8.51 mailadmin

8/12/2019 8.51 MailAdmin

1/75

Lotus Domino 8.5.1 Mail Administration

Version 1.0

8/12/2019 8.51 MailAdmin

2/75

Copyright Information

2010 wareSource.comPart #DSMA851-1.0, updated for Notes and Domino 8.5.1 Fix Pack 3

Under the copyright laws, this book may not be photocopied, reproduced,translated, or reduced to any electronic medium or machine-readable form, in

whole or in part, without the prior written consent of wareSource.com.

While every reasonable precaution has been taken in the preparation of this book,

the author assumes no responsibility for errors or omissions, nor for the uses made

of the material contained herein and the decisions based upon such use. No

warrantees are made, express or implied, with regard to either the contents of thiswork, its merchantability, or fitness for a particular purpose. The author shall not

be liable for direct, indirect, special, incidental, or consequential damages arising

out of the use or inability to use the contents of this book.

In no event shall the author be liable for any damages whatsoever (including

without limitation, damages for loss of business profits, business interruption, lossof business information, or any other loss) arising out the use of or inability to use

this material, even if the author has been advised of the possibility of such

damages.

Lotus, Domino, Domino Designer, ScreenCam, LotusScript, Notes/FX, Lotus

Notes, Notes, DataLens, Notes Minder, and Sametime are trademarks orregistered trademarks of Lotus Development Corporation and/or IBM

Corporation. IBM, OS/2, AS/400, S/390, AIX, DB2, and WebSphere are

registered trademarks of International Business Machines, Incorporated.Microsoft is a registered trademark and Windows, ActiveX, and Visual Basic are

trademarks of Microsoft Corporation. Netscape and Netscape Navigator are

trademarks of Netscape Communications Corporation. Java and JavaScript are

trademarks of Sun Microsystems, Inc.

All other marks are the property of their respective owners.

2 Lotus Domino 8.5.1 Mail Administration

8/12/2019 8.51 MailAdmin

3/75

Table of Contents

Topic 1: Mail Overview...........................................................................................7

Topic 2: NRPC Message Transfer and Delivery ...................................................21Topic 3: Notes Configuration ................................................................................35Topic 4: Inter-Domino Named Network NRPC Routing ......................................51

Topic 5: Inter-Named Network Routing Topologies.............................................75

Topic 6: NRPC Controls........................................................................................87

Topic 7: Domino Directory and Message Addressing...........................................97Topic 8: Directory Assistance..............................................................................111

Topic 9: Directory Catalogs.................................................................................127

Topic 10: Mail Database Design......................................................................... 149Topic 11: User Mail Database Administration ................................................... 163

Topic 12: Notes Mail Security.............................................................................201

Topic 13: Calendar and Scheduling.....................................................................207Topic 14: Domino Attachment and Object Service........................................... 243

Topic 15: SMTP Mail Transfer............................................................................255

Topic 16: SMTP Inbound Controls......................................................................289

Topic 17: Blacklists and Whitelists .....................................................................313Topic 18: Rules ....................................................................................................321

Topic 19: SMTP Outbound Controls...................................................................345

Topic 20: Internet Message Disclaimers..............................................................349Topic 21: POP/IMAP Clients ..............................................................................357

Topic 22: LDAP Directory Service .....................................................................379

Topic 23: Internet Certificate Authority ..............................................................393

Topic 24: Issue Internet Client Certificates .........................................................435Topic 25: Sign and Encrypt Internet Mail ...........................................................461

Topic 26: Lotus iNotes........................................................................................ 479Topic 27: Security for Lotus iNotes.....................................................................515

Topic 28: Domino Access for Microsoft Outlook...............................................537

Topic 29: Mail Monitoring Tools ........................................................................551

Topic 30: Message Tracking and Reporting........................................................571Topic 31: Message Archiving and Journaling .....................................................585

Topic 32: Troubleshooting and Performance ......................................................609

Index ....................................................................................................................637

Lotus Domino 8.5.1 Mail Administration 3

8/12/2019 8.51 MailAdmin

4/75

Description

During this course you will configure traditional Notes Mail as well as standards-based SMTP mail transfer and delivery. You will set up several mail clients,

including Notes, Internet mail (POP/Outlook Express), Domino Access forMicrosoft Outlook, and iNotes.

