Presentation building the ibm®lotus®domino®8.5 infrastructure

© 2009 IBM Corporation
®
Building the IBM® Lotus® Domino® 8.5 Infrastructure

IBM Software Group | Lotus Software
Course Outline
Setting Up the First Server and Administrator
Adding IBM® Lotus® Domino® Servers
Adding IBM® Lotus Notes® Clients
Administering Users
Setting Up Server Administration
Synchronizing IBM® Lotus Domino® System Databases
Configuring Basic Intranet Mail Routing
Configuring Mail Routing to the Internet
Establishing Mail Controls
Implementing Mail Rules and Storage Limits
Monitoring Mail
Resolving Common Mail Routing Problems
2

Lesson 1 Objectives
Setting Up the First Server and Administrator
After completing this lesson, you should be able to:
Analyze a deployment plan.
Install the Lotus Domino server software.
Install the Lotus Domino Administrator client software.
Launch and configure the first server.
Configure the first workstation.
Assign roles to administrators and severs.
3

Planning Considerations
Determine business problems to be addressed
Examine organizational structure
Design the Lotus Domino environment to enhance and support
the organizational structure
4

Planning Checklist
Task Procedure
1 Identify structure of organization.
2 Create planning team.
3 Identify tracking mechanism.
4 Define the business problem.
5 Identify how Lotus Domino can address the business problem.
6 Identify access needs.
7 Identify hardware requirements (site map).
8 Identify server roles.
9 Select location for servers.
10 Identify network protocol(s) and networking changes.
11 Choose replication topology.
12 Identify directory strategy.
13 Select mail routing strategy.
14 Develop naming scheme.
15 Define security.
16 Determine server configurations.
17 Determine client configurations.
18 Determine rollout strategy.
19 Determine education strategy.

Planning Guidelines
Consider all necessary information
Establish and follow guidelines
6

Classroom Implementation
HeadquartersHeadquarters
Doctor Notes/WWCorpDoctor Notes/WWCorp
East01/SVR/WWCorp
East02/SVR/WWCorp
East01/SVR/WWCorp
East02/SVR/WWCorp
East03/SVR/WWCorp
East04/SVR/WWCorp
East03/SVR/WWCorp
East04/SVR/WWCorp
East05/SVR/WWCorp
East06/SVR/WWCorp
East05/SVR/WWCorp
East06/SVR/WWCorp
NNN: WWCorpEastNNN: WWCorpEast NNN: WWCorpWestNNN: WWCorpWest
West01/SVR/WWCorp
West02/SVR/WWCorp
West01/SVR/WWCorp
West02/SVR/WWCorp
West03/SVR/WWCorp
West04/SVR/WWCorp
West03/SVR/WWCorp
West04/SVR/WWCorp
West05/SVR/WWCorp
West06/SVR/WWCorp
West05/SVR/WWCorp
West06/SVR/WWCorp
Admin East01
Admin East02
Admin West01
Admin West02
Admin East03
Admin East04
Admin West03
Admin West04
Admin East05
Admin East06
Admin West05
Admin West06
Mail Routing
NNN: WWCorpHQNNN: WWCorpHQ
Hub/SVR/WWCorpHub/SVR/WWCorp

Implementation Checklist
Task Procedure
1 Set up the first server.
2 Add an administrator’s workstation.
3 Set up access to the Domino Directory.
4 Add Lotus Domino servers.
5 Add organizational units.
6 Register administrators.
7 Add Lotus Notes clients.
8 Create user groups.
9 Create organizational policy.
10 Register users.
11 Set administration preferences.
12 Set up access to servers.
13 Set up server logging.
14 Synchronize Lotus Domino system databases throughout the domain.
15 Route mail internally.
16 Route mail to the Internet.
17 Set mail controls.
18 Test mail routing and delivery.
8

Supported Platforms and System Requirements
Lotus Domino and Lotus Notes Release Notes
IBM Web site:
– For Lotus Domino 8.5, go to
http://www-
01.ibm.com/support/docview.wss?rs=463&uid=swg27013072
9

Task Procedure
3 Set up access to the Domino Directory.
10 Register users.

