2. IBM Software Group | Lotus Software
Course Outline
Setting Up the First Server and Administrator
Adding IBM® Lotus® Domino® Servers
Adding IBM® Lotus Notes® Clients
Administering Users
Setting Up Server Administration
Synchronizing IBM® Lotus Domino® System Databases
Configuring Basic Intranet Mail Routing
Configuring Mail Routing to the Internet
Establishing Mail Controls
Implementing Mail Rules and Storage Limits
Monitoring Mail
Resolving Common Mail Routing Problems
2
3. IBM Software Group | Lotus Software
Lesson 1 Objectives
Setting Up the First Server and Administrator
After completing this lesson, you should be able to:
Analyze a deployment plan.
Install the Lotus Domino server software.
Install the Lotus Domino Administrator client software.
Launch and configure the first server.
Configure the first workstation.
Assign roles to administrators and severs.
3
4. IBM Software Group | Lotus Software
Planning Considerations
Determine business problems to be addressed
Examine organizational structure
Design the Lotus Domino environment to enhance and support
the organizational structure
4
5. IBM Software Group | Lotus Software
Planning Checklist
Task Procedure
1 Identify structure of organization.
2 Create planning team.
3 Identify tracking mechanism.
4 Define the business problem.
5 Identify how Lotus Domino can address the business problem.
6 Identify access needs.
7 Identify hardware requirements (site map).
8 Identify server roles.
9 Select location for servers.
10 Identify network protocol(s) and networking changes.
11 Choose replication topology.
12 Identify directory strategy.
13 Select mail routing strategy.
14 Develop naming scheme.
15 Define security.
16 Determine server configurations.
17 Determine client configurations.
18 Determine rollout strategy.
19 Determine education strategy.
6. IBM Software Group | Lotus Software
Planning Guidelines
Consider all necessary information
Establish and follow guidelines
6
8. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
8
9. IBM Software Group | Lotus Software
Supported Platforms and System Requirements
Lotus Domino and Lotus Notes Release Notes
IBM Web site:
– For Lotus Domino 8.5, go to
http://www-
01.ibm.com/support/docview.wss?rs=463&uid=swg27013072
9
10. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
11. IBM Software Group | Lotus Software
Lotus Domino Server Installation Types
Lotus Domino Utility Server:
– Application services
– Lotus Domino cluster support
– No messaging services
Lotus Domino Messaging Server:
– Messaging services
– No application services or Lotus Domino cluster support
Lotus Domino Enterprise Server:
– Messaging services
– Application services
– Lotus Domino cluster support, including mail servers
11
12. IBM Software Group | Lotus Software
Platform and Operating System Requirements
Category Requirements
Supported
operating system
versions
• Microsoft® Windows Server® 2003 Standard Edition, or Enterprise Edition with Service Pack 2
• Microsoft Windows Server 2003 X64 Edition
• Microsoft Windows Server 2008 Standard or Enterprise Edition
• Microsoft Windows Server 2008 x64 Standard or Enterprise Edition
Processors
supported
Intel® Pentium® or higher and compatibles (32-bit and 64-bit chips as appropriate), or equivalents
RAM 512 MB minimum or more recommended per CPU
Disk space 1.5 GB minimum per partition
Swap space Two times the physical RAM installed
Monitors Color monitor required
Protocols
• NetBIOS over IP (32-bit processor only, only Microsoft IP is supported)
• NetBIOS over IPX (32-bit processor only)
• TCP/IP (includes IPv6)
12
13. IBM Software Group | Lotus Software
Lotus Notes 8.5 Client Types
Client type Description
Basic
Based on Lotus Notes 7 platform.
Applications stored on Domino servers.
Use when:
• Client computers do not have enough RAM or other hardware resources for Standard edition.
• You are not ready to train users on Lotus Notes 8.5 interface changes.
• Servers have not yet been upgraded to Lotus Domino 8.5.
Standard
Supported by IBM® Lotus® Expeditor and IBM® Lotus® Eclipse™ platforms.
Contains Java™ -enabled, Eclipse, and SWT capabilities.
Applications stored on Domino servers and WebSphere Application Servers.
Preferred configuration to gain all functionality included in Lotus Notes 8.5.
13
14. IBM Software Group | Lotus Software
What is Eclipse?
A platform designed for building IDEs that provide template-
driven and CSS-based customization.
An open-source Java platform that has become the foundation
for RCP development.
The environment that Lotus Notes 8.5 is based on.
14
15. IBM Software Group | Lotus Software
Client Installation Types
Available client options:
Notes Client (selected by default)
Sametime (integrated) (selected by default)
IBM® Lotus® Domino Designer®
Lotus Domino Administrator
Activities
Composite Application Editor
IBM® Lotus® Symphony™
15
16. IBM Software Group | Lotus Software
What is Lotus Expeditor?
A client platform designed for end-to-end smart client application
solutions.
Extends Lotus Notes 8.5 by providing application installation and
management services.
Builds clients on Eclipse and supports running them on multiple
operating systems.
16
17. IBM Software Group | Lotus Software
Expeditor Component Packaging
Enables customization of Lotus Notes client installation.
Adds any or all of the supplementary client-supported
functionality provided by IBM for Lotus Notes 8.5.
17
18. IBM Software Group | Lotus Software
Eclipse Update Sites
Catalogs that contain features and plug-ins for Eclipse and RCP
applications.
