue a "tell router show" on the server console to see the queue status.

Field-Level Help: Messages in this size range will have their priority permanently changed to low causing them to be sent only during off peak hours. Note that a range of 0 to 0 means never change priority.
---------------------------------------------------------------------------------------------------------------------------------------------------------



SMTP Inbound Controls

Inbound Relay Controls

An IP range can be used to represent more than one host. If the asterisk is placed in one or more units of an IP address, the variant range(s) takes effect.

For example:

This syntax does not work ----> [9.9.*]

Some syntaxes that work ------> [9.9.9.*], [9.9.*.*], [9.*.*.*]




Allow messages to be sent only to the following external Internet domains:

This field configures the Domino R8 mail server as a relay for the specified Internet domains. For example, if you enter acme.com, Domino will relay messages for recipients only in this external Internet domain. This entry will also allow the server to route mail for user@server.acme.com. If @acme.com is entered in this field, a message addressed to user@server.acme.com will be rejected by the Domino server. Any message an SMTP server attempts to relay to this server will be rejected, unless they belong to the acme.com Internet domain.

It is important to note that this setting is used only when the connecting server is not a member of the local Internet domain and it is attempting to relay a message for a recipient in the acme.com domain. This field is a text field that will accept multiple entries, but these entries must be separated by a comma.

Error Message when the Internet domain is not listed in this field:

"12:59:11 PM SMTP Server [026A:0005-0125] Attempt to relay mail to anyone@domain1.com rejected for policy reasons. Relays to recipient's domain denied in your configuration."

Field Level Help: The external Internet domains to which messages will be relayed (or the Domino domains to which messages will be relayed if the item starts with a percent sign). Recipients in all other domains will be rejected. Items need only match the end of the domain name (acme.com will match jsmith@serv1.acme.com, @acme.com will match jsmith@acme.com but will not match pbrown@serv1.acme.com ).

Deny messages from external Internet domains to be sent to the following Internet domains:

Entries in this field restrict the Domino server from relaying messages from external hosts to the domain specified in this field. If the message is addressed to recipients in this domain, the Domino server rejects the message. This field, like the Allow field, will also accept multiple entries, but these entries must be separated by a comma.

For example, if you enter "acme.com" in this field, when a external server connects to send mail to user@acme.com, the message would be rejected. If you enter "@acme.com" in this field, the Domino server would only reject message from users that belong to this Internet domain; messages addressed to user@server.acme.com would be allowed.

NOTE: If you specify the same entry in the Allow field and the Deny fields, Domino will always take the Deny field as precedence over the Allowed field. Because of security concerns, Deny must take precedence. You can also use an asterisk (*) as a wildcard to indicate all domains are denied.

Error Message displayed when the domain is entered the deny field:

"01:04:18 PM SMTP Server [0101:0004-0148] Attempt to relay mail to user@acme.com rejected for policy reasons. Relays to recipient's domain denied in your configuration."

Field Level Help: The external Internet domains to which we will never relay messages(or the Notes domains to which messages will never be relayed if the item starts with a percent sign). * would reject message relays to all recipients. Items need only match the end of the domain name (acme.com will match jsmith@serv1.acme.com, @acme.com will match jsmith@acme.com but will not match pbrown@serv1.acme.com ).

Allow messages only from the following external Internet hosts to be sent to external Internet domains:

The entries in this field identify the external hosts and/or IP addresses allowed to relay messages through this Domino server. The message destination must be an Internet domain for which the intended recipient is another Internet domain. These host names and/or IP address will be able to relay messages through the Domino R5 server.

For Example, if you enter acme.com in this field, Domino will only accept mail from servers that match this entry, so server.acme.com would match. More information on this can be found in the Field Level help.

Error Message received in the form of Delivery failure reports when the domain is not listed in the Allow field:

"554 Relay rejected for policy reasons"

Field Level Help: The fully qualified host names or IP addresses of connecting hosts for which we will relay messages. Items need only match the end of host names (acme.com will match serv1.acme.com). IP addresses are always enclosed in square brackets and may include * as a wildcard for subnet addresses.