Lotus Domino Server Installation Types
Lotus Domino Utility Server:
– Application services
– Lotus Domino cluster support
– No messaging services
Lotus Domino Messaging Server:
– Messaging services
– No application services or Lotus Domino cluster support
Lotus Domino Enterprise Server:
– Messaging services
– Application services
– Lotus Domino cluster support, including mail servers
11

Platform and Operating System Requirements
Category Requirements
Supported
operating system
versions
• Microsoft® Windows Server® 2003 Standard Edition, or Enterprise Edition with Service Pack 2
• Microsoft Windows Server 2003 X64 Edition
• Microsoft Windows Server 2008 Standard or Enterprise Edition
• Microsoft Windows Server 2008 x64 Standard or Enterprise Edition
Processors
supported
Intel® Pentium® or higher and compatibles (32-bit and 64-bit chips as appropriate), or equivalents
RAM 512 MB minimum or more recommended per CPU
Disk space 1.5 GB minimum per partition
Swap space Two times the physical RAM installed
Monitors Color monitor required
Protocols
• NetBIOS over IP (32-bit processor only, only Microsoft IP is supported)
• NetBIOS over IPX (32-bit processor only)
• TCP/IP (includes IPv6)
12

Lotus Notes 8.5 Client Types
Client type Description
Basic
Based on Lotus Notes 7 platform.
Applications stored on Domino servers.
Use when:
• Client computers do not have enough RAM or other hardware resources for Standard edition.
• You are not ready to train users on Lotus Notes 8.5 interface changes.
• Servers have not yet been upgraded to Lotus Domino 8.5.
Standard
Supported by IBM® Lotus® Expeditor and IBM® Lotus® Eclipse™ platforms.
Contains Java™ -enabled, Eclipse, and SWT capabilities.
Applications stored on Domino servers and WebSphere Application Servers.
Preferred configuration to gain all functionality included in Lotus Notes 8.5.
13

What is Eclipse?
A platform designed for building IDEs that provide template-
driven and CSS-based customization.
An open-source Java platform that has become the foundation
for RCP development.
The environment that Lotus Notes 8.5 is based on.
14

Client Installation Types
Available client options:
Notes Client (selected by default)
Sametime (integrated) (selected by default)
IBM® Lotus® Domino Designer®
Lotus Domino Administrator
Activities
Composite Application Editor
IBM® Lotus® Symphony™
15

What is Lotus Expeditor?
A client platform designed for end-to-end smart client application
solutions.
Extends Lotus Notes 8.5 by providing application installation and
management services.
Builds clients on Eclipse and supports running them on multiple
operating systems.
16

Expeditor Component Packaging
Enables customization of Lotus Notes client installation.
Adds any or all of the supplementary client-supported
functionality provided by IBM for Lotus Notes 8.5.
17

Eclipse Update Sites
Catalogs that contain features and plug-ins for Eclipse and RCP
applications.
Require JAR file packaging and manifest file to facilitate Eclipse
access to remote servers.
18

Automated Installation Options
Tuning the installer for automated install.
Configuring the installer content via features and install manifest.
Scripting the installer for specific options and silent install.
Using the installer in conjunction with Smart Upgrade.
Using the installer in conjunction with other deployment systems.
19

Workstation Sharing Considerations
Operating system must support multiple user profiles.
Cannot share Lotus Domino Designer or Lotus Domino
Administrator clients.
20

Components Created During First Server Setup
File System
Names.nsf
Cert.id
Server.id
User.id
Oucert.id (optional)
Certificate(s)
Configuration
Connections
Domain
Groups
Mail-in database
Person
Program
Server
Policies
Domino Directory Database
(Names.nsf file)
21

The Domino Directory
Most important database in the Lotus Domino environment.
Stores information about all Lotus Domino resources.
All Domino servers in a domain contain a replica of the Domino
Directory.
22

Replicas of the Domino Directory
Replicas enable collaboration between users on different servers.
Replication synchronizes changes on replicas to ensure all
servers have updated information.
23

Comparing Domains and Organizations
Component Description
Domino domain The collection of Domino servers and users that share the same Domino Directory.
Domino
organization
Defined by the certifier that stamps the IDs of users, servers, and other certifiers.
Trust relationship within the organization lets users and servers communicate and share data.
Organizational certifier provides security and uniformity in naming of users and servers.
Certifier name is part of the hierarchical name of all users and servers in the organization.
24

Purposes of Organizational Units
Management by region or division.
Separation of servers from users.
Unique names for users who have the same common name.
25

Worldwide Corporation's Lotus Domino Organization
Hierarchy
/WWCorp
/East/WWCorp /SVR/WWCorp/West/WWCorp
26

Alternatives to Organizational Units
Use Group documents to manage subsets of users.
Consider keeping servers and users in the same container.
Differentiating between users with the same names:
– Use the middle initial as part of the common name.
– Include a unique OU during user registration.
27

Organizational Hierarchy
f0851091-5.png
/WWCorp
/East/WWCorp /West/WWCorp /SVR/WWCorp

Descendants of the Organization Certifier
When only one organization hierarchy exists, all names are
descendants of the organization certifier.
The certifier IDs stamp server, user, and other certifier IDs with
their certificates:
– The /WWCorp organization certifier stamps one entity, the user
Doctor Notes.
– The /WWCorp certifier stamps the following OU certifiers,
which will stamp the IDs for other users and servers:
• /SVR
• /East
• /West
29