Require JAR file packaging and manifest file to facilitate Eclipse
access to remote servers.
18
19. IBM Software Group | Lotus Software
Automated Installation Options
Tuning the installer for automated install.
Configuring the installer content via features and install manifest.
Scripting the installer for specific options and silent install.
Using the installer in conjunction with Smart Upgrade.
Using the installer in conjunction with other deployment systems.
19
20. IBM Software Group | Lotus Software
Workstation Sharing Considerations
Operating system must support multiple user profiles.
Cannot share Lotus Domino Designer or Lotus Domino
Administrator clients.
20
21. IBM Software Group | Lotus Software
Components Created During First Server Setup
File System
Names.nsf
Cert.id
Server.id
User.id
Oucert.id (optional)
Certificate(s)
Configuration
Connections
Domain
Groups
Mail-in database
Person
Program
Server
Policies
Domino Directory Database
(Names.nsf file)
21
22. IBM Software Group | Lotus Software
The Domino Directory
Most important database in the Lotus Domino environment.
Stores information about all Lotus Domino resources.
All Domino servers in a domain contain a replica of the Domino
Directory.
22
23. IBM Software Group | Lotus Software
Replicas of the Domino Directory
Replicas enable collaboration between users on different servers.
Replication synchronizes changes on replicas to ensure all
servers have updated information.
23
24. IBM Software Group | Lotus Software
Comparing Domains and Organizations
Component Description
Domino domain The collection of Domino servers and users that share the same Domino Directory.
Domino
organization
Defined by the certifier that stamps the IDs of users, servers, and other certifiers.
Trust relationship within the organization lets users and servers communicate and share data.
Organizational certifier provides security and uniformity in naming of users and servers.
Certifier name is part of the hierarchical name of all users and servers in the organization.
24
25. IBM Software Group | Lotus Software
Purposes of Organizational Units
Management by region or division.
Separation of servers from users.
Unique names for users who have the same common name.
25
26. IBM Software Group | Lotus Software
Worldwide Corporation's Lotus Domino Organization
Hierarchy
/WWCorp
/East/WWCorp /SVR/WWCorp/West/WWCorp
26
27. IBM Software Group | Lotus Software
Alternatives to Organizational Units
Use Group documents to manage subsets of users.
Consider keeping servers and users in the same container.
Differentiating between users with the same names:
– Use the middle initial as part of the common name.
– Include a unique OU during user registration.
27
28. IBM Software Group | Lotus Software
Organizational Hierarchy
f0851091-5.png
/WWCorp
/East/WWCorp /West/WWCorp /SVR/WWCorp
29. IBM Software Group | Lotus Software
Descendants of the Organization Certifier
When only one organization hierarchy exists, all names are
descendants of the organization certifier.
The certifier IDs stamp server, user, and other certifier IDs with
their certificates:
– The /WWCorp organization certifier stamps one entity, the user
Doctor Notes.
– The /WWCorp certifier stamps the following OU certifiers,
which will stamp the IDs for other users and servers:
• /SVR
• /East
• /West
29
30. IBM Software Group | Lotus Software
Organization Security
All servers and users under /WWCorp can authenticate with each
other.
Access is allowed unless another security measure exists.
30
31. IBM Software Group | Lotus Software
Organization Certifier ID Security
The certifier ID file is the most important ID file in the
organization.
Cert.id can and should be moved from Dominodata subdirectory
to a secure place.
31
32. IBM Software Group | Lotus Software
Authentication Between Organizations
When two organization certifiers exist, the infrastructures cannot
communicate without administrative intervention.
Use cross-certification to establish trust between Lotus Domino
organizations.
32
33. IBM Software Group | Lotus Software
Country Codes
For multinational organizations, provides an additional
hierarchical level.
Multiple organization certifiers required (one for each country
code to be used).
Does not replace the organization component.
33
34. IBM Software Group | Lotus Software
Server Audience Types
Server audience Description
Web browsers
For Web browsers, such as Microsoft® Internet Explorer®, Mozilla® Firefox®, and Netscape Navigator®, to
access data on the server.
Internet mail
packages
For Internet mail clients using the following protocols to access mail on the server:
• POP3 (Post Office Protocol 3)
• IMAP (Internet Message Access Protocol)
• SMTP (Simple Mail Transfer Protocol)
Directory Services For clients using LDAP (Lightweight Directory Access Protocol).
34
35. IBM Software Group | Lotus Software
The Lotus Domino Server Log
Log.nsf reports all server activity and provides detailed
information about databases and users on the server:
– Can be configured to report the desired level of detail about
server activity.
– Is created automatically when a server is started for the first
time.
35
36. IBM Software Group | Lotus Software
Administrator Group Security Options
Prohibit anonymous access:
– Adds an ACL entry called Anonymous to all databases
– Gives it the No Access ACL setting
LocalDomainAdmins:
– Creates a group that gives some or all administrators Manager
access to all databases.
– The first server’s administrator is added to LocalDomainAdmins
during first server setup.
– Other administrators can be added to the group later.
36
37. IBM Software Group | Lotus Software
The Client Configuration Program
Connects to the specified server, which must contain a Person
document for the user.
Downloads the ID file if the file is stored in the user’s Person
document.
Creates the user’s local Contacts file.
Configures bookmarks for the user’s mail and Contacts files, and
other databases specified in setup settings of policies.