Deny messages from the following external Internet hosts to be sent to external Internet domains:

The entries in this field identify the external hosts and/or IP address restricted from relaying messages through this Domino server. A message intended for recipients outside the local Internet domain would be rejected.

For Example, if you enter Domain1.com in this field, Domino will reject the ability to relay mail from servers that belong to this Internet domain.

NOTE: If you specify the same entry in the Allow field and the Deny fields, Domino will always take the Deny field as precedence over the Allowed field. Because of security concerns, Deny must take precedence. You can also use an asterisk (*) as a wildcard to indicate all domains that are denied from relaying.

Error Message received in the form of Delivery failure reports when the domain is listed Deny:

"554 Relay rejected for policy reasons"

Field Level Help: The fully qualified host names or IP addresses of connecting hosts for which we will never relay messages. * means all hosts. Items need only match the end of host names (acme.com will match serv1.acme.com). IP addresses are always enclosed in square brackets and may include * as a wildcard for subnet addresses.

Hide details for Inbound Relay Enforcement Inbound Relay Enforcement

Perform Anti-Relay enforcement for these connecting hosts:


Field Level Help: Specifies whether inbound relay controls apply to internal as well as external host. Choose one.

"External host" (default) The server enforces inbound relay controls only for host outside the local internet domain. Internal host can always relay.

"All connecting host" Provides a stricter relay enforcement by applying inbound relay controls to internal as well as external host.

"None" - Disables inbound relay controls.


Exclude these connecting hosts from anti-relay checks

Field Level Help: Enter the IP address or host names to specify host exempt from enforcement of inbound relay controls. Enter an IP address in square brackets: for example [127.0.0.1]. You can wild cards to represent an entire subnet address, but not to represent values in a range.

For example, [127.*.0.1] is valid. 123.123.12.*.123] is not.


Exceptions for authenticated users:

Field Level Help: Specifies whether authenticated user are exempt from enforcement of the inbound relay controls.

Perform anti-relay checks for authenticated users - The server does not allow exceptions for authenticated users. Authenticated users are subject to the same enforcement as non-authenticated users.

Allow all authenticated users to relay - User who logs in with a valid name and password are exempt from the applicable inbound relay controls. Use this to enable relaying by POP3 or IMAP users who connect to the network from ISP accounts outside the local Internet domain.

Note: When setting your configuration settings document to 'Allow all authenticated users to relay' the
administrator will need to change the server document: Mail tab Name & password to Yes under Mail SMTP Inbound

Hide details for Server Document:Server Document:



Hide details for DNS Blacklist FiltersDNS Blacklist Filters
DNS Blacklist Filters:

Field Help: If enabled the smtp listener task will perform dns queries against the blacklist sites configured below for all host that are subject to inbound relay control enforcement.

Enabled - When Domino receives an SMTP connection request, it checks whether the connecting host is listed in the blacklist at the specified sites.

Disabled - Domino does not check whether a connecting host is on the blacklist.


Allow connections only from the following SMTP internet hostnames/IP addresses:

Field Help: Allow messages only from these host. Items need only match the end of host names (acme.com will match server1.acme.com) IP address must be enclosed in square brackets and may include an * as a wild card or subnet address.

Deny connections from the following SMTP internet hostnames/IP addresses:

Field Help: Refuse messages from these hosts. Items need only match the end of host names (acme.com will match server1.acme.com) IP address must be enclosed in square brackets and may include an * as a wild card or subnet address.

Error limit before connection is terminated:

Field Help: Terminates the connection when the number of protocol errors returned for the session exceeds this value. For example, possible errors are blacklist rejections, or RCPT to rejections. The error returned is – 421 smtp service is not available.. Closing transmission channel.

Hide details for DNS Whitelist FiltersDNS Whitelist Filters

DNS Whitelist Filters:
When enabled the SMTP listener task performs DNS queries against whitelist sites your you define in the "DNS Whitelist filters".

Field Help: If enabled the smtp listener task will perform dns queries against the whitelist sites configured below for all host that are subject to inbound relay control enforcement.

DNS Whitelist Sites:
Defines a list of DNS whitelist sites in which the SMTP listener task will perform DNS queries.