Organization Security
All servers and users under /WWCorp can authenticate with each
other.
Access is allowed unless another security measure exists.
30

Organization Certifier ID Security
The certifier ID file is the most important ID file in the
organization.
Cert.id can and should be moved from Dominodata subdirectory
to a secure place.
31

Authentication Between Organizations
When two organization certifiers exist, the infrastructures cannot
communicate without administrative intervention.
Use cross-certification to establish trust between Lotus Domino
organizations.
32

Country Codes
For multinational organizations, provides an additional
hierarchical level.
Multiple organization certifiers required (one for each country
code to be used).
Does not replace the organization component.
33

Server Audience Types
Server audience Description
Web browsers
For Web browsers, such as Microsoft® Internet Explorer®, Mozilla® Firefox®, and Netscape Navigator®, to
access data on the server.
Internet mail
packages
For Internet mail clients using the following protocols to access mail on the server:
• POP3 (Post Office Protocol 3)
• IMAP (Internet Message Access Protocol)
• SMTP (Simple Mail Transfer Protocol)
Directory Services For clients using LDAP (Lightweight Directory Access Protocol).
34

The Lotus Domino Server Log
Log.nsf reports all server activity and provides detailed
information about databases and users on the server:
– Can be configured to report the desired level of detail about
server activity.
– Is created automatically when a server is started for the first
time.
35

Administrator Group Security Options
Prohibit anonymous access:
– Adds an ACL entry called Anonymous to all databases
– Gives it the No Access ACL setting
LocalDomainAdmins:
– Creates a group that gives some or all administrators Manager
access to all databases.
– The first server’s administrator is added to LocalDomainAdmins
during first server setup.
– Other administrators can be added to the group later.
36

The Client Configuration Program
Connects to the specified server, which must contain a Person
document for the user.
Downloads the ID file if the file is stored in the user’s Person
document.
Creates the user’s local Contacts file.
Configures bookmarks for the user’s mail and Contacts files, and
other databases specified in setup settings of policies.
Creates documents in the Contacts file.
37

Access in the Domino Directory
Having Manager access to the IBM Lotus Domino Directory ACL
enables editing the ACL.
To create and edit documents in the Domino Directory,
administrators must also be assigned the appropriate ACL
role(s).
Worldwide Corporation will assign all ACL roles to the
administrators and to servers.
38

Privileges and the LocalDomainAdmins Group
During first server setup, if LocalDomainAdmins is added and
assigned Manager access in the ACL of every database, any
administrator listed in LocalDomainAdmins can change the ACL
of any database, including the Domino Directory.
LocalDomainAdmins is not automatically assigned any roles:
– The roles in the Domino Directory specify who can create and
edit documents.
– Without the roles, an administrator cannot perform any
registration tasks, because the registration program creates
documents.
– Managers can edit the ACL, so members of
LocalDomainAdmins could assign the appropriate ACL roles to
themselves.
39

Lesson 2 Objectives
Adding IBM® Lotus® Domino® Servers
Register servers.
Configure and start an additional Lotus Domino Server.
40

Task Procedure
3 Set up access to the Lotus Domino Directory.
10 Register users.

The Server Registration Process
Existing server and workstation required
Server registration creates:
– A Server document in the Domino Directory
– An ID file stored as an attachment in the Server document or
as a file at the operating system level.
42

Domino Directory Access for Registering Servers
ACL access:
– Author access or higher
– The Create documents privilege
– The ServerCreator role
Certifier ID and password access
43

Server ID File Storage Options
Storing the ID file in the Domino Directory of an existing server:
– Allows the new server to detach the ID file from the Server
document of the existing server's Domino Directory.
– Requires a password for the attached server ID. The result is
that after the server is configured, it cannot be restarted from
the Domino Administrator remotely, because the password
prompt displays on the server machine.
Storing the ID file in the file system requires that the additional
server machine has access to the ID file locally or on the
network.
44

Classroom Server Implementation
g0851091-1.png
East01/SVR/WWCorp
East02/SVR/WWCorp
East01/SVR/WWCorp
East02/SVR/WWCorp
East03/SVR/WWCorp
East04/SVR/WWCorp
East03/SVR/WWCorp
East04/SVR/WWCorp
East05/SVR/WWCorp
East06/SVR/WWCorp
East05/SVR/WWCorp
East06/SVR/WWCorp
West03/SVR/WWCorp
West04/SVR/WWCorp
West03/SVR/WWCorp
West04/SVR/WWCorp
West05/SVR/WWCorp
West06/SVR/WWCorp
West05/SVR/WWCorp
West06/SVR/WWCorp
West01/SVR/WWCorp
West02/SVR/WWCorp
West01/SVR/WWCorp
West02/SVR/WWCorp

