?
Solved

when using iNotes to send mail to a Group - weird problem

Posted on 2005-03-16
20
Medium Priority
?
1,224 Views
Last Modified: 2013-12-18
HI guys

we have one 'multi-purpose' group called ST1 on domino server which have few members.

when people send mail to ST1 by notes client , it works fine no error all members receive mail BUT if  send by iNotes the sender get the following message

was not delivered to:

 ST1%MSPL@meinhardt.com.sg

because:

 Message rejected for policy reasons

I fill in the internet address of the group - st1@meinhardt.com.sg

error change to

was not delivered to:

 ST1@meinhardt.com.sg

because:
 Message rejected for policy reasons

My understanding:
somehow When mail send by iNotes , server consider it as some external party and block due to relay threat.  - not sure just my guess-

" Message rejected for policy reasons " error msg more likely relates to config doc>SMTP Inbound Control settings

But before i change settings i was surprised why it don't allow server it self , there must be something missed out .

rgs
Adeel
0
Comment
Question by:blackberrymspl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
20 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13563300
The errormessage "Message rejected for policy reasons" is always related to the settings in the SMTP Inbound Controls (Configuration document, Router/SMTP/Restrictions and Controls, SMTP Inbound Controls, under Inbound Relay Controls). You denied too many external internet domains or hosts. An iNotes client is regarded as an external client, since it uses SMTP, so you'd have to tell the server to accept those iNotes SMTP messages. What did you specify under those Inbound Relay Controls?

To properly set them, you should only fill in one of the first two fields (allow/deny) and/or one of the second two fields. If you need to allow your own internal clients, but you want to deny some external domains, add those domains to the first deny-list, and add your internal IP-range to the second allow-list. Hope this works, with the range... Try with 10.1.*.* if that's your internal network.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13563315
The IP-range must be in square brackets, like [10.1.*.*].

See also Admin Help DB, Setting inbound relay controls
0
 

Author Comment

by:blackberrymspl
ID: 13571471
Thanks man

Below is my SMTP Inound Controls Settings , its default settings we didn't change any thing

Allow messages to be sent only to the following external internet domains:      
Deny messages to be sent to the following external internet domains: (* means all)      *
Allow messages only from the following internet hosts to be sent to external internet domains:      
Deny messages from the following internet hosts to be sent to external internet domains:(* means all)      *


0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:blackberrymspl
ID: 13572617
HI Bosman

why iNotes use SMTP rather than NRPC even though on same server make me lillte bit curious

After going through thoroughly from the admin help in regards to Inbound Relay Control

i set this

Allow messages to be sent only to the following external internet domains:    
Deny messages to be sent to the following external internet domains: (* means all)     *
Allow messages only from the following internet hosts to be sent to external internet domains:     [172.16.0.*]
Deny messages from the following internet hosts to be sent to external internet domains:(* means all)     *

I got to know that 'Allow' field always take precedence

but it didn't work :(
rgs
Adeel
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13572630
So you refuse all SMTP domains and hosts? Pretty tight security you have there!

If you want to allow your internal users to send SMTP-mail through the Domino server, try setting the 3rd line (allow..hosts...) to the range of your internal users, like [10.1.*.*], AND clear the 4th line i.e. remove the asterisk.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13572653
I agree, it's weird... I'm going to check this.
0
 

Author Comment

by:blackberrymspl
ID: 13572661

Before i proceed just a quick check with u .

is it possible that we make our iNotes users to use NRPC instead of SMTP , they are internal user should not go through SMTP by right .

rgs
0
 

Author Comment

by:blackberrymspl
ID: 13572680
Nope it still doesn't work :( even i remove the last *

btw i tried all possible combination by changing last 2 fields and even Anti-Relay enforcement (below IRC )also which i think also play role.

rgs
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13572714
I think I've put you on the wrong track, because I can't find anywhere that iNotes uses SMTP. On the other hand, the "Message rejected" error is always related to the Relay controls section for inbound SMTP. To be honest with you, I don't understand it at all. I found a post somewhere that iNotes isn't considered an external host, so there shouldn't be a problem.

And another thing: I re-read your first post, and now I understand that you're trying tgo send an internal group (ST1) a mail from an internal client, either Notes or iNotes. Is that right? What version of Notes/Domino do you have? It seems that iNotes assumes you want to send mail to an internet user.

Just to make sure, the messages sent to the internet were to exactly the same user? So either message was sent to ST1? Or ST1@meinhardt.com.sg? If you use internal mail, you can leave out the domain.
0
 

Author Comment

by:blackberrymspl
ID: 13576102
Hi man
i have increased the bounty

game is now more interesting and challenging

clarify again
ST1 and ST2 are 2 multi-purpose mailing groups which are being used for few years to send out mails to members inside by notes client , no problem and no complain

but first time my few users when go overseas and try to send mail to these groups via iNotes (bcoz they access mail through iNotes when away from office) , they got this bounce mail message saying "mail rejected .... policy reson,......"

i tested  to send out mail within my office using iNotes i got the same error msg

i have not defined domain and internet address in groups field as it was fine with Notes client

when send by hotmail or yahoo to st1@meinhardt.com.sg , got the mail bounce back with same error msg so i realized that its very good that lotus notes do not allow external parties to send mail to any company's group address but on the same time puzzle why domino consider iNotes as external party and showing same error msg .

u see below the error , i send mail to st1 only from iNotes but when got the mail bounce back it shows


============================================blla blla.....
Message rejected for policy reasons


----- Message from Syed Muhammad Adeel <sma@meinhardt.com.sg> on Sat, 19 Mar 2005 00:36:32 +0800 -----

To: ST1 <st1@meinhardt.com.sg>
====================================================

so it means domino cosidering iNotes as an external party sending mail to a group .

rgs
Adeel
0
 
LVL 14

Expert Comment

by:p_partha
ID: 13576218
Just a thought, When they click on the address book in INOTES, do the users get the appropriate group and it's name

Partha
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13576314
It might be an option to switch on debugging info, but it might generate a lot of information, so don't leave it switched on.