Field Help: Specifies the dns whitelist sites to check when domino receives an smtp connection request.

Desired action when a connecting host is found in a dns whitelist:
Specifies actions to be taken when a host is found in DNS whitelist,

Field Help:
Silently skip blacklist filters – Performs no logging>
Log only – Records the host name and IP address of the connecting server found in the private whitelist.
Log and tag – Adds the Note item, $DNSWLSITES, to messages accepted from whitelisted hosts.

Hide details for Private Blacklist FiltersPrivate Blacklist Filters
Private Blacklist Filter:

Field Help: If enabled, the smtp listener task will determine if the connecting host has been blacklisted by the Administrator. Note: Applies only to host subject to inbound relay enforcement.

Blacklist the following hosts:

Field Help: Enter the ip addresses or host names of the systems to black list. Enclose IP addresses with square brackets: For example [127.0.0.1]. IP ranges and masks are supported. Wild cards can be used except within ranges.

Desired action when a connecting host is found in the private blacklist:

Field Help: Log only - Records the host name and IP address of the connecting server and the name of the site where the server was listed.
Log and tag messages - Adds the Note item, $DNSBLSites to the messages accepted from blakclisted host.
Log and reject message - Rejects the connection and returns a configurable error message to a blacklisted host.

All actions skip blacklist filters, if enabled.

Custom SMTP error response for rejected messages:

Field Help: Text included in the error response when rejecting messages from blacklisted hosts. The format specifier '%s' can be used to insert the ip address of the connecting host. For example, if you enter the following text Your host %s was blacklisted, when domino rejects a message from the blacklisted host 127.0.0.1, it will return the following error message. Your host 127.0.0.1 was black listed.

Hide details for Private Whitelist FiltersPrivate Whitelist Filters
Private Whitelist filters

Field Help: If enabled, the SMTP listener task will perform DNS queries against the whitelist sites configured below for all host that are subject to inbound relay control enforcement.

DNS Whitelist Sites:

Field Help: Enter IP address or host names of the system to whitelist. Enclose IP adresses with square brackets: for example: [127.0.0.1]. IP ranges and masks are supported. Wildcards can be used except within ranges.

Desired action when a connecting host is found in a DNS whitelist:

Field Help: Silently skip blacklist filters - Performs no logging. Log only - Records the host name and IP address of the connection server, and the name of the site where the server was listed. Log and tage message - Adds the note item $DNSWLSites, to messages accepted from whitelisted hosts. All actions skip blacklist filters, if enabled.




Outbound Sender Controls

Allow messages only from the following Internet addresses to be sent to the Internet:

Field Help: The sender may send messages outside of the local internet domain only if their address is included in this list. This restriction only applies if the sender's address is an internet address.

Specifies the RFC 821 Internet addresses of users in the local Internet domain from whom IBM® Lotus® Domino® accepts mail destined for Internet addresses outside the local Internet domain. If this field contains entries, Domino accepts outbound Internet mail from the specified Internet addresses only and rejects outbound Internet mail sent from other addresses. Rejected mail is returned to the sender.

Enter Internet addresses in the form user@domain.com, or enter the name of an IBM® Lotus® Notes® group containing a list of Internet addresses allowed to send mail to the Internet.

Wildcards (for example, *acme.com) and isolated Internet domain suffixes (for example, acme.com) are not acceptable values in this field.

Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.

Deny messages from the following Internet addresses to be sent to the Internet:

Field Help: The sender may not send messages outside of the local internet domain if their address is included in this list. 8 means deny all. This restriction only applies if the sender's address is an Internet address.

Specifies the RFC 821 Internet addresses of users in the local Internet domain from which Domino does not accept mail destined for external Internet addresses. If this field contains entries, Domino rejects outbound Internet mail sent from the specified Internet addresses and returns it to the sender. All other users can send Internet mail.

Enter Internet addresses in the form user@domain.com, or enter the name of a Notes group listing the Internet addresses from which to deny outbound Internet mail.

Wildcards (for example, *acme.com) and isolated Internet domain suffixes (for example, acme.com) are not acceptable values in this field.

Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.

Allow messages only from the following Notes addresses to be sent to the Internet:

Field Help: The sender may send messages outside of the local internet domain only if their address is included in this list. This restriction only applies if the sender's address is a Notes address. Groups are allowed as entries, however, ACL type groups are not supported.

Specifies the Notes user names from which Domino accepts mail destined for external Internet addresses. If this field contains entries, Domino accepts outbound Internet mail from the specified entries only and rejects outbound Internet mail sent from all other Notes addresses. Rejected mail is returned to the sender.Enter fully-qualified Notes addresses in the form User/Organizational_unit/Organization, or enter the name of a Notes group whose members you want to prevent from sending Internet mail. Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.

Deny messages from the following Notes addresses to be sent to the Internet:

Field Help: The sender may not send messages outside of the local internet domain if their address is included in this list. * means all. This restriction only applies if the sender is a Notes address. Groups are allowed as entries., however ACL type groups are not supported.

Specifies the Notes user names from which Domino does not accept mail destined for external Internet addresses. If this field contains entries, Domino rejects outbound Internet mail sent from the specified entries and returns it to the sender. Domino accepts outbound Internet mail from all other Notes addresses.

Enter fully-qualified Notes addresses in the form User/Organizational_unit/Organization or the name of a Notes group whose members you want to prevent from sending Internet mail.

Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.

Outbound Recipient Controls

Allow messages only to recipients in the following Internet domains or host names

Field Help: Messages will be allowed if the recipient's domain name is in the list. Messages will also be allowed if one of the possible mail exchange (mx) hostnames for the intended recipient's domain matches an entry in this list. Messages to other domains or hostnames are denied. Entries only need to match the end of names (acme.com allows server1.acme.com).

Specifies the Internet domains, such as acme.com, and Internet host names, such as mailhost.acme.com, to which Domino can send mail. If there are entries in this field, users can only send Internet mail to the specified entities. Domino denies mail to all other domains or host names.

If you specify an Internet domain, users can send mail to any host or sub-domain in that domain. Domino matches entries against the last part of domain names or host names, so entering host.acme.com allows mail to mail.host.acme.com as well inbound.host.acme.com.

Group entries cannot contain a domain part or dot ('.'). For example, the group with the name AllowMail is valid, but the groups named Allow.iris.com or Allowmail@iris are not.

Deny messages to recipients in the following Internet domains or host names

Field Help: Messages to recipients in domains specified in this list are denied. Messages are also denied if a hostname in this list matches one of the possible mail exchange (mx) hostnames of intended recipient's domain. Entries only need to match the end of names (acme.com denies server1.acme.com)

Specifies the Internet domains, such as acme.com, and Internet host names, such as mailhost.acme.com, to which Domino cannot send mail. Domino allows mail to all other domains or host names. Domino matches entries against the last part of domain names or host names, so entering host.acme.com denies mail to smtp.host.acme.com as well as inbound.host.acme.com.

Group entries cannot contain a domain part or dot ('.'). For example, the group with the name DenyMail is valid, but the groups named Deny.iris.com or Denymail@iris are not.

Hide details for Delivery ControlsDelivery Controls

Delivery Controls

Maximum delivery threads:

Field Help: Enter the maximum number of delivery threads. If left blank, the Router automatically sets the value.
The maximum number of server threads Domino can create to deliver mail from MAIL.BOX to local mail files. The Router automatically sets the default maximum number of delivery threads based on server memory. Letting the Router select the maximum number is usually best. To set the maximum number manually, enter a maximum between 1 and 25, based on the server load.

Encrypt all delivered mail:

Field Help: Enavled - Always encrypts mail, regardless of settings in recipient's Person document. Disabled - Encrypts mail only if specified by settings in the recipient's Person document.

  • Enabled - When delivering messages to local mail files, Domino encrypts the messages, regardless of whether the sender encrypted the message or the recipient's mail file encrypts messages.
  • Disabled (default) -- Domino encrypts messages only if the recipient's mail file is set to encrypt received messages.