Creates documents in the Contacts file.
37
38. IBM Software Group | Lotus Software
Access in the Domino Directory
Having Manager access to the IBM Lotus Domino Directory ACL
enables editing the ACL.
To create and edit documents in the Domino Directory,
administrators must also be assigned the appropriate ACL
role(s).
Worldwide Corporation will assign all ACL roles to the
administrators and to servers.
38
39. IBM Software Group | Lotus Software
Privileges and the LocalDomainAdmins Group
During first server setup, if LocalDomainAdmins is added and
assigned Manager access in the ACL of every database, any
administrator listed in LocalDomainAdmins can change the ACL
of any database, including the Domino Directory.
LocalDomainAdmins is not automatically assigned any roles:
– The roles in the Domino Directory specify who can create and
edit documents.
– Without the roles, an administrator cannot perform any
registration tasks, because the registration program creates
documents.
– Managers can edit the ACL, so members of
LocalDomainAdmins could assign the appropriate ACL roles to
themselves.
39
40. IBM Software Group | Lotus Software
Lesson 2 Objectives
Adding IBM® Lotus® Domino® Servers
After completing this lesson, you should be able to:
Register servers.
Configure and start an additional Lotus Domino Server.
40
41. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
42. IBM Software Group | Lotus Software
The Server Registration Process
Existing server and workstation required
Server registration creates:
– A Server document in the Domino Directory
– An ID file stored as an attachment in the Server document or
as a file at the operating system level.
42
43. IBM Software Group | Lotus Software
Domino Directory Access for Registering Servers
ACL access:
– Author access or higher
– The Create documents privilege
– The ServerCreator role
Certifier ID and password access
43
44. IBM Software Group | Lotus Software
Server ID File Storage Options
Storing the ID file in the Domino Directory of an existing server:
– Allows the new server to detach the ID file from the Server
document of the existing server's Domino Directory.
– Requires a password for the attached server ID. The result is
that after the server is configured, it cannot be restarted from
the Domino Administrator remotely, because the password
prompt displays on the server machine.
Storing the ID file in the file system requires that the additional
server machine has access to the ID file locally or on the
network.
44
46. IBM Software Group | Lotus Software
Standard Directory Structure
f0851092-1.png
47. IBM Software Group | Lotus Software
Central Directory Structure
Central DirectoriesCentral Directories
Configuration
Directories
Configuration
Directories
48. IBM Software Group | Lotus Software
Clearing the Server ID Password
Requires local access to the ID file
Two approaches:
– In Domino Administrator, click Configuration Certification ID
Properties.
– Run nlnotes.exe from a Windows server, then click File
Security User Security.
48
49. IBM Software Group | Lotus Software
Lesson 3 Objectives
Adding IBM® Lotus Notes® Clients
After completing this lesson, you should be able to:
Create an organizational unit certifier.
Register new administrators.
Register users from a file.
Replicate Server document changes.
Set up an administrator workstation.
Verify the Domino installation.
Create replicas on multiple servers.
49
50. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
51. IBM Software Group | Lotus Software
Certifier Registration
Certifier document in the Domino Directory:
– Contains the certified public key
– During authentication, the key is compared with the key in an
ID file
Certifier ID file for certifying descendants of the organizational
unit
51
52. IBM Software Group | Lotus Software
Certification Log
Must be named Certlog.nsf
Maintains a record of each use of a certifier to register users or
other certifiers:
– Name, license type, and ID number for the registered user,
server, or certifier
– Date of certification and expiration
– Name, license type, and ID number of the certifier ID used to
certify the new ID
52
53. IBM Software Group | Lotus Software
Mail Servers for Each Administrator
HeadquartersHeadquarters
Hub/SVR/WWCorpHub/SVR/WWCorpDoctor Notes/
WWCorp
Doctor Notes/
WWCorp
East01
East02
East01
East02
East03
East04
East03
East04
East05
East06
East05
East06
West01
West02
West01
West02
West05
West06
West05
West06
West03
West04
West03
West04
Administrator name Mail server name
Admin East01 East01/SVR/WWCorp
Admin East02 East02/SVR/WWCorp
Admin East03 East03/SVR/WWCorp
Admin East04 East04/SVR/WWCorp
Admin East05 East05/SVR/WWCorp
Admin East06 East06/SVR/WWCorp
Admin West01 West01/SVR/WWCorp
Admin West02 West02/SVR/WWCorp
Admin West03 West03/SVR/WWCorp
Admin West04 West04/SVR/WWCorp
Admin West05 West05/SVR/WWCorp
Admin West06 West06/SVR/WWCorp
53
54. IBM Software Group | Lotus Software
Internet Password Options
Certificate revocation checking via Online Certificate Status
Protocol (OCSP)
Advanced Encryption Standard (AES) support for SSL
Smartcard improvements
54
55. IBM Software Group | Lotus Software
Internet Password Locking
3 Strikes rule for HTTP
Enable Enforce Internet Password Lockout in server
Configuration Settings documents
Override server settings with user security policies
Extended ACLs
55
56. IBM Software Group | Lotus Software
ID File Distribution
Attach the ID file to the user's Person document in the Domino
Directory
Store the ID file on disk
56
57. IBM Software Group | Lotus Software
Servers for Each Administrator
Administrator Server
Admin East01 East01/SVR/WWCorp
Admin East02 East02/SVR/WWCorp
Admin East03 East03/SVR/WWCorp
Admin East04 East04/SVR/WWCorp
Admin East05 East05/SVR/WWCorp
Admin East06 East06/SVR/WWCorp
Admin West01 West01/SVR/WWCorp
Admin West02 West02/SVR/WWCorp
Admin West03 West03/SVR/WWCorp
Admin West04 West04/SVR/WWCorp
Admin West05 West05/SVR/WWCorp
Admin West06 West06/SVR/WWCorp
58. IBM Software Group | Lotus Software
User Registration
One at a time by using the Registration dialog box
Multiple users simultaneously by using a text file
– User names
– Other information
58
59. IBM Software Group | Lotus Software
Replicating the Domino Directory to Other Servers
Registration modifies the Domino Directory on the registration
server
Other servers need this information
Replication enables all servers to have all new information
Some changes require a server restart
59
61. IBM Software Group | Lotus Software
Lotus Domino Administrator
Menus
Graphics
Tabs:
– People & Groups
– Files
– Server
– Messaging
– Replication
– Configuration
61
62. IBM Software Group | Lotus Software
Administration Process
Automation of routine administrative tasks to manage:
– Names
– Mail files
– Server documents
Components:
– Administration Process task (Adminp)
– Administration server
– Administration Requests database (Admin4.nsf)
– Certification Log (Certlog.nsf)
62
63. IBM Software Group | Lotus Software
Lesson 4 Objectives
Administering Users
After completing this lesson, you should be able to:
Create groups.
