From where is an agent signer's email address taken?

You may think this is a simple question, but I’m about to complicate it for you.We have two R6.5 domains: let’s call them Domain1 and Domain2.

Domain2 is ONLY used for hosting a web site that is developed and administered

from Domain1.

I have used a Notes id (let’s call it Development/Domain1) which has an

internet email address set as dev@domain.co.uk to create and sign all items on

the web site, including agents that send emails to internet users.

This all works fine when we host the site on Domain1 servers, but when I

replicate (yes, we have the domains cross certified at the domain level) the

web site database to Domain2 we are getting problems sending emails to some

people registered on the site.

For example if a user wants to be reminded of his password he fills in a form

and an agent (signed by Development) identifies his account and sends him an

email with a new password. Except sometimes the message can’t be delivered.

The error comes back as "Error transferring to xxx.yy.zz; SMTP Protocol

returned a Permanent Error 554 Mail from dev@domian.co.uk rejected for policy

reasons."

The server logs says "Router: Message 003B8022 NOT transferred via SMTP to

xxx.yy.zz for john.smith@yy.zz 450 4.1.8 dev@domian.co.uk Sender address

rejected: Domain not found"

So, this is obviously because someone, somewhere has specified the development

Notes ID as having an incorrectly spelled domain in the internet email

address. The problem is where is this specified?

Both Notes domains have been upgraded over the last 5 years from r4, through r5

and several versions of r6 to where they are now, with the requisite changes in

methods of administering MTAs, Domains, configuration documents etc.

However, (and this complicates things further, but stay with me if you can,)

the person document for Development/Domain1 has been copied to the NAB for

Domain2 so that the web server can act as a secondary incoming mail server.

Summary:

1. The person document has a correctly specified internet email address in both

NABs.

2. The development ID has full access to all NABs, no server restrictions etc.

and is listed in the server document for both domains in the requisite fields

to allow it to do anything it wants to.

3. If I use a different Notes ID to sign the agent, it works fine.

I thought all internet email addresses were kept in the person document in the

NAB, and updated by your local PC NAB if you change your internet address

there. From where though does an agent take its internet address when sending

outgoing mail?

Subject: From where is an agent signer’s email address taken?

Search the $users view of the NAB. Sounds like you need rebulild the indexes on both NABs as well as start and stop the router.

But also why not set the ‘replyto’ and ‘principal’ fields to be something else, i.e. ‘notesAdmin’ group so you receive the delivery failures?

Subject: RE: From where is an agent signer’s email address taken?

Hi Nancy, Thanks for the reply.In answer to your question we set up the development id before we knew about ‘replyto’ and ‘principal’, and the delivery failures already come into a mail-in database that does clever stuff like counting each failure, marking up the user base and settting ‘invalid mail’ flags on user accounts after too many bounces.

We did the rebuild all views and ftis bit, and it didn’t help.

We eventually finished up recertifying the development id in domain2 so the name changed, re-signing ALL databases with the new id, changing all acl entries in all databases, and generally working through the expletive deleted weekend to get everything working smoothly again.

We still have no idea why the problem arose in the first place…