Pre-delivery agents:

Field Help: This field specifies the maximum elapsed time that any pre-delivery agent will allowed to execute. If the agent executes beyond the number of seconds specified by this field, the execution of the agent will be aborted.

Users who create LotusScript™ or Java™ agents for their mail files can set that the agent runs before new mail arrives. When delivering mail, if the Router detects such a pre-delivery agent, it runs it on against message before the message ever appear in the recipient's Inbox. Use this field to specify whether the server permits the use of pre-delivery agents. Choose one:

  • Enabled - (default) Allows the Router to run agents that process mail before delivering it to user mail files on the server.
  • Disabled - Prevents the Router from running pre-delivery agents.

Pre-delivery agent timeout:

Field Help: This field specifies the maximum elapsed time that any pre-delivery agent will be allowed to execute. If the agent executes beyond the number of seconds specified by this field, the execution of the agent will be aborted.

The maximum time (in seconds) that a pre-delivery agent, such as a mail filter, can run before the Router interrupts it. Because the Router waits for pre-delivery agents to complete, failure to restrict agents can slow routing performance on the server. The default time-out is 30 seconds.

User rules mail forwarding:

Field Help: Enabled - The Router Supports the "Send copy to" action for the client mail rules, allowing users to send copies of messages automatically to other recipients. Disabled - Prevents Notes clients from using "Send copy to" rule action.

Notes users can create mail file rules that automatically process new mail. Client mail rules specify an action to take on newly-delivered messages that meet certain conditions. Use this field to specify whether the Router on this server supports the rule action to send copies of selected messages automatically to other recipients. Choose one:

  • Enabled - The Router supports the "Send copy to" action for client mail rules, allowing users to send copies of messages automatically to other recipients.
  • Disabled - Prevents Notes clients from using the "Send copy to" rule action.

Reverse path for forwarded mail:

Field Help: Configure how the revers-path (SMTP Originator) is specified for messages forwarded by the user mail rule action "send copy to" By default revers path is set to null, indication delivery status reports (DSNs) should not be sent. Set revers-path to null -- The default setting. This setting avoids loops, but is rejected by som SMTP servers' spam filters. Preserve existing value --Message originator may receive failure reports. Use the current recipient's Internet address -- The person forwarding the message may receive a failure report. Caution! This can cause loops. Construct nondeliverable return address -Prepend "nonbounce" to the current recipient's Internet address to construct a nondelivreable return address.

  • Set reverse-path to null -- Default setting. Delivery status reports are not sent.
  • Preserve existing value -- Leave the setting as is. The message originator, that is, the person who originally sent the message, may receive delivery failure reports.
  • Use recipients Internet address -- Use the current recipient's Internet address as the message originator.
  • Construct non-deliverable return address -- Use "nobounce" prepended to current recipient's Internet address.

Quota Controls

Over Warning Threshold Notifications:

Field Help: Send warning notification message to user when they are over their quota warning threshold.

Specifies how often the Router delivers notifications to users who exceed their warning threshold.

Choose one:

  • None - The Router does not deliver notifications when mail files grow larger than the specified warning threshold.
  • Per Message - The Router delivers a notification for every message it delivers after the mail file exceeds the specified warning threshold.
  • Per Interval N - Send notifications at a specified interval until the user deletes or archives enough messages to bring the size of the mail file below the specified Warning Threshold. When this option is selected, an additional field, "Warning Interval Minutes," appears.

Warning Interval Minutes:

Field Help: Time Period during which only one warning notification should be given to users who are over their quota warning threshold. This field is available when selecting 'per time interval' from the above field.

Specifies, in minutes, how long the Router waits to send the next Over Warning Threshold Notification

Over Quota Notification:

Field Help: Send error notification message to user when they are over their quota. The message will indicate the action taken by the router.

Specifies how often the Router delivers notifications to users who exceed their quota.

Choose one:

  • None - The Router does not deliver notifications when mail files grow larger than the specified warning threshold.
  • Per Message - The Router delivers a notification for every message it delivers after the mail file exceeds the specified quota.
  • Per time interval - The Router immediately sends an "over quota" notification to the user's mail file; the notification is sent immediately -- not according to the specified per time interval setting.