Standard Directory Structure
f0851092-1.png

Central Directory Structure
Central DirectoriesCentral Directories
Configuration
Directories
Configuration
Directories

Clearing the Server ID Password
Requires local access to the ID file
Two approaches:
– In Domino Administrator, click Configuration Certification ID
Properties.
– Run nlnotes.exe from a Windows server, then click File
Security User Security.
48

Lesson 3 Objectives
Adding IBM® Lotus Notes® Clients
Create an organizational unit certifier.
Register new administrators.
Register users from a file.
Replicate Server document changes.
Set up an administrator workstation.
Verify the Domino installation.
Create replicas on multiple servers.
49

Certifier Registration
Certifier document in the Domino Directory:
– Contains the certified public key
– During authentication, the key is compared with the key in an
ID file
Certifier ID file for certifying descendants of the organizational
unit
51

Certification Log
Must be named Certlog.nsf
Maintains a record of each use of a certifier to register users or
other certifiers:
– Name, license type, and ID number for the registered user,
server, or certifier
– Date of certification and expiration
– Name, license type, and ID number of the certifier ID used to
certify the new ID
52

Mail Servers for Each Administrator
Hub/SVR/WWCorpHub/SVR/WWCorpDoctor Notes/
WWCorp
Doctor Notes/
WWCorp
East01
East02
East01
East02
East03
East04
East03
East04
East05
East06
East05
East06
West01
West02
West01
West02
West05
West06
West05
West06
West03
West04
West03
West04
Administrator name Mail server name
Admin East01 East01/SVR/WWCorp
Admin West01 West01/SVR/WWCorp
53

Internet Password Options
Certificate revocation checking via Online Certificate Status
Protocol (OCSP)
Advanced Encryption Standard (AES) support for SSL
Smartcard improvements
54

Internet Password Locking
3 Strikes rule for HTTP
Enable Enforce Internet Password Lockout in server
Configuration Settings documents
Override server settings with user security policies
Extended ACLs
55

ID File Distribution
Attach the ID file to the user's Person document in the Domino
Directory
Store the ID file on disk
56

Servers for Each Administrator
Administrator Server

User Registration
One at a time by using the Registration dialog box
Multiple users simultaneously by using a text file
– User names
– Other information
58

Replicating the Domino Directory to Other Servers
Registration modifies the Domino Directory on the registration
server
Other servers need this information
Replication enables all servers to have all new information
Some changes require a server restart
59

Sample Workstation Implementation
Hub/SVR/WWCorpHub/SVR/WWCorpDoctor Notes/
WWCorp
Doctor Notes/
WWCorp
East01
East02
East01
East02
East03
East04
East03
East04
East05
East06
East05
East06
West01
West02
West01
West02
West05
West06
West05
West06
West03
West04
West03
West04
Administrator name Mail server name
60

Lotus Domino Administrator
Menus
Graphics
Tabs:
– People & Groups
– Files
– Server
– Messaging
– Replication
– Configuration
61

Administration Process
Automation of routine administrative tasks to manage:
– Names
– Mail files
– Server documents
Components:
– Administration Process task (Adminp)
– Administration server
– Administration Requests database (Admin4.nsf)
– Certification Log (Certlog.nsf)
62

Lesson 4 Objectives
Administering Users
Create groups.
Create an organizational policy.
Create and assign an explicit policy.
63

Groups
Collections of users or servers, or both, that have something in
common
Facilitate management by enabling administrators to affect
multiple users or servers simultaneously
Nesting groups
Deny List Only
Access issues for members of multiple groups
Auto-populated groups
65

Auto-populated Groups
Option for updating auto-populated
group membership once the home
mail server is specified
Option for updating auto-populated
group membership once the home
mail server is specified
66

Policies
A Policy document and associated Policy Settings documents
Can apply to all users, an OU, a group, or a single user
Multiple policies can apply to a user; policy precedence rules
determine the effective policy setting
Can be organizational or explicit
67

Types of Policy Settings Documents
Activities
Archiving
Desktop
Mail
Registration
Security
Setup
Lotus Traveler
Roaming
Symphony
68

Policy Precedence Rules
Specific overrides general:
– Explicit overrides organizational
Change precedence in the Policy Settings document
69

Static and Dynamic Policy Settings
Static:
– Set during user registration
– Set during workstation setup
Dynamic:
– Set when a user logs into the server
70

Policy Management Tools
Policy Viewer:
– Settings for each policy
– Settings by functional area
– Settings assigned to a specific user
– Effective policies on different levels in the policy hierarchy
Policy Synopsis tool:
– Determines the effective policy governing a user
– Reports are stored in the Policy Synopsis Results database
71

Policy Assignment
In the Domino Administrator Tools pane:
– In the People view, click People Assign Policy.
– In the Groups view, click Groups Assign Policy.
During registration
Dynamic policy assignment:
– In the Policy document, click the Policy Assignment tab, and
add users and groups.
72

