Solved

How to restrict iNotess and SMTP access for certain users

Posted on 2004-04-07
7
936 Views
Last Modified: 2013-12-18
Is there a way to do this (Dominio 6.5):
 -restrict/deny iNotes access for certain users, without effecting their ability to logon to quickplace & sametime with their internet password
 -restrict/deny SMTP access for certain users so they cannot relay messages through their account from the outside. Some of our remote users need to relay from POP clients so currently the relay controls are set to 'Allow all authenticated users to relay'.

cheers
Andrew
0
Comment
Question by:manta357
7 Comments
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 10777773
If you don't want the certain users to use inotes, replace the mail template of that user to use notes mail template rather than inotes template.

Check your configuration document for deny parameters in smtp inbound/outbound controls and list the domain name of their internet addresses. And there is no way you can specifically restrict access per user.

~Hemanth
0
 
LVL 4

Assisted Solution

by:sreeser
sreeser earned 100 total points
ID: 10778835
Unfortunately if you replace with regular mail then the user can't access via web browser either.  If you want to deny access to both you can also change the maximum internet settings to no access.


As for the second if you ONLY want to allow the remote users access and you have thier ip addresses (or you can assign them something like remote.myorg.com if it is a remote office) then you can put that in the
Exclude these connecting hosts from anti-relay checks: field


Perform Anti-Relay enforcement for these connecting hosts:      All connecting hosts
Exclude these connecting hosts from anti-relay checks:      10.1.1.*
Exceptions for authenticated users:      Perform anti-relay checks for authenticated users
0
 
LVL 4

Expert Comment

by:sreeser
ID: 10778900
Actually I was wrong... you can still access via browser with the regular nots client ... just not  inotes access so if you want to prohibit access from any point other than the client use the max internet access

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 4

Expert Comment

by:sreeser
ID: 10778963
akkk you can tell its the end of a LONG day

I meant to say the regular mail template still allows web access just not inotes whether via web or outlook.  So even if you switch back to the regular template they will still have web browser access.

IBM recently renamed INotes Web access to Domino Web Access just to confuse everyone... including me!
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10785107
If I understand you correctly, you don't really need to relay from POP clients.  Depending on what you mean, you can either set restrictions to internal IPs for inbound/outbound destinations, or you can get something like POPRetriever to suck POP messages into Domino.

Describe exactly what they are doing that needs to be allowed, and what they are doing that needs to be restricted.
0
 

Author Comment

by:manta357
ID: 10854050
Hi, thanks for the comments, restricting their max internet access should solve the first issue.
The situation is: I've got 3 groups of mail users, those that work only in the office using the Notes client. Those that use the Notes client from various remote locations (and IPs) and those that use POP clients like Eudora from various remote locations (and IPs). What I'd like to setup is that the Eudora users can can access via POP and SMTP to send/recieve mail to anyone (Notes domain and to external). But all the other users, since they should be connecting with the Notes client (which dosn't use the SMTP port from what I understand), should be restricted. What seems to be happening is that everyone can connect via SMTP from the outside because they can authenticate with their account, and then send mail anywhere using any mail client.
At this stage I'm not sure I can accomplish it with the mixture of mail clients.

Andrew
0
 
LVL 24

Accepted Solution

by:
HemanthaKumar earned 150 total points
ID: 10859358
If you open up smtp access for one user...... it is opened for everyone.. unless you have orgunit or domain to restrict but not individuals.. Check Configuration document for restrictions in smtp inbound and outbound controls
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
You’ve got a lotus Domino web server, and you have been told that “leverage browser caching” is a must do. This means that we have to tell the browser everywhere in the web to use cache. In other words, we set (and send) an expiration date in the HT…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now