See http:Q_21272068.html "Emailing to certain domains gets Server not responding" , the Accepted answer.

So
- stop the router
- adapt notes.ini on the server
- restart the router
- send yourself a mail using iNotes
- stop the router
- remove the debugging setting
- restart the router
0
 
LVL 31

Accepted Solution

by:
qwaletee earned 2000 total points
ID: 13578100
Hi blackberrymspl,

> is it possible that we make our iNotes users to use NRPC instead of SMTP , they are internal
> user should not go through SMTP by right .
Be useful to see the difference between what gets deposited in MAIL.BOX by Notes and iNotes.

So
    stop your router
    send a completely blank message from Notes to one group
    use iNotes for the same acocunt to the same group, also a blank message
    copy the two MAIL.BOX documents to a dummy mail file
    restart your router
    structured text export the two doucments to two text files
    sort the two files
    compare them
    post the differences

How does this help?  There must be something different about the two messages that causes the router to take different action.  If the original two doucments were exatcly the same, it woudl be impossible for the router to act on them differently anywhere down the line.

Sjef's suggestion of the debug options can also help -- I think the setting is DebugRouter=3.  But, most likely, teh output will be hard to interpret, and will reflect a difference based on the original content of the posted-for-delivery messages.

Best regards,
qwaletee
0
 

Author Comment

by:blackberrymspl
ID: 13589444
Hi guys

my apologies for not replying earlier ,

Sjef pls excuse me for a while , lets start on Qwaletee Points .

It was a good idea to quickly stop router and see the difference.

Actually there was no need of exporting and comparing text , it was pretty clear when i see the mailbox .

my findings :

Mail send from Client :
==================
RecipientGroupsExpanded:  ST1
Recipients:  CN=Super Admin/O=MSPL@MSPL,CN=Test Three/O=MSPL@MSPL,CN=Test

mail send from iNotes :
==================

Recipients:  STX
THERE IS NO "GROUP EXPANSION"

I discovered , where the problem lies,

actually In my notes.ini, "RouterDisableMailToGroups=1" has been set, it will disallow the group expandsion. When sending mail with Notes client, Notes client will resolve group members and set recipients, so no problem. When sending mail with iNotes, the group expansion is done on server, as it is disabled, so the mail is rejected.

Lotus web site Says :
The NOTES.INI parameter RouterDisableMailToGroups=1 will not allow any router group expansion. Messages will be logged and a generic policy error returned to the originator. It should be configured on inbound SMTP mail servers. It will also reject any internal user mail to groups that is submitted to that server. There is no distinction between internal and external users. It is important to note that RouterDisableMailToGroups only affects router group expansion; messages can still be sent to groups through the Notes client via mailer group expansion.

I checked the document properties of message received by iNotes , there is no SMTP , but rejected mails intended to groups have SMTP info inside document property.
iNotes use NRPC confirmed!

I think my all these efforts and diagnosis will help others in future  . :) compliments for my self :)

 MY CONCERN NOW :

Just wondering if i change RouterDisableMailToGroups=0 , i can get spam mails from outside world to my groups addresses, it will sove current problem but create new :)

Just idea in my mind to alter 'Inbound Intended Recipients Controls' settings last option under SMTP Inbound controls

what u guys have done in this situation at ur servers?



rgs
Adeel

0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13590490
blackberrymspl,

> compliments for my self :)

Well done!

Sjef
0
 

Author Comment

by:blackberrymspl
ID: 13597550
Sjef
 i appreciate ur concern and follow up ,my apologies for not issuing u point for this case, may be next time .

qwaletee

it looks like that eventually the problem has been identifed by myself & the extra research i performed made things more clearer to all BUT i admit that  ur idea and clue regarding examination of both mails was excellent  , so i m considering to give u points provided if u close this case by commenting/answering on the following issues

MY CONCERN NOW :

Just wondering if i change RouterDisableMailToGroups=0 , i can get spam mails from outside world to my groups addresses, it will sove current problem but create new :)

Just idea in my mind to alter 'Inbound Intended Recipients Controls' settings last option under SMTP Inbound controls

what u guys have done in this situation at ur servers?

rgs
Adeel
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 13599022
You don't have to apologise. My answer isn't correct so I don't "deserve" points here, and indeed Qwaletee steered you into the right direction. I cannot respond to your concern, as I don't have any experience with iNotes. It might be worth a try to set the parameter to 0, send an external mail to a group and see what happens.

I think the word "provided" in your last response is inappropriate...
0
 

Author Comment

by:blackberrymspl
ID: 13599080
Sorry Qwaletee , doesn't mean to offend u , couldn't rephrase the sentence properly

i was just wondering to accept the final comment as an 'Accepted Answer' which can benefited to others.

will appreciate if u comment otherwise , can proceed for points awarding .


0
 

Author Comment

by:blackberrymspl
ID: 13609050
hello all guys

thanks

alter 'Inbound Intended Recipients Controls' settings last option under SMTP Inbound controls
0
 

Author Comment

by:blackberrymspl
ID: 13609052
hello all guys

thanks

alter 'Inbound Intended Recipients Controls' settings last option under SMTP Inbound controls WORKS for me .


0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an old article, please see an updated version of this article, located here: http://www.experts-exchange.com/articles/23619/Notes-8-5x-Windows-7-Notes-info-and-tips.html
For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question