Create an organizational policy.
Create and assign an explicit policy.
63
64. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
65. IBM Software Group | Lotus Software
Groups
Collections of users or servers, or both, that have something in
common
Facilitate management by enabling administrators to affect
multiple users or servers simultaneously
Nesting groups
Deny List Only
Access issues for members of multiple groups
Auto-populated groups
65
66. IBM Software Group | Lotus Software
Auto-populated Groups
Option for updating auto-populated
group membership once the home
mail server is specified
Option for updating auto-populated
group membership once the home
mail server is specified
66
67. IBM Software Group | Lotus Software
Policies
A Policy document and associated Policy Settings documents
Can apply to all users, an OU, a group, or a single user
Multiple policies can apply to a user; policy precedence rules
determine the effective policy setting
Can be organizational or explicit
67
68. IBM Software Group | Lotus Software
Types of Policy Settings Documents
Activities
Archiving
Desktop
Mail
Registration
Security
Setup
Lotus Traveler
Roaming
Symphony
68
69. IBM Software Group | Lotus Software
Policy Precedence Rules
Specific overrides general:
– Explicit overrides organizational
Change precedence in the Policy Settings document
69
70. IBM Software Group | Lotus Software
Static and Dynamic Policy Settings
Static:
– Set during user registration
– Set during workstation setup
Dynamic:
– Set when a user logs into the server
70
71. IBM Software Group | Lotus Software
Policy Management Tools
Policy Viewer:
– Settings for each policy
– Settings by functional area
– Settings assigned to a specific user
– Effective policies on different levels in the policy hierarchy
Policy Synopsis tool:
– Determines the effective policy governing a user
– Reports are stored in the Policy Synopsis Results database
71
72. IBM Software Group | Lotus Software
Policy Assignment
In the Domino Administrator Tools pane:
– In the People view, click People Assign Policy.
– In the Groups view, click Groups Assign Policy.
During registration
Dynamic policy assignment:
– In the Policy document, click the Policy Assignment tab, and
add users and groups.
72
73. IBM Software Group | Lotus Software
Lesson 5 Objectives
Setting Up Server Administration
After completing this lesson, you should be able to:
Customize the Lotus Domino Administrator work environment.
Set access to create databases on the server.
Set administration levels.
Set logging levels.
73
74. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
75. IBM Software Group | Lotus Software
Administration Preferences
Domains to administer
Type and order of the file information displayed
How Lotus Domino collects and displays server monitoring data
Defaults to use when registering users, servers, and certifiers
75
76. IBM Software Group | Lotus Software
Server Console Administration Tasks
Start or stop server tasks
Instruct a server task to perform a function
Change server configuration variables
Restart the server
76
77. IBM Software Group | Lotus Software
Server Access Control Mechanisms
Lotus Domino authentication
Lotus Domino authorization
Server document Security tab
To allow/restrict Set this field
To limit access to only
those users listed in the
Domino Directory
Access server: Clear the users listed in all directories check box
To explicitly allow people,
servers, or groups access
to this server and deny
all others
Access server: Enter or select names under the word “and”
To explicitly deny people,
servers, or groups access
to this server
Not access server
77
78. IBM Software Group | Lotus Software
User Access to the Server
To allow users or a group this type of access Edit this server access field
Create replica databases on this server Create new replicas
Create databases on this server Create new databases & templates
78
80. IBM Software Group | Lotus Software
Administration Level Details
Full Access administrators
Administrators
Database Administrators
Full Remote Console Administrators
View-Only Administrators
System Administrators
Restricted System Administrators
80
81. IBM Software Group | Lotus Software
Full Access Administrator Best Practices
Leave the field blank.
Create a special Full Access administrator ID file.
Disable Full Access administrators in the Notes.ini file.