This course stresses the role of directories, including theDomino Directory,Directory Catalog,Mobile Directory Catalog, andExtended Directory Catalog,and how to make them available via Directory Assistance. It also covers theconfiguration of Domino to support LDAP requests.

This course also covers mail security for both Notes and Internet mail clients,including how to configure SSL on Domino and to issue Internet Certificates to

users for digital signing and encryption.

Course goals

In this course, you will learn how to:

configure intranet and Internet mail routing using the NRPC and SMTPprotocols

set up Notes to send and receive mail, set up an Internet mail client to send

mail via SMTP and retrieve mail via POP3 or IMAP4 protocols, use abrowser to access mail via iNotes, and configure Domino Access for

Microsoft Outlook

utilize the various directory types for mail addressing as well as for mailtransfer and delivery

configure the Domino Server to support address lookups by Internet mail

clients using LDAP

configure the NRPC and SMTP Router controls and restrictions to improverouting performance and reduce unsolicited email

utilize Notes Mail security features and serve as your own Internet CertificateAuthority, create server and client Internet Certificates, enable SSL, and

digitally sign and encrypt mail sent to Internet mail clients

support Notes Calendar and scheduling, including inter-domain resourcereservations

configure Domino Attachment and Object Service to reduce disk space and

network traffic due to message transfer, delivery, and storage


8/12/2019 8.51 MailAdmin

5/75

reduceMaildatabase size using design and document compression amongother methods

manage Notes Mail files using Domino Administrator with the assistance of

the Administration Process

utilize mail monitoring, tracking, and journaling features

retain messages using archiving and journaling

monitor and troubleshoot mail transfer and delivery.

Audience

This course is part of a series of Domino administration training courses. Follow

these paths to master all aspects of administering the Domino Server, Lotus

Notes, and other clients:

Lotus Domino

Administration Basics

3 days

Lotus Notes

Administration

3 days

Lotus Domino

Mail Administration

4 days

Notes

Experience

Lotus Notes

Support

3 days

Lotus Notes

User Essentials

1 day

Lotus Domino

Monitoring and Maintenance

2 days

Lotus Notes

User Essentials

PLUS Pack

Courses later in the series assume that you have mastered the content of earlier

courses.

This course is designed for LAN administrators who are responsible for

supporting mail on Lotus Domino Servers, Notes, and Internet mail clients and

who:

are proficient Notes mail users

have installed and configured a Domino Server

understand basic DNS and SMTP principles

have taken theLotus Domino Administration BasicsandLotus NotesAdministration courses or have the equivalent knowledge and experience

ideally have taken theLotus Domino Monitoring and Maintenance course orhave the equivalent knowledge and experience.

Lotus Domino 8.5.1 Mail Administration 5

8/12/2019 8.51 MailAdmin

6/75

Course design

This is an intensely practical course, combining thorough conceptual training withsignificant hands-on experience with Domino and Domino Administrator as well

as the various mail clients Domino supports. As you learn about various aspectsof the Domino Server and Domino Administrator as they relate to messaging, you

will immediately apply the concepts and techniques you learn.

Please consult the Set Updocument for this course to make sure the correctenvironment is in place before starting the course.

Font conventions

This course follows these font conventions:

Italic - database, view, page, form, document, macro, and field names, objectevent types, and new terms introduced in the text

Bold- Notes menu options, command button names (whether Notes ordeveloper defined), field labels, and accelerator keys

Courier- user input, sample values, code examples

Helvetica URLs

Lucinda Console HTML, XML, CSS, and programming code examples.


8/12/2019 8.51 MailAdmin

7/75

Topic 1: Mail Overview

Key points

Notes Mail has always usedand continues to usethe Notes Remote Procedure

Call (NRPC) protocol to transfer messages, and proprietary directories, like theDomino Directory, to store information needed for message addressing, routing,and delivery.

