we recently upgraded to DominoR14FP3HF9 and soon implemented the "External Email Notifications" feature.
Our domino mail server is behind a firewall that filters spam and viruses.
The header of the incoming mails has at least two "Received from" records: the original one and our firewall, that is always the final one.
I think that is because of this that the filter: "Exceptions for trusted hostnames/IP addresses:" doesn't work. All the mails are considered "external" whatever we write in the Exceptions field.
Isn't it possible to implement exceptions for the "External warning" while behind a firewall?
When relayed from a firewall, the source IP of the connection is always the firewall. This means that no exception rules can be used. (By the way, if you want to specify exception rules by IP address, enclose them in brackets [192.168.10.1].)
As an alternative, how about using [Enable external domains] setting in [External email notifications:]. It doesn't help much since MIME's From is usually spoofed, but it works this way.
i'm exactly using [Enable external domains] setting in [External email notifications:]
I'm trying to work with domains instead of IPs.
What I do not understand is where is the exception filter extracting domain information from.
I can guess four options:
- filter make a reverse lookup of the connecting SMTP IP in this case the filter fails if there is a firewall in between but also for multidomain SMTPs like Outlook.com
- filter use the Received field in the header of the email there are often many Received lines, the last one is from the firewall the others are the hops the message in doing through other SMTP servers. it seems that the filter can fail with multidomain SMTPs like outlok
- filter use SMTPOriginator field this in general is correct but I fear this fiels can be spoofed that is exactly what filter want prevent
- filter use the "d" value of the DKIM (if present) this value is correct but because the filter fails I think that this option is not the used one.