Lesson 5 Objectives
Setting Up Server Administration
Customize the Lotus Domino Administrator work environment.
Set access to create databases on the server.
Set administration levels.
Set logging levels.
73

Administration Preferences
Domains to administer
Type and order of the file information displayed
How Lotus Domino collects and displays server monitoring data
Defaults to use when registering users, servers, and certifiers
75

Server Console Administration Tasks
Start or stop server tasks
Instruct a server task to perform a function
Change server configuration variables
Restart the server
76

Server Access Control Mechanisms
Lotus Domino authentication
Lotus Domino authorization
Server document Security tab
To allow/restrict Set this field
To limit access to only
those users listed in the
Domino Directory
Access server: Clear the users listed in all directories check box
To explicitly allow people,
servers, or groups access
to this server and deny
all others
Access server: Enter or select names under the word “and”
To explicitly deny people,
servers, or groups access
to this server
Not access server
77

User Access to the Server
To allow users or a group this type of access Edit this server access field
Create replica databases on this server Create new replicas
Create databases on this server Create new databases & templates
78

Administration Levels
79

Administration Level Details
Full Access administrators
Administrators
Database Administrators
Full Remote Console Administrators
View-Only Administrators
System Administrators
Restricted System Administrators
80

Full Access Administrator Best Practices
Leave the field blank.
Create a special Full Access administrator ID file.
Disable Full Access administrators in the Notes.ini file.
81

Administration Levels and Domino Web Administrator
Web-based administration tool (Webadmin.nsf).
HTTP server task synchronizes names in Web Server
document’s Full Access administrators and administrators
fields with the ACL for Webadmin.nsf, so to add access to Web
Administrator, modify these fields.
Names that are not already on the ACL list are added with
Manager access and all roles.
If the HTTP server detects a name that is already in the ACL, it
does not update the access rights.
82

Domino Server Log
Mail routing events
Replication events
Server phone calls
Security events
Newsgroup events
Miscellaneous events
Database usage
User activity (if configured)
83

The Notes.ini File
One for server, another for client
To edit:
– Edit the file directly, but this can cause unexpected results.
– Use the Set Configuration server command.
– Use a Configuration Settings document (server notes.ini only).
84

Logging Levels
LOG_MAILROUTING
LOG_REPLICATION
LOG_SESSIONS
LOG_TASKS
LOG_VIEW_EVENTS
85

Lesson 6 Objectives
Synchronizing IBM® Lotus® Domino® System Databases
Create server groups for replication.
Create a Connection document.
86

Server Groups and Replication
Three Connection documents:
1.Destination Server: East01
East03East03
East02East02
East01East01
HubHub
West03West03
West02West02
West01West01
One Connection document
Destination server: East Mail Servers,
where East Mail Servers is a group
consisting of the following members:
East01
East02
East03
88

Replication Controls
Replication type
Database priority
Connection documents
Selective replication
Server access
Access Control List
Element access
89

Replication Types
Pull Pull
Pull Push
Pull only
Push only
90

Methods for Forcing Replication
Console commands
Console commands and a text file listing servers and databases
to replicate
Domino Administrator:
– On the Server tab Tools pane, click Server Replicate
Lotus Notes or Domino Administrator:
– Select the database and click File Replication Replicate
91

Multiple Hub Configuration
HubHub
EastEast
HubHub
MailMail
Corporate
Hub
Corporate
Hub
ApplicationApplicationApplicationApplication
MailMail
ApplicationApplication
WestWest
92

Replication Schedules for Critical Applications
Domino Directory (Names.nsf): several times throughout the day
Critical applications:
– Specify high replication priority, and create a Connection
document specifying high priority databases with a short
interval
– Or, place critical applications in a subdirectory of the
Dominodata directory, and create a Connection document
specifying the subdirectory to replicate at a short interval
– Or, click File Replication Options for this
Application Other and set Set scheduled replication
priority for this replica to High.
93

Completed Connection Document
94

Lesson 7 Objectives
Configuring Basic Intranet Mail Routing
Configure Notes Named Networks.
Implement a hub-and-spoke mail routing topology.
Select a mail storage format for incoming mail.
95

Intranet Mail Routing Checklist
Task Procedure
1. Set up Notes Named Networks for mail routing.
2. Create mail routing topologies and schedule mail routing
between NNNs.
3. Select a mail storage format.
97

Classroom Intranet Implementation
f0851097-1.png
Hub/SVR/WWCorpHub/SVR/WWCorpNNN: WWCorpHQNNN: WWCorpHQ
East01
East02
East01
East02
East03
East04
East03
East04
East05
East06
East05
East06
West01
West02
West01
West02
West03
West04
West03
West04
West05
West06
West05
West06
NRPC Mail
Routing Within
NNNs
NRPC Mail
Routing Within
NNNs
NRPC Mail
Routing Between
NNNs
NRPC Mail
Routing Between
NNNs