With NRPC sending messages to other systems or devicesif even possible

involved complicated gateways that would convert messages (and even network

protocols) and recipient addresses.

With the advent of standards-based Internet mail and directory protocols and mail

clients, Web browsers, and handheld devices (mobile phones, PDAs, pagers), the

Lotus Domino Server has been adapted to also support standards-based Internetmessaging and directory protocols. Knowledge of how both Notes and Internet

messaging protocols operate and are configured is required when building a mailinfrastructure using Domino.

This Topic shows the similarities and differences between routing messages usingthe proprietary NRPC routing protocol and the standards-based Simple Mail

Transfer Protocol (SMTP).

Mail terminology

There are a few terms pertaining to mail that must be defined before looking

specifically at NRPC or SMTP message routing. This diagram shows therelationship between these terms:

User Agent(UA)

Message

Transfer Agent(MTA)

Mail

TransportProtocol

User Agent(UA)

Internet

MQ

MSLMS

MQ

Directory Directory

LMS

Message Transfer Agent (MTA)

Message Delivery Agent (MDA)

MailAccess

Protocol

MessageQueue (MQ)

Local MessageStore (LMS)

Local MessageStore (LMS)

Message Store(MS)

MessageQueue (MQ)

MailTransportProtocol

MailTransportProtocol Mail

Delivery

Protocol

Topic 1: Mail Overview 7

8/12/2019 8.51 MailAdmin

8/75

User Agent (UA). This is the software that users use to send and read email.This could be Notes, any of the Internet mail packages (Mozilla Thunderbird,

Outlook/Outlook Express, or Eudora), a Web browser, or a phone or PDA. Infact, depending on users changing locations, they could access their email at

work, home, and while traveling using any of the clients. Most of what users

think about when they think of their email is the responsibility of the UA.

Message Transfer Agent (MTA). The mail server process responsible foraccepting messages transferred either by UAs or other MTAs and either

transferring them to other MTAs or delivering them to users with accounts

and message stores on that server. The MTA could be a Domino Server orMicrosoft Exchange, or any one of hundreds of commercial and open source

SMTP mail servers.

Message Transfer. The routing of a message from the UA to the MTA andbetween MTAs.

Message Store (MS). The MS is used by the MTA to store messages that areaddressed to users who have an account on that server. In the case of

Domino, each user is assigned an MS database (theirMail database).

Message Delivery Agent (MDA). A server process responsible fordelivering the message to a UAs MS. Often running on the same server as

the MTA. For Internet mail servers, this server responds to either the POP3

(Post Office Protocol, version 3) or IMAP4 (Internet Message AccessProtocol, version 4) employed by the UA. The Domino Mail Router acts as

both the MTA and MDA.

Message Delivery.The delivery of a message by the MDA to the UAs MS.

Local Message Store (LMS). The UA may have a local message store formessages downloaded from the MS. For a POP3 client, messages are

downloaded (and removed from) the server to a local store. For a mobile

Notes user, messages are replicated to a local replica copy of the usersMaildatabase.

Message Queue (MQ). A database used by the MTA that temporarily storesincoming and outgoing messages. Incoming messages may be transferred

from UAs or other MTAs. Outgoing messages may be transferred to other

MTAs or delivered to the MS. Mobile Notes users have a localMail Boxdatabase (MAIL.BOX) that holds sent messages until reconnected to

Domino, at which time the messages are transferred to the serversMail Boxdatabase.

8 Topic 1: Mail Overview

8/12/2019 8.51 MailAdmin

9/75

Directory. Used by the MTA to determine where to transfer or delivermessages in the MQ. Also used to determine the user MS if the message is to

be delivered to that server. Domino uses its ownDomino Directorydatabasefor both routing and delivery. Two directories are used for Internet mail:

the Internets global Domain Name Service (DNS), a distributed databaseof name-to-IP address mappings (MX records) to find MTAs in other

Internet domains

a directory used to find users in the domain, often accessible via theLDAP protocol (Lightweight Directory Access Protocol).

