How to restrict iNotess and SMTP access for certain users

Is there a way to do this (Dominio 6.5):
 -restrict/deny iNotes access for certain users, without effecting their ability to logon to quickplace & sametime with their internet password
 -restrict/deny SMTP access for certain users so they cannot relay messages through their account from the outside. Some of our remote users need to relay from POP clients so currently the relay controls are set to 'Allow all authenticated users to relay'.

cheers
Andrew
manta357Asked:
Who is Participating?
 
HemanthaKumarConnect With a Mentor Commented:
If you open up smtp access for one user...... it is opened for everyone.. unless you have orgunit or domain to restrict but not individuals.. Check Configuration document for restrictions in smtp inbound and outbound controls
0
 
HemanthaKumarCommented:
If you don't want the certain users to use inotes, replace the mail template of that user to use notes mail template rather than inotes template.

Check your configuration document for deny parameters in smtp inbound/outbound controls and list the domain name of their internet addresses. And there is no way you can specifically restrict access per user.

~Hemanth
0
 
Stan ReeserConnect With a Mentor Technology StrategistCommented:
Unfortunately if you replace with regular mail then the user can't access via web browser either.  If you want to deny access to both you can also change the maximum internet settings to no access.


As for the second if you ONLY want to allow the remote users access and you have thier ip addresses (or you can assign them something like remote.myorg.com if it is a remote office) then you can put that in the
Exclude these connecting hosts from anti-relay checks: field


Perform Anti-Relay enforcement for these connecting hosts:      All connecting hosts
Exclude these connecting hosts from anti-relay checks:      10.1.1.*
Exceptions for authenticated users:      Perform anti-relay checks for authenticated users
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
Stan ReeserTechnology StrategistCommented:
Actually I was wrong... you can still access via browser with the regular nots client ... just not  inotes access so if you want to prohibit access from any point other than the client use the max internet access

0
 
Stan ReeserTechnology StrategistCommented:
akkk you can tell its the end of a LONG day

I meant to say the regular mail template still allows web access just not inotes whether via web or outlook.  So even if you switch back to the regular template they will still have web browser access.

IBM recently renamed INotes Web access to Domino Web Access just to confuse everyone... including me!
0
 
qwaleteeCommented:
If I understand you correctly, you don't really need to relay from POP clients.  Depending on what you mean, you can either set restrictions to internal IPs for inbound/outbound destinations, or you can get something like POPRetriever to suck POP messages into Domino.

Describe exactly what they are doing that needs to be allowed, and what they are doing that needs to be restricted.
0
 
manta357Author Commented:
Hi, thanks for the comments, restricting their max internet access should solve the first issue.
The situation is: I've got 3 groups of mail users, those that work only in the office using the Notes client. Those that use the Notes client from various remote locations (and IPs) and those that use POP clients like Eudora from various remote locations (and IPs). What I'd like to setup is that the Eudora users can can access via POP and SMTP to send/recieve mail to anyone (Notes domain and to external). But all the other users, since they should be connecting with the Notes client (which dosn't use the SMTP port from what I understand), should be restricted. What seems to be happening is that everyone can connect via SMTP from the outside because they can authenticate with their account, and then send mail anywhere using any mail client.
At this stage I'm not sure I can accomplish it with the mixture of mail clients.

Andrew
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.