|
|
|
|
|
|
|
|
|
|
|
|
|
|
How I learned to stop worrying and love the SMTP MTA (continued)
Unfortunately, this parameter cannot be used if your users are accessing the Domino server using POP3. Enabling this protocol disables the use of POP mail since POP needs a SMTP relay host to send mail.
If you are not using POP mail, it is highly recommended that you set this parameter to protect your system and eliminate the potential that your system be used as a spam relay host.
SMTPMTA_DENIED_DOMAINS
This parameter was first introduced in Domino 4.6.2 (MTA 1.2). This parameter allows you to reject mail originating from specific domains. Unfortunately, the parameter is an all or nothing proposition. It does not allow you to block a specific user's sending address. It is entered into NOTES.INI in the form below:
SMTPMTA_DENIED_DOMAINS=C:\NOTES\<filename>
where "filename" contains the list of domains you wish to block:
hotmail.com
spam.juno.com
evilspammer.com
|
As a usage example, let's say that someone obtains an account through Prodigy, America Online, or Hotmail, and decides to relay spam through your SMTP MTA. They use a specific account, dani_101lbs@prodigy.com. If you decide to add prodigy.com to your list of refused domains, you will be unable to receive mail from anyone sending mail from prodigy.com. This has obvious drawbacks, but it has one specific huge benefit.
Watching someone relay spam through your site is a somewhat hideous feeling. Instead of being helpless, set the sending domain within the rejected domains list, restart the SMTP MTA, and contact the administrator at the sending domain to notify them of what is happening. After the problem has been resolved, you may remove the domain from the DOMAIN list, restart the SMTP MTA, and life will be back to normal.
I've used this setting to stop thousands of messages relaying from a Prodigy account to (what looked like) every email address at America Online (aol.com). It gave me instant satisfaction to know that I was stopping the person from sending his or her mail.
SMTPMTA_HELO_DOMAIN_VERIFY
This parameter was first introduced in Domino version 4.6.2 (MTA 1.2). The SMTPMTA_HELO_DOMAIN_VERIFY line item is designed to stop mail that is sent from a forged (fake) domain name. The majority of spam mail is not sent directly from its originating domain as is the case when mail is relayed off an unsuspecting site's SMTP host.
The SMTPMTA_HELO_DOMAIN_VERIFY command causes the SMTP MTA to perform a check to verify that the IP address that is sending the mail is registered in DNS as the originator's domain. The SMTP MTA server will quickly scan through DNS looking for a record that matches the originating IP address with the domain.
For example, if joe@evilspammer.com sends you mail and you have the SMTPMTA_HELO_DOMAIN_VERIFY parameter implemented, the SMTP MTA will automatically look up evilspammer.com” to make sure that the sender's IP address corresponds in DNS with the evilspammer.com domain.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Find unused Lotus Notes groups and clean up your address book
Have you ever wanted to get rid of old Lotus Notes groups that were cluttering up your address book, but you weren't sure if they were used? Find Unused Groups can help.
Find Unused Groups will check your ACL, mail, multi purpose and server groups to help you determine if they are used, and who uses them.
Learn how to easily clean up your address book. |
-- Advertisement --
Mark your calendar for in-depth Lotus training, May 12-14, Boston
Join experts and peers May 12-14 in Boston for educational and networking events that deliver real-world Lotus training so you can increase productivity and efficiency in your company, advance your skills, and squeeze the most from your current environment. One registration gets you into THE VIEW's Admin2010 and Lotus Developer2010.
Register by April 10 to save $200. |
|
|
|
|
|
|
|
|
|
|