Mail Transfer Protocol. The syntax and commands exchanged between theUA and MTAs and between MTAs. Relies on underlying network protocols,

such as TCP/IP, to transport the higher-level protocol and message content.For Internet mail, the protocol to transfer messages from the UA to the MTA

and from MTA to MTA is SMTP. For Notes Mail, the protocols aregenerically referred to as Notes Remote Procedure Call (NRPC).

Mail Delivery Protocol. The protocol used by the MDA to deliver themessage to the users MS. There are no standards for this protocol, as it

depends on the type of MS being usedit can be anything from a text file toa high-end RDMS. For Domino, delivery is via NRPC to a Domino database

assigned to each user.

Mail Access Protocol. The protocol used to read and/or download messages

from the MS on the MDA. The download protocol for UAs to downloadmessages for reading is either POP3 or IMAP4, and NRPC for Notes.


8/12/2019 8.51 MailAdmin

10/75

Recipient Address. The basis for any message transfer and delivery systemis the recipient address. Addresses are protocol-dependent, for example:

For NRPC routing within a Domino Domain, the address is any value

found in the Persondocument FullName(User name) or ShortName

fields.

For NRPC routing to another Domino Domain, the person name plus

@domainname is specified, for example, Joe Smith@GlobalUS. If there

are intermediary Domino Domains through which the message must be

routed to reach the recipient domain, those domains can be appended, for

example,Mary Jones@GlobalUS@GlobalInt. The address is read from

right to left by the Router as the message is transferred to the next

Domino Domain found in the recipient address until it arrives at theusers own Domino Domain. Youll see below what happens next.

For SMTP routing, the address is the user name (no spaces) plus thedomain name and domain class, for example, [email protected]. If

there are IP subdomains, they can also be included, for example,

[email protected]. Unlike NRPC routing, subdomains

are not intermediary domains through which the message must route. All

message transfers directly to that subdomain. If routing to a Notes userwho has not been assigned an Internet address, any spaces in the name

can be substituted with underscores, for example,

[email protected].

Because address accuracy is absolutely essential, the directory is often made

available to users to help select addresses of users within the domain ratherthan having to type them from memory. Notes goes one step further and

prevents users from sending a message to an unknown user within the

domain. All UA software also provides a personal directory so users canstore their own list of valid recipient addresses.


8/12/2019 8.51 MailAdmin

11/75

NRPC message flow

This diagram shows the message flow using NRPC with the Notes UA and theDomino MTA:

Notes

Domino

Router

NRPCand/or

SMTP

NotesNRPC

and/or

SMTP

LAN

WAN

InternetNRPC

MAIL.BOXMAIL.BOX

User Mail.NSFUser Mail.NSF

Replica Mail.NSFReplica Mail.NSF

MAIL.BOXMAIL.BOX

Domino

Router

Domino DirectoryDomino Directory Domino DirectoryDomino Directory

User Mail.NSFUser Mail.NSF

NRPC

This table describes the steps of the message flow using NRPC with the Notes UA

and the Domino MTA:

Step Action

1 The UA is Notes, which is used to create the message and transferthe message to the MTA, which is the Domino Server.

This example starts with a message originating from a LAN-connected client.

2 The message is transferred via NRPC to the Domino Server (MTA).

Note:While NRPC is most typically transported by TCP/IP, it can

also be carried by any of the other network protocols supported by

Domino/Notes as well.

3 The message is written to the MQ, which is theMail Boxdatabaseon the server.

Note: This database ACL -Default- access is set to Depositor sousers can deposit messages but cannot read any of the messages

waiting for delivery.


8/12/2019 8.51 MailAdmin

12/75

Step Action

4 By default (can be changed under user preferences or on a per-

message basis), the message is also saved in the sendersMaildatabase (MS) on the users Home/Mail server for later reference.