Mail Routing Components
Mail file
Mail server
Mailer
Domino Directory
Mail.box
Router
99

Sample Intranet Mail Routing Scenario
f0851097-2.png
66
11
Automatic
mail routing
within the NNN
Automatic
mail routing
within the NNN
Connection
document for
mail routing
Connection
document for
mail routing
22
33
44
55
NNN: WWCorpHQNNN: WWCorpHQ
East01East01
Juan’s mail server
East04
Juan’s mail server
East04
West01West01
Mary’s mail server
West06
Mary’s mail server
West06

Opportunistic Routing
Routing mail when servers connect to replicate based on
established replication schedule
Might not be often enough to transfer mail between NNNs
101

Connection Document Mail Routing Options
Routing task
Route at once if X messages pending
Router type
102

Router Types and Connection Documents
Two Connection documents required
Can use Pull Push for one server and Push Wait for the other
Pull Push and Pull Only settings
103

Mail Storage Formats
MIME:
– Messages sent over SMTP are always sent in MIME format
Notes Rich Text
104

Lesson 8 Objectives
Configuring Mail Routing to the Internet
Enable the SMTP listener task.
Configure Basic SMTP settings.
Restrict Internet mail delivery.
Enable whitelist and blacklist filters.
Configure extended SMTP (E/SMTP) options.
Configure Internet addressing.
Test SMTP.
105

Internet Mail Routing Checklist
Task Procedure
1. Enable the SMTP listener task on appropriate servers.
2. Configure basic SMTP options.
3. Restrict mail flow to and from the Internet.
4. Set advanced SMTP options.
5. Configure Internet mail addressing.
107

Classroom Internet Implementation
f0851098-1.png
Hub/SVR/WWCorpHub/SVR/WWCorpRelays, SMTP
Controls
Relays, SMTP
Controls

SMTP Implementation Scenarios
All servers
Selected servers
Combined
109

Best Practice Implementation
f0851098-2.png
Relays, SMTP
Controls
Relays, SMTP
Controls
HubHub HubHub

Sample Internet Mail Routing Scenario
11
RelayRelay
Mary Costello
West03/SVR/WWCorp
Mary Costello
West03/SVR/WWCorp
33
22

SMTP Listener and Router Tasks
SMTP listener task:
– Handles incoming SMTP connections.
– Delivers messages received over those connections to
Mail.box.
Router task for SMTP:
– Same Router task that handles Lotus Notes routing (NRPC).
– When a message in Mail.box requires transfer to another
server, the Router determines where to send it and whether to
send it over NRPC or SMTP.
112

SMTP Settings
SMTP used when sending messages outside of the local internet
domain
SMTP allowed within the local internet domain
Servers within the local Notes domain are reachable via SMTP
over TCPIP
Relay host for messages leaving the local internet domain
Host name lookup
113

SMTP Inbound and Outbound Controls
Inbound controls enable you to allow or deny:
– Receiving messages from specific external Internet domains.
– Receiving unsolicited commercial messages in general or from sources
listed in one or more DNS Blacklists (DNSBLs).
– Receiving messages directed to specific Lotus Notes addresses.
– Relaying of messages from specific external Internet hosts to external
Internet domains.
Outbound controls enable you to allow or deny:
– Sending messages to specific Internet addresses to be sent out to the
Internet.
– Sending messages from specific Lotus Notes addresses to the Internet.
114

DNS Whitelist Filters
Used in conjunction with anti-spam features
Validate that the mail received by your inbound SMTP server is
legitimate mail
Query process:
– DNS query tries to locate the IP address of the connecting
server in the whitelist database as specified on the
Configuration Settings document.
– IP addresses found in the database are considered to be
legitimate senders of e-mail and will be added to the whitelist
host lists.
115

Enabling DNS Whitelist Filters
Silently skip blacklist filters (Default)
Log only
Log and tag message
116

DNS Whitelist Filter Statistics
117

DNS Blacklist Filters
Similar in operation to whitelist filters
Query process:
– When blacklist filters are enabled, the Lotus Domino server
sends a query to the specified sites to check the blacklist.
– If a host is blacklisted, the Lotus Domino server will act in
whatever way is specified in the Configuration Settings
document.
118

Actions for Hosts Found in DNS Blacklist Database
Log only (default)
Log and tag message
Log and reject message
119

Private Whitelist Filters
Exceptions to blacklist filters
Provide more granular administrative control
120

Private Blacklist Filters
Exceptions to whitelist filters
Provide more granular administrative control
121

Order of Whitelist and Blacklist Precedence
1. Private whitelists
2. Private blacklists
3. DNS whitelists
4. DNS blacklists
122

