SMTP Open Relay

hcl-bot · June 26, 2018, 4:09am

Hi, we have a peculiar situation.

Over the past many years, we have been using our Domino Server (being the main mail server) as a open SMTP relay for other servers. Other servers(quite a few of them) use the SMTP service of Domino to route mails related to alerts/notifications.

Now, there was an audit against us and it was mentioned that we need to restrict this to only the approved servers as there is chance of SMTP spoofing internally. SMTP Authentication is out of question for the time being. Can I use the setting “Allow messages only from the following internet hosts to be sent to external internet domains:” in the SMTP Inbound Controls of the Configuration document? If yes, can I just enter the IPs or hostnames of the servers in this field?

Any inputs are welcome. Thanks in advance.

hcl-bot · June 26, 2018, 7:40am

Subject: Inbound Relay Enforcement

I’ve used ‘Inbound relay Enforcement’. In the Administrator Help, read: 'Specifying enforcement of inbound relay controls ’

Inbound Relay Enforcement

Perform Anti-Relay enforcement for these connecting hosts: All connecting hosts

Exclude these connecting hosts from anti-relay checks:

[10.10.10.1]
[10.10.11.2]

Exceptions for authenticated users: Allow all authenticated users to relay

Although probably not needed, I’d also add the following to the Notes.ini:

SMTPAllHostsExternal=1