81
82. IBM Software Group | Lotus Software
Administration Levels and Domino Web Administrator
Web-based administration tool (Webadmin.nsf).
HTTP server task synchronizes names in Web Server
document’s Full Access administrators and administrators
fields with the ACL for Webadmin.nsf, so to add access to Web
Administrator, modify these fields.
Names that are not already on the ACL list are added with
Manager access and all roles.
If the HTTP server detects a name that is already in the ACL, it
does not update the access rights.
82
83. IBM Software Group | Lotus Software
Domino Server Log
Mail routing events
Replication events
Server phone calls
Security events
Newsgroup events
Miscellaneous events
Database usage
User activity (if configured)
83
84. IBM Software Group | Lotus Software
The Notes.ini File
One for server, another for client
To edit:
– Edit the file directly, but this can cause unexpected results.
– Use the Set Configuration server command.
– Use a Configuration Settings document (server notes.ini only).
84
85. IBM Software Group | Lotus Software
Logging Levels
LOG_MAILROUTING
LOG_REPLICATION
LOG_SESSIONS
LOG_TASKS
LOG_VIEW_EVENTS
85
86. IBM Software Group | Lotus Software
Lesson 6 Objectives
Synchronizing IBM® Lotus® Domino® System Databases
After completing this lesson, you should be able to:
Create server groups for replication.
Create a Connection document.
86
87. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
88. IBM Software Group | Lotus Software
Server Groups and Replication
Three Connection documents:
1.Destination Server: East01
2.Destination Server: East02
3.Destination Server: East03
East03East03
East02East02
East01East01
HubHub
West03West03
West02West02
West01West01
One Connection document
Destination server: East Mail Servers,
where East Mail Servers is a group
consisting of the following members:
East01
East02
East03
88
89. IBM Software Group | Lotus Software
Replication Controls
Replication type
Database priority
Connection documents
Selective replication
Server access
Access Control List
Element access
89
90. IBM Software Group | Lotus Software
Replication Types
Pull Pull
Pull Push
Pull only
Push only
90
91. IBM Software Group | Lotus Software
Methods for Forcing Replication
Console commands
Console commands and a text file listing servers and databases
to replicate
Domino Administrator:
– On the Server tab Tools pane, click Server Replicate
Lotus Notes or Domino Administrator:
– Select the database and click File Replication Replicate
91
93. IBM Software Group | Lotus Software
Replication Schedules for Critical Applications
Domino Directory (Names.nsf): several times throughout the day
Critical applications:
– Specify high replication priority, and create a Connection
document specifying high priority databases with a short
interval
– Or, place critical applications in a subdirectory of the
Dominodata directory, and create a Connection document
specifying the subdirectory to replicate at a short interval
– Or, click File Replication Options for this
Application Other and set Set scheduled replication
priority for this replica to High.
93
95. IBM Software Group | Lotus Software
Lesson 7 Objectives
Configuring Basic Intranet Mail Routing
After completing this lesson, you should be able to:
Configure Notes Named Networks.
Implement a hub-and-spoke mail routing topology.
Select a mail storage format for incoming mail.
95
96. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
97. IBM Software Group | Lotus Software
Intranet Mail Routing Checklist
Task Procedure
1. Set up Notes Named Networks for mail routing.
2. Create mail routing topologies and schedule mail routing
between NNNs.
3. Select a mail storage format.
97
98. IBM Software Group | Lotus Software
Classroom Intranet Implementation
f0851097-1.png
Hub/SVR/WWCorpHub/SVR/WWCorpNNN: WWCorpHQNNN: WWCorpHQ
East01
East02
East01
East02
East03
East04
East03
East04
East05
East06
East05
East06
West01
West02
West01
West02
West03
West04
West03
West04
West05
West06
West05
West06
NRPC Mail
Routing Within
NNNs
NRPC Mail
Routing Within
NNNs
NRPC Mail
Routing Between
NNNs
NRPC Mail
Routing Between
NNNs
NNN: WWCorpEastNNN: WWCorpEast NNN: WWCorpWestNNN: WWCorpWest
99. IBM Software Group | Lotus Software
Mail Routing Components
Mail file
Mail server
Mailer
Domino Directory
Mail.box
Router
99
100. IBM Software Group | Lotus Software
Sample Intranet Mail Routing Scenario
f0851097-2.png
66
11
Automatic
mail routing
within the NNN
Automatic
mail routing
within the NNN
Connection
document for
mail routing
Connection
document for
mail routing
22
33
44
55
NNN: WWCorpHQNNN: WWCorpHQ
East01East01
Juan’s mail server
East04
Juan’s mail server
East04
NNN: WWCorpEastNNN: WWCorpEast NNN: WWCorpWestNNN: WWCorpWest
West01West01
Mary’s mail server
West06
Mary’s mail server
West06
101. IBM Software Group | Lotus Software
Opportunistic Routing
Routing mail when servers connect to replicate based on
established replication schedule
Might not be often enough to transfer mail between NNNs
101
102. IBM Software Group | Lotus Software
Connection Document Mail Routing Options
Routing task
Route at once if X messages pending
Router type
102
103. IBM Software Group | Lotus Software
Router Types and Connection Documents
Two Connection documents required
Can use Pull Push for one server and Push Wait for the other
Pull Push and Pull Only settings
103
104. IBM Software Group | Lotus Software
Mail Storage Formats
MIME:
– Messages sent over SMTP are always sent in MIME format
Notes Rich Text
104
105. IBM Software Group | Lotus Software
Lesson 8 Objectives
Configuring Mail Routing to the Internet
After completing this lesson, you should be able to:
Enable the SMTP listener task.