Error Interval:
Specifies, in minutes, hours, or days how long the Router waits to send the next Over Quota Notification.

Over Quota Enforcement:

Field Help: Select Deliver Anyway to disregard the quota limit. Non Deliver will not allow delivery to the mail database over quota and will return a non delivery message to the sender reporting the reason for the failure. Hold and Retry will keep the message pending in the mail.box and try to deliver it later when the database may be under quota.

Specifies the action the Router takes when receiving new mail for a user whose mail file is larger than the specified quota.

Choose one:

  • Deliver anyway (don't obey quotas) - (Default) The Router continues to deliver mail to a mail file that is over quota.
  • Non Deliver to originator - The Router stops delivering new messages to the mail file and returns a nondelivery message to the sender reporting that the message could not be delivered because the intended recipient's mail file was full.
  • Hold mail and Retry - The Router stops delivering new messages to the mail file and temporarily holds incoming messages in MAIL.BOX until space is available in the mail file. After a configured interval, the Router tries to deliver the message. If the user has sufficiently reduced the size of the mail database by the next scheduled delivery attempt, the mail is delivered. Messages that cannot be delivered before the configured expiration time (default =1 day) are returned to the sender as undeliverable.
If you choose this option, the document displays additional fields where you can specify how the server handles held messages.

Hide details for Transfer Controls Transfer Controls
Transfer Controls
Maximum transfer threads:
Field Help: The maximum number of threads Domino creates to transfer messages to all other servers. The value applies to both Notes routing and SMTP. The Router sets a default maximum number of transfer threads based on server memory. Letting the Router select the maximum number is usually best . If you set the maximum number manually, set the maximum to between 1 and 25 threads, depending on server load.


The maximum number of server threads Domino creates to transfer messages to all other servers. The value applies to both Notes routing and SMTP. The Router sets a default maximum number of transfer threads based on server memory. Letting the Router select the maximum number is usually best. If you set the maximum number manually, set the maximum to between 1 and 25 threads, depending on server load.

Maximum concurrent transfer threads:

Field Help: The maximum number of server threads the Domino Router uses to transfer messages to a single destination. The value applies to both Notes routing and SMTP. If no value is specified, the default value is equal to one-half of the maximum transfer threads, rounded down to the nearest integer. By default, domino does not use multiple concurrent threads when transferring messages over Notes routing from one Domino domain to another.

Maximum hop count:

Field Help: The maximum number of times a message can be transferred between servers before delivery fails and domino sends a non-delivery messages.

Low-priority mail routing time range:

Field Help: The time range when domino routes messages marked as low priority. The default is between 12 AM and 6AM.

Low priority delay notification:

Field Help: If you configure the Router to hold low-priority messages until a given time period, message originators may not be aware of the reason for the delay. The Router can generated delay notifications for every low-priority message held., or for specific messages only. Choose on:

Disable -The Router does not notify senders when messages are delayed for priority reasons.

Only if priority changed for policy reasons - The Router notifies senders of priority-related delays only for messages that were designated low-priority as the result of a configured mail rule or size restriction.

Only if user requested low-priority- The Router notifies senders of priority-related delays only for messages which the sender designated as low-priority.

All low-priority messages - The Router notifies senders of priority-related delays for all low-priority messages.

Initial transfer retry interval:

Field Help: The time (in minutes) that the Router waits after a message transfer failure before retrying the transfer.

The default interval is 15 minutes. Lower values increase the retry attempts per hour and could possibly increase the success rate of routing the messages. Higher values decrease the retry attempts per hour, resulting in longer routing times.

The Router continues attempts to transfer a pending message until the age of the message reaches the configured time-out value (by default, 24 hours). After a message times out, the Router generates a delivery failure report to the sender.

Expired message purge interval:

Field Help: Specifies, in minutes, how often the router checks the MAIL.BOX for expired messages to purge. The default is 15 minutes.

Transfer and delivery delay notifications:

Field Help: Choose whether to send a delay notification to the author of a pending message that was not transferred or delivered within a specified amount of time. For each priority level, define the period of time in the Delay notification intervals fields. This notification differs from the low priority time range delay notifications in that the transfer and deliver settings applies to all messages priorities, and indicates the message is being retried after a failed transfer or delivery attempt. Low priority time range delay notifications are a one-time notification indicating that no attempt is made to transfer a message until the low priority time range.