E/SMTP Settings Uses
To reduce connection charges:
– Set the extended Turn (ETRN) extension to enable the calling
server (such as an ISP server) to request the called server to
push mail to the ISP server.
To restrict messages of a specific size from being delivered:
– Enable the Size extension field.
123

Configuring Internet Addresses
When to configure:
– During user registration
– Or, any time after a user is registered
Lookup options:
– Full SMTP address only
– Local part of the SMTP address
– Full SMTP address, then if no matches are found, the local part
SMTP address
124

Lesson 9 Objectives
Establishing Mail Controls
Configure router restrictions.
Implement message disclaimers.
Implement mail delivery controls.
Implement mail transfer controls.
Configure multiple server mailboxes.
125

Task Procedure
3 Set up access to the Lotus Domino Directory.
10 Register users.
126

Mail Restrictions and Controls
To control this type of mail flow Use this field
Allow only the specified domains to
send mail to this domain
Allow mail only from domains
Restrict specific domains from
sending mail to this domain
Deny mail from domains
Restrict only specific organization
hierarchy to send mail to this domain
Allow mail only from the following organizations and
organizational units
Deny messages larger than a specific
size
Maximum message size
To route larger messages as low
priority, therefore, defer transferring
until a different time of day
Send all messages as low priority if message size is
between
127

Message Disclaimers
Notices added to outgoing SMTP e-mail messages to protect an
organization's legal interests
Can be enabled or disabled from the Lotus Notes client, the
Domino server, or both
Multiple disclaimers can be used
Implementation:
– Enable message disclaimers at the server level
– Create Mail Policy Settings documents that contain the
appropriate disclaimer text for the organization
128

Attaching and Enabling Message Disclaimers
Attachment options:
– At the server, disclaimer text that is specified in the Policy
Settings document is attached by the server
– At the Lotus Notes client, disclaimer text is attached by the
Lotus Notes client prior to depositing the mail message on
the server
Enabling message disclaimers
129

Message Disclaimer Policy Settings
130

Mail Delivery Controls
To control this type of mail delivery Use this field
Maximum number of server threads Domino can create to deliver
mail from Mail.box to local mail files
Maximum delivery threads
Encryption Encrypt all delivered mail
Whether or not the server permits the use of pre-delivery agents Pre-delivery agents
Maximum time (in seconds) that a pre-delivery agent, such as a
mail filter, can run before the Router interrupts it
Pre-delivery agent timeout
Whether the Router supports the rule action to send copies of
selected messages automatically to other recipients
User rules mail forwarding
131

Mail Transfer Controls
To manage this type of mail Set this field
When low priority mail should be transferred Low priority mail routing time range
How often the Router should retry transferring mail Initial transfer retry interval
How often expired messages should be purged from the server's
Mail.box
Expired message purge interval
132

Using Multiple Server Mailboxes
Reduces contention
Increases reliability
Increases delivery speed
133

Lesson 10 Objectives
Implementing Mail Rules and Storage limits
Create and activate a server mail rule.
Enable mail journaling.
Implement blacklist tag and whitelist tag mail rule configurations.
Establish mail quotas.
Control inbox size with Inbox Maintenance.
Archive mail.
134

Mail Rules
Define actions to be taken on certain messages
Use to:
– Reject messages.
– Redirect messages with attachments to a quarantine database.
– Copy messages to another database.
136

How Mail Rules Work
137

Mail Rule Processing
When the Domino server starts
When Mail.box receives any new message
When a new rule is added
When Mail.box receives any encrypted message
When a rule prevents a message from reaching its destination
138

Mail Rule Actions
Journal a message
Move a message to a database for storage or quarantine
Refuse to accept or deliver a message
Change the routing state of a message
Administrator review of messages redirected to
quarantine database
Stop processing of subsequent mail rules
139

Mail Journaling
Captures copies of messages sent through the system
Works in conjunction with mail rules
Does not disrupt the normal routing process
140

How Mail Journaling Works
Messages are examined as the pass through Mail.box
Journal flag is placed on the message before transferring it to the
next server
Selected messages are encrypted and saved to a Lotus Domino
Mail Journaling database (Mailjrn.nsf)
Message is delivered from the destination server after removing
the journal flag
141

Tag Mail Rule Conditions
Enables administrators and users to do more with the messages
that get tagged by private whitelists, private blacklists, DNS
whitelists, and DNS blacklists.
For server mail rules, the administrator can move tagged
messages to a particular database for analysis, or they can place
the messages on hold.
For user mail rules, the user can move tagged messages to a
certain folder, delete them, or send copies to the administrator.
142