Configure Basic SMTP settings.
Restrict Internet mail delivery.
Enable whitelist and blacklist filters.
Configure extended SMTP (E/SMTP) options.
Configure Internet addressing.
Test SMTP.
105
106. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
107. IBM Software Group | Lotus Software
Internet Mail Routing Checklist
Task Procedure
1. Enable the SMTP listener task on appropriate servers.
2. Configure basic SMTP options.
3. Restrict mail flow to and from the Internet.
4. Set advanced SMTP options.
5. Configure Internet mail addressing.
107
108. IBM Software Group | Lotus Software
Classroom Internet Implementation
f0851098-1.png
Hub/SVR/WWCorpHub/SVR/WWCorpRelays, SMTP
Controls
Relays, SMTP
Controls
109. IBM Software Group | Lotus Software
SMTP Implementation Scenarios
All servers
Selected servers
Combined
109
110. IBM Software Group | Lotus Software
Best Practice Implementation
f0851098-2.png
Relays, SMTP
Controls
Relays, SMTP
Controls
HubHub HubHub
111. IBM Software Group | Lotus Software
Sample Internet Mail Routing Scenario
Hub/SVR/WWCorpHub/SVR/WWCorp
11
RelayRelay
Mary Costello
West03/SVR/WWCorp
Mary Costello
West03/SVR/WWCorp
33
22
112. IBM Software Group | Lotus Software
SMTP Listener and Router Tasks
SMTP listener task:
– Handles incoming SMTP connections.
– Delivers messages received over those connections to
Mail.box.
Router task for SMTP:
– Same Router task that handles Lotus Notes routing (NRPC).
– When a message in Mail.box requires transfer to another
server, the Router determines where to send it and whether to
send it over NRPC or SMTP.
112
113. IBM Software Group | Lotus Software
SMTP Settings
SMTP used when sending messages outside of the local internet
domain
SMTP allowed within the local internet domain
Servers within the local Notes domain are reachable via SMTP
over TCPIP
Relay host for messages leaving the local internet domain
Host name lookup
113
114. IBM Software Group | Lotus Software
SMTP Inbound and Outbound Controls
Inbound controls enable you to allow or deny:
– Receiving messages from specific external Internet domains.
– Receiving unsolicited commercial messages in general or from sources
listed in one or more DNS Blacklists (DNSBLs).
– Receiving messages directed to specific Lotus Notes addresses.
– Relaying of messages from specific external Internet hosts to external
Internet domains.
Outbound controls enable you to allow or deny:
– Sending messages to specific Internet addresses to be sent out to the
Internet.
– Sending messages from specific Lotus Notes addresses to the Internet.
114
115. IBM Software Group | Lotus Software
DNS Whitelist Filters
Used in conjunction with anti-spam features
Validate that the mail received by your inbound SMTP server is
legitimate mail
Query process:
– DNS query tries to locate the IP address of the connecting
server in the whitelist database as specified on the
Configuration Settings document.
– IP addresses found in the database are considered to be
legitimate senders of e-mail and will be added to the whitelist
host lists.
115
116. IBM Software Group | Lotus Software
Enabling DNS Whitelist Filters
Silently skip blacklist filters (Default)
Log only
Log and tag message
116
117. IBM Software Group | Lotus Software
DNS Whitelist Filter Statistics
117
118. IBM Software Group | Lotus Software
DNS Blacklist Filters
Similar in operation to whitelist filters
Query process:
– When blacklist filters are enabled, the Lotus Domino server
sends a query to the specified sites to check the blacklist.
– If a host is blacklisted, the Lotus Domino server will act in
whatever way is specified in the Configuration Settings
document.
118
119. IBM Software Group | Lotus Software
Actions for Hosts Found in DNS Blacklist Database
Log only (default)
Log and tag message
Log and reject message
119
120. IBM Software Group | Lotus Software
Private Whitelist Filters
Exceptions to blacklist filters
Provide more granular administrative control
120
121. IBM Software Group | Lotus Software
Private Blacklist Filters
Exceptions to whitelist filters
Provide more granular administrative control
121
122. IBM Software Group | Lotus Software
Order of Whitelist and Blacklist Precedence
1. Private whitelists
2. Private blacklists
3. DNS whitelists
4. DNS blacklists
122
123. IBM Software Group | Lotus Software
E/SMTP Settings Uses
To reduce connection charges:
– Set the extended Turn (ETRN) extension to enable the calling
server (such as an ISP server) to request the called server to
push mail to the ISP server.
To restrict messages of a specific size from being delivered:
– Enable the Size extension field.
123
124. IBM Software Group | Lotus Software
Configuring Internet Addresses
When to configure:
– During user registration
– Or, any time after a user is registered
Lookup options:
– Full SMTP address only
– Local part of the SMTP address
– Full SMTP address, then if no matches are found, the local part
SMTP address
124
125. IBM Software Group | Lotus Software
Lesson 9 Objectives
Establishing Mail Controls
After completing this lesson, you should be able to:
Configure router restrictions.
Implement message disclaimers.
Implement mail delivery controls.
Implement mail transfer controls.