Choose one:

  • Enabled -- To allow the transfer and delivery of Delay notifications.
  • Disable -- To prevent the transfer or delivery of Delay notifications.
Delay notification intervals:

Enter how long (in minutes) a pending message should be in the queue before the Roter will send a delay report to the author. If the interval is reached a second time, a second delay report will be sent.

Specify the amount of time that a high, normal, and low priority message should reside in the message queue before the router sends a Delay report to the author of the message. The default for each priority is four (4) hours.

Specify the amount of time in hours or minutes for High priority mail, Normal priority mail, and Low priority mail.


Rules

Condition Component and Description:

Message item:

Specifies the IBM® Lotus® Notes® message item that the Router examines when evaluating whether to apply a rule. Choose one of the following:

Sender, Subject, Body, Importance, Delivery priority, To, CC, BCC, To or CC, Body or subject, Internet domain, Size (in bytes), All documents, Attachment name, Number of attachments, Form, Recipient count, or Any recipient

Logical operator or qualifier:

Specifies how the Router evaluates the content of the target field. Choose one of the following:

  • contains (for text field values)
  • does not contain (for text field values)
  • is
  • is not
  • is less than (for numeric field values)
  • is greater than (for numeric field values)

For example, if you selected the message item Attachment Name, selecting the qualifier "is" defines a rule that acts on all messages having an attached file with a name that exactly matches the name you specify.

Field value to check:

Specifies the content to search for in the target message item.

For example, if the target message item is Attachment Name and the qualifier is "contains," enter .VBS to create a rule that acts on all messages having an attached file with a name containing the string .VBS, including, LOVE-LETTER.VBS, CLICK-THIS.VBS.TXT, and MY.VBS.CARD.EXE.

Action name and Description

Journal this message:

The Router sends a copy of the message to the configured Mail Journaling database and continues routing the message to its destination. Mail journaling must be enabled on the Router/SMTP - Advanced - Journaling tab.

Move to database:

The Router removes the message from MAIL.BOX and quarantines it in the database specified in the accompanying text field, for example, GRAVEYARD.NSF. The specified database must already exist. The message is not routed to its destination. Placing messages in a quarantine database lets you examine them more closely for viruses or other suspicious content.

Don't accept message:

IBM® Lotus® Domino® rejects the message, but the Router does not generate a delivery failure report. Depending on the message source, the sender may or may not receive an NDR or other indication that the message was not sent.

  • When Domino does not accept an incoming SMTP message it returns an SMTP "permanent error" code to the sending server, indicating that the message was rejected for policy reasons. SMTP permanent errors (500-series errors) indicate error types that will recur if the sender attempts to send to the same address again. Depending on the configuration of the sending client and server, the message originator may then receive a Delivery Failure report.
  • For messages received over Notes routing, Domino returns a Delivery Failure Report indicating that the message violated a mail rule.
  • For messages deposited by a Notes client, the sending client displays an error indicating that the message violated a mail rule.

Don't deliver message:

Domino accepts the message, but rather than sending it to its destination, it processes the message according to one of the following specified options:
  • Silently delete - Domino deletes the message from MAIL.BOX with no indication to the sender or recipient.
  • Send NDR - Domino returns the message to the sender. The MIME and Notes rich text versions of messages sent from a Notes client result in separate delivery failure reports.
Change routing state:

Domino accepts the message, but does not deliver the message. Instead, it marks it as held, changing the value of the RoutingState item on the message to HOLD. This change to the routing state of the message causes the Router to retain the message in MAIL.BOX indefinitely, pending administrative action.

Related information

Troubleshooting IBM Lotus Domino 8 mail routing issues

Document information

More support for: IBM Domino
SMTP / MIME

Software version: 7.0, 8.0, 8.5, 9.0

Operating system(s): AIX, Linux, Solaris, Windows, z/OS

Reference #: 1385199

Modified date: 27 October 2015