The per-user database architecture of Notes Mail is considered one

of the most reliable in the industry, being far more fail-proof than

use a single MS database for all users.

5 The Router server task uses theDomino Directoryto determinewhere to transfer the message. If the destination Domino Domain is:

the same as the servers, the Router looks up the recipientsPersondocument in theDomino Directoryto find the recipientsHome/Mail server name

in another Domino Domain, the Router looks up the Connectiondocument to a Domino Server in that other Domain.

6-9 If the message is destined for a user on the same Home/Mail Serveras the sender, the Router delivers it immediately. Otherwise, the

Router copies the message out of the localMail Box and writes it tothe remoteMail Boxdatabase on the target Domino Server using theNRPC protocol.

If successful, the Router then deletes the message from the local

Mail Boxdatabase.

10 The Router server task uses theDomino Directoryto determinewhere to transfer or deliver the message. If the recipientMaildatabase is on:

the same server, the Router looks up the recipients Persondocument to find theMail database file name

another server in the same Domino Named Network, the Routerimmediately transfers the message to that server via NRPC

another server in a different Domino Named Network, the Router

looks up the Connectiondocument to a Domino Server in thatother Domino Named Network and transfers the message viaNRPC when the connection conditions come true (number of

messages or scheduled).

Whether for message transfer or delivery, the Router stamps its

name and the current date/time that it handled the message.


8/12/2019 8.51 MailAdmin

13/75

Step Action

11 The Router checks any user mail rules that may delete or modify the

message. If not, the Router copies the message out of its localMailBox and writes it to the usersMail database (MS) using the NRPC

protocol.

The Router deletes the message from its localMail Boxdatabase.

12 The Notes UA is used to read the message from the server copy of

theMaildatabase. This is just like reading any other Dominodatabase.

The message is retained in the usersMaildatabase (MS) on theserver until explicitly deleted by the user (or archived to another

database via an agent running in theMaildatabase).

13 A mobile Notes user may also have a replica copy of theMaildatabase on the local hard drive, in which case incoming messages

are added to the local LMS (for offline reading) via replication (and

NOT via message transfer).

Note: The model used by Lotus iNotes access is almost identical to that used by

Notes. The differences are in:

Step 1, where the message is created using an HTML form run in thebrowser and when submitted is handed from the Domino Web server task to

theMail Boxdatabase for delivery or transfer.

Step 12, where users read their messages rendered in HTML by the Domino

Web Server task from theMail databases using a browser.


8/12/2019 8.51 MailAdmin

14/75

SMTP message flow

This diagram shows the message flow using the SMTP protocol with an InternetUA and MTAs:

UA

MTA

SMTP

UAInternet

MQMQ

MSMSLMSLMSMQMQ

DNSDNS DirectoryDirectory

22

LMSLMS

11

MTA

MDASMTP SMTP

POP or

IMAP

This table describes the steps of the message flow using Internet mail protocols

with an Internet UA and MTAs:

Step Action

1 The UA is used to create the message and includes the software to

initiate the lookup of the MTA IP address in the DNS and transferthe message to the MTA.

2 The message is transferred to the MTA via SMTP.

Whether for message transfer or delivery, the MTA stamps its nameand the current date/time that it handled the message to the email

header.

3 The message is written to the MQ, which could be a text file or arelational database.

4 By default, the message is also saved to a local message store

(LMS) on the UA.


8/12/2019 8.51 MailAdmin

15/75

Step Action

5 The sending MTA looks at the recipient address to find the

destination domain.

The sending MTA sends the domain name to the Domain NameService (DNS), the DNS finds an MX Record (Mail Exchange) for

an MTA in the destination domain, and the DNS returns the IP

address of the highest preference recipient MTA to the sendingMTA.

The sending MTA initiates a TCP/IP connection to the IP address ofthe recipient MTA.

6 - 7 A SMTP connection request is made to the receiving MTA.

8 The receiving MTA responds to the connection request and the

sending MTA sends the message header to the receiving MTA.