Configure multiple server mailboxes.
125
126. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
126
127. IBM Software Group | Lotus Software
Mail Restrictions and Controls
To control this type of mail flow Use this field
Allow only the specified domains to
send mail to this domain
Allow mail only from domains
Restrict specific domains from
sending mail to this domain
Deny mail from domains
Restrict only specific organization
hierarchy to send mail to this domain
Allow mail only from the following organizations and
organizational units
Deny messages larger than a specific
size
Maximum message size
To route larger messages as low
priority, therefore, defer transferring
until a different time of day
Send all messages as low priority if message size is
between
127
128. IBM Software Group | Lotus Software
Message Disclaimers
Notices added to outgoing SMTP e-mail messages to protect an
organization's legal interests
Can be enabled or disabled from the Lotus Notes client, the
Domino server, or both
Multiple disclaimers can be used
Implementation:
– Enable message disclaimers at the server level
– Create Mail Policy Settings documents that contain the
appropriate disclaimer text for the organization
128
129. IBM Software Group | Lotus Software
Attaching and Enabling Message Disclaimers
Attachment options:
– At the server, disclaimer text that is specified in the Policy
Settings document is attached by the server
– At the Lotus Notes client, disclaimer text is attached by the
Lotus Notes client prior to depositing the mail message on
the server
Enabling message disclaimers
129
130. IBM Software Group | Lotus Software
Message Disclaimer Policy Settings
130
131. IBM Software Group | Lotus Software
Mail Delivery Controls
To control this type of mail delivery Use this field
Maximum number of server threads Domino can create to deliver
mail from Mail.box to local mail files
Maximum delivery threads
Encryption Encrypt all delivered mail
Whether or not the server permits the use of pre-delivery agents Pre-delivery agents
Maximum time (in seconds) that a pre-delivery agent, such as a
mail filter, can run before the Router interrupts it
Pre-delivery agent timeout
Whether the Router supports the rule action to send copies of
selected messages automatically to other recipients
User rules mail forwarding
131
132. IBM Software Group | Lotus Software
Mail Transfer Controls
To manage this type of mail Set this field
When low priority mail should be transferred Low priority mail routing time range
How often the Router should retry transferring mail Initial transfer retry interval
How often expired messages should be purged from the server's
Mail.box
Expired message purge interval
132
133. IBM Software Group | Lotus Software
Using Multiple Server Mailboxes
Reduces contention
Increases reliability
Increases delivery speed
133
134. IBM Software Group | Lotus Software
Lesson 10 Objectives
Implementing Mail Rules and Storage limits
After completing this lesson, you should be able to:
Create and activate a server mail rule.
Enable mail journaling.
Implement blacklist tag and whitelist tag mail rule configurations.
Establish mail quotas.
Control inbox size with Inbox Maintenance.
Archive mail.
134
135. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
136. IBM Software Group | Lotus Software
Mail Rules
Define actions to be taken on certain messages
Use to:
– Reject messages.
– Redirect messages with attachments to a quarantine database.
– Copy messages to another database.
136
138. IBM Software Group | Lotus Software
Mail Rule Processing
When the Domino server starts
When Mail.box receives any new message
When a new rule is added
When Mail.box receives any encrypted message
When a rule prevents a message from reaching its destination
138
139. IBM Software Group | Lotus Software
Mail Rule Actions
Journal a message
Move a message to a database for storage or quarantine
Refuse to accept or deliver a message
Change the routing state of a message
Administrator review of messages redirected to
quarantine database
Stop processing of subsequent mail rules
139
140. IBM Software Group | Lotus Software
Mail Journaling
Captures copies of messages sent through the system
Works in conjunction with mail rules
Does not disrupt the normal routing process
140
141. IBM Software Group | Lotus Software
How Mail Journaling Works
Messages are examined as the pass through Mail.box
Journal flag is placed on the message before transferring it to the
next server
Selected messages are encrypted and saved to a Lotus Domino
Mail Journaling database (Mailjrn.nsf)
Message is delivered from the destination server after removing
the journal flag
141
142. IBM Software Group | Lotus Software
Tag Mail Rule Conditions
Enables administrators and users to do more with the messages
that get tagged by private whitelists, private blacklists, DNS
whitelists, and DNS blacklists.
For server mail rules, the administrator can move tagged
messages to a particular database for analysis, or they can place
the messages on hold.
For user mail rules, the user can move tagged messages to a
certain folder, delete them, or send copies to the administrator.
