Solved

How to restrict iNotess and SMTP access for certain users

Posted on 2004-04-07
7
944 Views
Last Modified: 2013-12-18
Is there a way to do this (Dominio 6.5):
 -restrict/deny iNotes access for certain users, without effecting their ability to logon to quickplace & sametime with their internet password
 -restrict/deny SMTP access for certain users so they cannot relay messages through their account from the outside. Some of our remote users need to relay from POP clients so currently the relay controls are set to 'Allow all authenticated users to relay'.

cheers
Andrew
0
Comment
Question by:manta357
7 Comments
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 10777773
If you don't want the certain users to use inotes, replace the mail template of that user to use notes mail template rather than inotes template.

Check your configuration document for deny parameters in smtp inbound/outbound controls and list the domain name of their internet addresses. And there is no way you can specifically restrict access per user.

~Hemanth
0
 
LVL 4

Assisted Solution

by:sreeser
sreeser earned 100 total points
ID: 10778835
Unfortunately if you replace with regular mail then the user can't access via web browser either.  If you want to deny access to both you can also change the maximum internet settings to no access.


As for the second if you ONLY want to allow the remote users access and you have thier ip addresses (or you can assign them something like remote.myorg.com if it is a remote office) then you can put that in the
Exclude these connecting hosts from anti-relay checks: field


Perform Anti-Relay enforcement for these connecting hosts:      All connecting hosts
Exclude these connecting hosts from anti-relay checks:      10.1.1.*
Exceptions for authenticated users:      Perform anti-relay checks for authenticated users
0
 
LVL 4

Expert Comment

by:sreeser
ID: 10778900
Actually I was wrong... you can still access via browser with the regular nots client ... just not  inotes access so if you want to prohibit access from any point other than the client use the max internet access

0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 4

Expert Comment

by:sreeser
ID: 10778963
akkk you can tell its the end of a LONG day

I meant to say the regular mail template still allows web access just not inotes whether via web or outlook.  So even if you switch back to the regular template they will still have web browser access.

IBM recently renamed INotes Web access to Domino Web Access just to confuse everyone... including me!
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10785107
If I understand you correctly, you don't really need to relay from POP clients.  Depending on what you mean, you can either set restrictions to internal IPs for inbound/outbound destinations, or you can get something like POPRetriever to suck POP messages into Domino.

Describe exactly what they are doing that needs to be allowed, and what they are doing that needs to be restricted.
0
 

Author Comment

by:manta357
ID: 10854050
Hi, thanks for the comments, restricting their max internet access should solve the first issue.
The situation is: I've got 3 groups of mail users, those that work only in the office using the Notes client. Those that use the Notes client from various remote locations (and IPs) and those that use POP clients like Eudora from various remote locations (and IPs). What I'd like to setup is that the Eudora users can can access via POP and SMTP to send/recieve mail to anyone (Notes domain and to external). But all the other users, since they should be connecting with the Notes client (which dosn't use the SMTP port from what I understand), should be restricted. What seems to be happening is that everyone can connect via SMTP from the outside because they can authenticate with their account, and then send mail anywhere using any mail client.
At this stage I'm not sure I can accomplish it with the mixture of mail clients.

Andrew
0
 
LVL 24

Accepted Solution

by:
HemanthaKumar earned 150 total points
ID: 10859358
If you open up smtp access for one user...... it is opened for everyone.. unless you have orgunit or domain to restrict but not individuals.. Check Configuration document for restrictions in smtp inbound and outbound controls
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
Article by: Rob
Notes 8.5 Archiving Steps and Tips This article covers setting up a Notes archive, and helps understand some of the menu choices making setting up and maintaining a Notes archive file easier.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question