A complicated SMTP routing question

I have an unusual SMTP routing issue to try to implement and hope someone here can offer some advice.

We are a city government, currently with two Domino servers, one for our police department and one for everybody else (City Hall), due to the extra security needs for the PD. We only have one point of entry for Internet SMTP email, and that is the city server since all Internet email is not deemed to be security-sensitive. The PD does have has their own internet domain name and all their email that is inbound/outbound from the public Internet flows thru the city server. I do not currently have the SMTP routing task enabled at all on the PD server and everything is working just fine this way for right now. Emails outbound from the PD server destined for the Internet are actually getting routed via NRPC to the city hall server first before going outside. The dilemna is that we now have a need to establish a secure SMTP path from PD’s Domino server directly to an MS Exchange server that is located at the district attorney’s office at the courthouse across downtown. This email traffic cannot be allowed to pass thru the city server or over the internet since it contains sensitive information, such as juvenile prosecution cases, that are required to be kept confidential under state law. We already have a dedicated private secure fiberoptic link (with all the special tcp/ip routing necessary for this already in place) from the PD building straight to the courthouse, over which our old MS Exchange server at PD was able to communicate directly with the Exchnage server in the DA’s office via smtp and this traffic was proven to route directly from server to server over the fiber with no security leaks, yet the PD’s server was still able to send and receive public Internet email traffic via another fiberoptic link back to the city hall computer room’s internet gateway email relay server. MS Exchange had the configurability to perform this specialized routing rather painlessly.

I need to implement the same situation with our new Lotus servers, so that the PD can still send/receive public, non-sensitive Internet emails like they can right now by having all their Internet email being funnelled thru the city’s domino server and then out to the Internet and vice-versa, but all SMTP traffic to/from the DA’s office server must be routed strictly thru the dedicated private fiber link to the courthouse.

When I tried enabling SMTP routing on the PD server, all of a sudden I noticed normal Notes mail traffic to/from the City Hall’s server to the PD’s server suddenly start using SMTP instead of Notes RPC. I don’t really want this. I want Notes mail and replication traffic to stay on NRPC between city hall and PD and all SMTP traffic between PD and the DA’s office to go over the dedicated fiberoptic link. PD’s public internet email could be routed via SMTP to/from the city hall server, but right now it’s NRPC traffic until it leaves the city hall Domino server.

Can this be easily done in the Domino server configuration on PD’s server?

Subject: A complicated SMTP routing question…

What you want can be found in the Adminitration Help Database. Document Title is

Configuring Domino to send mail to a relay host or firewall.

This explains in detail what connection documents and the such you need to create to do this.

Hope this helps.

Subject: A complicated SMTP routing question…

I think the first questions that need to be asked are…

1. How many Notes domains do you have?

2. How many Notes Named Networks do you have?

Subject: RE: A complicated SMTP routing question…

The whole city (including PD) is one single Notes Domain/Notes Network. The city and PD do however have completely separate Internet smtp domain names. The county DA’s office has a specific, separate smtp domain name too. If there is a way in PD’s domino server to specify smtp deliver for a particular smtp domain to go to a specific ip address, then that is essentially what I’m after. MS Exchnage server handle this quite nicely.

I’m just now looking at the multiple foreign SMTP domain documents stuff in the help file and hopefully it will get me what I desire.

If I do the following:

a) enable SMTP routing on the PD’s Domino server

b) create an SMTP connection document on the PD server and set its SMTP MTA relay host to the ip address of the City Hall Domino server (to serve as a default path for smtp mail to flow).

c) create a Foreign SMTP Domain Document on the PD server with the “Messages addressed to Internet Domain” set to the DA’s office smtp domain name and “Should be routed to internet host” equal to the ip address of the DA’s Exchange server (over the private fiberoptic link link)

d) create a Foreign SMTP Domain Document on the PD server with the “Messages addressed to Internet Domain” set to “.” wildcard and “Should be routed to internet host” equal to the ip address of the city hall Domino server

Will this get me what I need, in that Notes mail and replication will still flow back and forth between the city hall server and the PD server via NRPC protocol, and that public internet smtp mail destined for the outside world will flow from the PD server via either NRPC or SMTP protocol (don’t care which) to the City Hall server and then to the outside world from there, and smtp mail from the PD’s server destined for the DA’s office will flow directly via SMTP protocol from the PD’s server straight to the DA’s server over the private fiber link?

Subject: RE: A complicated SMTP routing question…

Off the top of my head, Neal, that sounds right. There’s a configuration setting somewhere for whether your Domino servers route to each other via SMTP or NRPC. I think it’s in the server configuration, but I’m not positive. I know it’s a toggle option, though. Might be in the connection docs.