9 If the message is accepted by the receiving MTA, the sending MTAtransfers the message contents (using the DATA command).

When the transfer is complete, the receiving MTA acknowledgesreceipt and waits for another message transfer or disconnect.

10 The MTA then uses its local directory (not DNS) to determine

where to transfer or deliver the message inside the domain. If therecipientMaildatabase is on:

the same server, look up the recipients mail account name tofind the users Message Store (MS) database file name

another server in the same domain, transfer the message to that

server via SMTP.

11 Copy the message out of the local MQ to the usersMaildatabase(MS) using an internal database procedure call.

Delete the message from the MQ.


8/12/2019 8.51 MailAdmin

16/75

Step Action

12-

13

If the UA is using POP3, it contacts its MDA (in this case a POP

mail server). The MDA uses an internal database procedure call to

retrieve the message from the MS and allows the UA to move the

message to its LMS.

If the UA is using IMAP4, the user has the choice of downloading

the message to the LMS or reading (and leaving) the message on theserver.

Note:Some UAs using POP3 also allow you to leave the messageson the server, but with limitations solved by IMAP4. The

distinctions between these two protocols will be described in a later

Topic.

Domino mail clients

Once a message has been routed to the users Home/Mail server and delivered to

the usersMaildatabase, it is now up to the UA to access the message for reading.

There are four types of UAs (covered in this course) that can access a Maildatabase on a Domino Server:

Mail.NSF

Domino

Server

Notes

Client

Internet MailClient

Web

Browser

iNotes

NRPC

POP or IMAP

HTTP

SMTP

Outlook

Client

NRPC

Domino supports these UA clients (and associated mail access protocols):

Notes. Notes users can, of course, use native NRPC to access theirMail

databases on the Domino Server.


8/12/2019 8.51 MailAdmin

17/75

8/12/2019 8.51 MailAdmin

18/75

License implications

Just a quick note about licensing. Lotus charges a Client Access License (CAL)fee for users who are listed in theDomino Directoryfor mail access, regardless of

protocol or mail client used. There is also a enterprise CAL, which includes bothgeneral database access as well as mail access to the server.

Note:For the latest license information see http://www-

01.ibm.com/software/lotus/notesanddomino/clientpackaging.html.

Choosing a mail protocol

While the users location and connectivity capabilities usually determine the most

appropriate mail client, there are a few protocol-dependent issues that determine

which client can be used.

Which should you use? Consider these points when making a decision:

You cannot use NRPC to transfer messages to Internet mail servers expecting

SMTP. You MUST enable SMTP to send/receive messages from Internet

mail servers.

You can use the Internet as a Virtual Private Network (VPN) using NRPC totransfer messages to other Domino Servers in your Domino Domain or to

other Domino Domains, either directly or via a third-part mail intermediarythat routes NRPC, such as Lotus Support (http://www-

306.ibm.com/software/lotus/support/lnn/), 4T Domino

(http://www.4tdomino.com/), or NaviSite(http://messaging.navisite.com/ManagedLotusDomino.shtml). You can

encrypt packets between Domino Servers using an encryption key created as

a by-product of authentication to ensure secure transmission (this is on top of

any encryption and digital signing that Notes may use).

Even if transferring messages destined for Internet addresses using SMTP,

there are advantages to using NRPC for server-to-server transfers inside yourDomino Domain (or to other Domino Domains). NRPC is a guaranteed

messaging system built on an internally managed, replicated directory.

Domino Administrator includes a number of tools to troubleshoot failuresand bottlenecks, including message trace, load balancing, statistics and eventhandlers, and Domino Domain Management probes.

http://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.htmlhttp://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.htmlhttp://www-306.ibm.com/software/lotus/support/lnn/http://www-306.ibm.com/software/lotus/support/lnn/http://www.4tdomino.com/http://messaging.navisite.com/ManagedLotusDomino.shtmlhttp://messaging.navisite.com/ManagedLotusDomino.shtmlhttp://www.4tdomino.com/http://www-306.ibm.com/software/lotus/support/lnn/http://www-306.ibm.com/software/lotus/support/lnn/http://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.htmlhttp://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.html

8/12/2019 8.51 MailAdmin

19/75

When using the Internet mail and directory protocols, you are relying on theDNS servers on the Internet (or Internal DNS for internal message routing) to

find an MX record for the destination Internet domain. When using NRPC(whether over the Internet or not), you are instead relying on the

configuration in your own DominoDirectory (and possibly though not

necessarily using the DNS for the destination servers IP address). Who doyou trust more to guarantee service?