142
143. IBM Software Group | Lotus Software
Tags, Field Names, and Values
Tag Field name and value
Private Whitelist $DNSWLSite: <Private Whitelist>
DNS Whitelist
$DNSWLSite: <Name of Whitelist host where address was
found>
Private Blacklist $DNSBLSite: <Private Blacklist>
DNS Blacklist $DNSBLSite: <Name of Blacklist site where address was found>
143
144. IBM Software Group | Lotus Software
Tagged Messages and Fields Examples
144
146. IBM Software Group | Lotus Software
Mail Quotas
Size limits that are set on users’ mail files
Two types:
– Absolute
– Warning threshold
Associated with a particular mail file database, not with a user ID
Implementation options:
– During registration
– Per database
146
147. IBM Software Group | Lotus Software
Enabling Inbox Maintenance in Mail Policy Settings
Inbox Maintenance enabled in the Policy Settings DocumentInbox Maintenance enabled in the Policy Settings Document
147
148. IBM Software Group | Lotus Software
Configuring Inbox Maintenance in the Server Document
Inbox Maintenance configuration
in the Server document
Inbox Maintenance configuration
in the Server document
148
149. IBM Software Group | Lotus Software
Archiving
Automation of copying outdated mail to an archive database or
deleting the mail, and cleaning up the mail file
Archiving policies:
– Easy to manage and allow for standardization
– Provide more control over mail environment
149
150. IBM Software Group | Lotus Software
Archive Policy Documents
Policy document
Archive Policy Settings document:
– Whether to allow archiving
– Whether or not to allow Lotus Notes users to set their own
private archiving criteria where archiving occurs
– Archive location
– Archive log information
Archive Criteria Settings document:
– Establishes the criteria for document selection and mail
file cleanup
150
151. IBM Software Group | Lotus Software
Lesson 11 Objectives
Monitoring Mail
After completing this lesson, you should be able to:
Verify routing and check mail delivery.
Enable mail statistics.
Enable message tracking.
Configure Message Recall.
151
152. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
153. IBM Software Group | Lotus Software
Mail Troubleshooting Checklist
Task Procedure
1 The network connections are set up properly.
2 The servers and Router are up and running.
3 The DNNs are set up properly.
4 The appropriate Connection documents exist and contain the following: the server
name is correct, the schedule is enabled, the Router type is correct.
5 The connection requirements for sending mail, such as calling times or message
thresholds, have been met.
6 Replication between servers is successful, ensuring Connection document
information is up-to-date on all relevant servers.
7 Router restrictions do not prohibit message delivery.
8 SMTP settings are correct.
9 Inbound and outbound controls are properly set.
10 Quotas are not exceeded.
11 Mail rules do not prohibit message delivery.
12 The mail address is correct.
13 The person information is correct.
154. IBM Software Group | Lotus Software
Mail Monitoring Checklist
Task Procedure
1 Check for misdelivered mail.
2 Check mail monitoring tools.
3 Set up mail statistic monitors.
4 Enable message tracking.
155. IBM Software Group | Lotus Software
Misdelivered Mail
Dead mail
– Mail that is not delivered to the recipient and cannot be
returned to the sender for non-delivery.
Undelivered mail:
– Mail that is not delivered because either the Router on the
server is not running or the recipient's mail server is down
155
156. IBM Software Group | Lotus Software
Mail Statistics
Provide additional information on:
– Mail flow
– Current mail configuration
Use the Server Monitor to enable and monitor statistics
156
157. IBM Software Group | Lotus Software
Message Tracking
Tracking information stored in MTstore.nsf
Message tracking can:
– Track messages across Lotus Domino domains.
– Be used by administrators and users from a Lotus Notes client
or Web browser.
– Provide reports of where a particular mail message was sent.
157
158. IBM Software Group | Lotus Software
Message Recall
Allows users to retrieve Lotus Notes mail they accidentally or
inappropriately sent to the wrong people
Enabled by default in Domino 8.5
Policy-based controls:
– Specify which users can recall messages
– Specify whether or not recipients can prevent recall requests
Configuration options:
– Mail Policy Settings document
– Server Configuration document
158
159. IBM Software Group | Lotus Software
Recalling a Message
1. Open or select the message in your Sent mail folder.
2. Click Recall Message.
3. If the message was sent to more than one recipient, select the
recipients from which to recall the message.
4. (Optional) To recall the message even if a recipient has already
opened it, select Recall the message even if it has been
read.
5. (Optional) To suppress recall status reports, clear Send me a
recall status report for each recipient.
6. Click OK twice.
159
160. IBM Software Group | Lotus Software
Lesson 12 Objectives
Resolving Common Mail Routing Problems
After completing this lesson, you should be able to:
Send a mail trace.
Restart the Router.
Force mail routing.
Resolve undelivered and dead mail.
160
161. IBM Software Group | Lotus Software
Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Lotus Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
162. IBM Software Group | Lotus Software
Mail Troubleshooting Checklist
Task Procedure
1 The network connections are set up properly.
2 The servers and Router are up and running.
3 The DNNs are set up properly.
4 The appropriate Connection documents exist and contain the following: the server
name is correct, the schedule is enabled, the Router type is correct.
5 The connection requirements for sending mail, such as calling times or message
thresholds, have been met.
6 Replication between servers is successful, ensuring Connection document
information is up-to-date on all relevant servers.
7 Router restrictions do not prohibit message delivery.
8 SMTP settings are correct.
9 Inbound and outbound controls are properly set.
10 Quotas are not exceeded.
11 Mail rules do not prohibit message delivery.
12 The mail address is correct.
13 The person information is correct.
163. IBM Software Group | Lotus Software
Common Causes of Mail Routing Problems
Mail server down
Router not running
Mail routing connection issues
163
164. IBM Software Group | Lotus Software
Troubleshooting Stages
Servers
Routers
Network and server connections
Document settings
Message settings
Person settings (Person document or Location document)
164
165. IBM Software Group | Lotus Software
The Delivery Failure Process
3. Delivery Failure Report
placed in server’s mailbox
3. Delivery Failure Report
placed in server’s mailbox
1. Destination
server down
1. Destination
server down
2. Sender’s mail file
unavailable
2. Sender’s mail file
unavailable
165