Tags, Field Names, and Values
Tag Field name and value
Private Whitelist $DNSWLSite: <Private Whitelist>
DNS Whitelist
$DNSWLSite: <Name of Whitelist host where address was
found>
Private Blacklist $DNSBLSite: <Private Blacklist>
DNS Blacklist $DNSBLSite: <Name of Blacklist site where address was found>
143

Tagged Messages and Fields Examples
144

Creating Mail Rules with Tags
145

Mail Quotas
Size limits that are set on users’ mail files
Two types:
– Absolute
– Warning threshold
Associated with a particular mail file database, not with a user ID
Implementation options:
– During registration
– Per database
146

Enabling Inbox Maintenance in Mail Policy Settings
Inbox Maintenance enabled in the Policy Settings DocumentInbox Maintenance enabled in the Policy Settings Document
147

Configuring Inbox Maintenance in the Server Document
Inbox Maintenance configuration
in the Server document
Inbox Maintenance configuration
in the Server document
148

Archiving
Automation of copying outdated mail to an archive database or
deleting the mail, and cleaning up the mail file
Archiving policies:
– Easy to manage and allow for standardization
– Provide more control over mail environment
149

Archive Policy Documents
Policy document
Archive Policy Settings document:
– Whether to allow archiving
– Whether or not to allow Lotus Notes users to set their own
private archiving criteria where archiving occurs
– Archive location
– Archive log information
Archive Criteria Settings document:
– Establishes the criteria for document selection and mail
file cleanup
150

Monitoring Mail
Verify routing and check mail delivery.
Enable mail statistics.
Enable message tracking.
Configure Message Recall.
151

Mail Troubleshooting Checklist
Task Procedure
1 The network connections are set up properly.
2 The servers and Router are up and running.
3 The DNNs are set up properly.
4 The appropriate Connection documents exist and contain the following: the server
name is correct, the schedule is enabled, the Router type is correct.
5 The connection requirements for sending mail, such as calling times or message
thresholds, have been met.
6 Replication between servers is successful, ensuring Connection document
information is up-to-date on all relevant servers.
7 Router restrictions do not prohibit message delivery.
8 SMTP settings are correct.
9 Inbound and outbound controls are properly set.
10 Quotas are not exceeded.
11 Mail rules do not prohibit message delivery.
12 The mail address is correct.
13 The person information is correct.

Mail Monitoring Checklist
Task Procedure
1 Check for misdelivered mail.
2 Check mail monitoring tools.
3 Set up mail statistic monitors.
4 Enable message tracking.

Misdelivered Mail
Dead mail
– Mail that is not delivered to the recipient and cannot be
returned to the sender for non-delivery.
Undelivered mail:
– Mail that is not delivered because either the Router on the
server is not running or the recipient's mail server is down
155

Mail Statistics
Provide additional information on:
– Mail flow
– Current mail configuration
Use the Server Monitor to enable and monitor statistics
156

Message Tracking
Tracking information stored in MTstore.nsf
Message tracking can:
– Track messages across Lotus Domino domains.
– Be used by administrators and users from a Lotus Notes client
or Web browser.
– Provide reports of where a particular mail message was sent.
157

Message Recall
Allows users to retrieve Lotus Notes mail they accidentally or
inappropriately sent to the wrong people
Enabled by default in Domino 8.5
Policy-based controls:
– Specify which users can recall messages
– Specify whether or not recipients can prevent recall requests
Configuration options:
– Mail Policy Settings document
– Server Configuration document
158

Recalling a Message
1. Open or select the message in your Sent mail folder.
2. Click Recall Message.
3. If the message was sent to more than one recipient, select the
recipients from which to recall the message.
4. (Optional) To recall the message even if a recipient has already
opened it, select Recall the message even if it has been
read.
5. (Optional) To suppress recall status reports, clear Send me a
recall status report for each recipient.
6. Click OK twice.
159

Resolving Common Mail Routing Problems
Send a mail trace.
Restart the Router.
Force mail routing.
Resolve undelivered and dead mail.
160

Common Causes of Mail Routing Problems
Mail server down
Router not running
Mail routing connection issues
163

Troubleshooting Stages
Servers
Routers
Network and server connections
Document settings
Message settings
Person settings (Person document or Location document)
164

The Delivery Failure Process
3. Delivery Failure Report
placed in server’s mailbox
3. Delivery Failure Report
placed in server’s mailbox
1. Destination
server down
1. Destination
server down
2. Sender’s mail file
unavailable
2. Sender’s mail file
unavailable
165

Presentation building the ibm®lotus®domino®8.5 infrastructure

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Presentation building the ibm®lotus®domino®8.5 infrastructure

Semelhante a Presentation building the ibm®lotus®domino®8.5 infrastructure (20)

Mais de xKinAnx

Mais de xKinAnx (20)

Último

Último (20)

Presentation building the ibm®lotus®domino®8.5 infrastructure