Network design

The diagrams shown in this course are functional diagrams that show the flow of

messages through various systems.

They dont tell you much about how to design your network or how to connect

your network to your corporate WAN or to the Internet. Network design that

balances the sometimes-contradictory goals of throughput, resilience, and securityis as much science as magic.

Though beyond the scope of this course, we do have a few comments andrecommendations about network design:

Domino (as a mail server) can be used in any network design from the very

simple single server connected directly to the Internet to the most complex

multi-tier, global network.

For more information about how to place Domino in large networks, the bestresource is the two-part article, Using Notes/Domino SMTP with a DMZavailable at www.ibm.com/developerworks/lotus/library/smtp-dmz1andhttp://www.ibm.com/developerworks/lotus/library/smtp-dmz2/.

Notes and Domino are extremely well equipped with respect to messaging

security at all points, such as public/private key authentication of users andservers, network packet encryption, message encryption/digital signatures

using both proprietary and standards-based technologies, server and database

access lists, Notes Execution Control Lists, etc. All these securitymechanisms are integrated and easily managed with Domino Administrator

and the Administration Process task. You will see many of these mechanismsdescribed in this course.

With respect to message transport security, Domino includes an array of

mechanisms to help prevent everything from denial of service attacks to

spoofed addresses to spam. You will see how to configure these mechanismsin this course.

http://www.ibm.com/developerworks/lotus/library/smtp-dmz1http://www.ibm.com/developerworks/lotus/library/smtp-dmz2/http://www.ibm.com/developerworks/lotus/library/smtp-dmz2/http://www.ibm.com/developerworks/lotus/library/smtp-dmz1

8/12/2019 8.51 MailAdmin

20/75

The most important thing we can stress is that in spite of Dominos strengthswith respect to messaging security, there are far better products that you

should use as your front-line defenses against network attacks, mailedviruses, spam, phishing, zombie relays, employees leaking company secrets,

employees deleting messages that must be kept for legal purposes, and a host

of other perils and challenges related to messaging. It is critical that youemploy a multi-layered approach to messaging security, with Domino as the

lastdefense and not the first or only defense.


8/12/2019 8.51 MailAdmin

21/75

Topic 2: NRPC Message Transfer and Delivery

Key points

This Topic builds on the basic concepts of NRPC as the message transport and

delivery protocol you learned in the previous Topic.

Key to NRPC message routing is the grouping of servers and users into a Domino

Domain. All nodesservers and usersare defined in theDomino Directoryforthat particular Domino Domain.

This Topic also looks at the internal fields of a message routed via NRPC.

Protocol independence

NRPC message routing was designed to operate on any network protocol.

Depending on the computing platform, NRPC was originally created to run over

NetBEUI/NetBIOS, NetBIOS over IP, NetBIOS over IPX, SPX, SPX II,

AppleTalk, TCP/IP, TCP/IP IPV6, and network type (LAN, Internet, WAN,MAN, etc.). This network protocol and type independence has allowed mail to

work even if the network is made up of a mixture of protocols with minimal or no

dependence on external directories, such as DNS, in order to work properly. Allthat is necessary is a Domino Server that is connected to the network and

configured to use one or more network protocols.

In practice, however, most operating systems and networks today run only

TCP/IP, so most new Domino/Notes installations only run TCP/IP (and TCP/IP is

the only protocol supported between Domino Servers in a Domino Cluster).

Note: Starting with Domino/Notes 8.5, the proprietary X.PC used by Notes

Direct Dialup is no longer supported and the \modemsdirectory is not installed.

