Solved

How to restrict iNotess and SMTP access for certain users

Posted on 2004-04-07
7
939 Views
Last Modified: 2013-12-18
Is there a way to do this (Dominio 6.5):
 -restrict/deny iNotes access for certain users, without effecting their ability to logon to quickplace & sametime with their internet password
 -restrict/deny SMTP access for certain users so they cannot relay messages through their account from the outside. Some of our remote users need to relay from POP clients so currently the relay controls are set to 'Allow all authenticated users to relay'.

cheers
Andrew
0
Comment
Question by:manta357
7 Comments
 
LVL 24

Expert Comment

by:HemanthaKumar
ID: 10777773
If you don't want the certain users to use inotes, replace the mail template of that user to use notes mail template rather than inotes template.

Check your configuration document for deny parameters in smtp inbound/outbound controls and list the domain name of their internet addresses. And there is no way you can specifically restrict access per user.

~Hemanth
0
 
LVL 4

Assisted Solution

by:sreeser
sreeser earned 100 total points
ID: 10778835
Unfortunately if you replace with regular mail then the user can't access via web browser either.  If you want to deny access to both you can also change the maximum internet settings to no access.


As for the second if you ONLY want to allow the remote users access and you have thier ip addresses (or you can assign them something like remote.myorg.com if it is a remote office) then you can put that in the
Exclude these connecting hosts from anti-relay checks: field


Perform Anti-Relay enforcement for these connecting hosts:      All connecting hosts
Exclude these connecting hosts from anti-relay checks:      10.1.1.*
Exceptions for authenticated users:      Perform anti-relay checks for authenticated users
0
 
LVL 4

Expert Comment

by:sreeser
ID: 10778900
Actually I was wrong... you can still access via browser with the regular nots client ... just not  inotes access so if you want to prohibit access from any point other than the client use the max internet access

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 4

Expert Comment

by:sreeser
ID: 10778963
akkk you can tell its the end of a LONG day

I meant to say the regular mail template still allows web access just not inotes whether via web or outlook.  So even if you switch back to the regular template they will still have web browser access.

IBM recently renamed INotes Web access to Domino Web Access just to confuse everyone... including me!
0
 
LVL 31

Expert Comment

by:qwaletee
ID: 10785107
If I understand you correctly, you don't really need to relay from POP clients.  Depending on what you mean, you can either set restrictions to internal IPs for inbound/outbound destinations, or you can get something like POPRetriever to suck POP messages into Domino.

Describe exactly what they are doing that needs to be allowed, and what they are doing that needs to be restricted.
0
 

Author Comment

by:manta357
ID: 10854050
Hi, thanks for the comments, restricting their max internet access should solve the first issue.
The situation is: I've got 3 groups of mail users, those that work only in the office using the Notes client. Those that use the Notes client from various remote locations (and IPs) and those that use POP clients like Eudora from various remote locations (and IPs). What I'd like to setup is that the Eudora users can can access via POP and SMTP to send/recieve mail to anyone (Notes domain and to external). But all the other users, since they should be connecting with the Notes client (which dosn't use the SMTP port from what I understand), should be restricted. What seems to be happening is that everyone can connect via SMTP from the outside because they can authenticate with their account, and then send mail anywhere using any mail client.
At this stage I'm not sure I can accomplish it with the mixture of mail clients.

Andrew
0
 
LVL 24

Accepted Solution

by:
HemanthaKumar earned 150 total points
ID: 10859358
If you open up smtp access for one user...... it is opened for everyone.. unless you have orgunit or domain to restrict but not individuals.. Check Configuration document for restrictions in smtp inbound and outbound controls
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now