So if you rely on X.PC you cannot upgrade to 8.5.

Think Domino

When configuring mail to run on Domino Servers using NRPC, you need to focus

your thoughts on the Domino-think world, for example:

domain means the Domino Domain defined in theDomino DirectoryNOT the IP domain or a Windows domain

directory is theDomino Directorydatabase and associated servicesNOTDNS or LDAPwhich means that you have total end-to-end control over the

entire system without having to rely on outside parties or other servers

Topic 2: NRPC Message Transfer and Delivery 21

8/12/2019 8.51 MailAdmin

22/75

network is a Domino Named NetworkNOT the underlying physicalnetwork or network protocols

connection is a Connectiondocument defined in theDomino DirectoryNOT any record you will find in the DNS.

Domino Domain

If a group of servers and users are all defined in the same Domino Directory, theyare in the sameDomino Domain. The domain name is used:

for Notes Mail message routing between Domino Domains

to uniquely identify the Notes installation at a particular company.

As it is replicated to all servers, theDomino Directoryis what servers use to make

decisions regarding message transfer and delivery, identifying how to find:

other Domino Domains or Internet domains to transfer messages not

addressed to users within the domain

the Home/Mail server of a recipient

theMaildatabase name of a recipient.

The server finds its Domino Domain name when it starts from the Domain=

variable in theNOTES.INI. This was defined during Server Setup.

The Domino Domain is also required in the Serverdocument so that it can locateother configuration documents:

Note:SearchLotus Domino Administrator Help for Ensuring DNS resolves inNRPC -- Best practices to see why the Servers common name (e.g. HUB)

should be the same as the servers name in DNS (e.g. hub.teamapps.com) andhave an A record linking the entry to a numeric IP address, and how the NET

Address field in the Server document should match as well (e.g.hub.teamapps.com). But remember again that the IP domain name, while it may

be the same as the Domino Domain name, serves a different function.

22 Topic 2: NRPC Message Transfer and Delivery

8/12/2019 8.51 MailAdmin

23/75

The Domino Domain name must also be used on any Connectiondocumentsbetween servers in two different Domino Domains (or between two servers in two

different Domino Named Networks in the same Domino Domain):

Later in the course you will create Connection documents for mail routing andwill also review inter-Organization authentication using Cross Certificates and

server security that was covered in theLotus Domino Administration Basicscourse.

Domino Named Networks

Servers in the same virtual location (having the ability to communicate

continuously on the same LAN/WAN) using the same protocol canbe defined inthe sameDomino Named Network. Being in the same Domino Named Networkmeans that the server can connect to any other server in the Domino NamedNetwork using a common network protocol without having to establish a dial-up

connection.

This diagram shows a Domino Domain with a single Domino Named Network:

Domain=TeamApps

TCPIP HQ

Servers in the same Domino Named Network can:

all be seen by Notes users whose Home/Mail server is also in the Domino

Named Network in the Open Database dialog box


8/12/2019 8.51 MailAdmin

24/75

exchange messages automatically and immediately without furtherconfiguration.

To see the networks, open theDomino Directoryto theNetworksview or expandNetworksin Domino Administrator:

This Navigation Pane shows several Domino Named Networks, including TCPIPHQ, which is expanded to show several servers HUB, Magic, Mirage, etc. The

key on the icon for Magic means it is the Administration Server for theDominoDirectory.

The Domino Named Network name for a server is defined in its Serverdocumenton the Ports Domino Named Network Portstab (under Notes Network, thelegacy name for Domino Named Networks):

Unlike Domino Domain names, which should be unique between companies,Domino Named Network names are only used internally by the servers to develop

routing tables between servers in the same Domino Domain.


8/12/2019 8.51 MailAdmin

25/75

Since users never see Domino Named Network names, they do not have to be

user-friendly. You should code the name to include any administrator-helpful

information, such as a physical location and/or protocol.

Note:The Net Addressfield contains the protocol-specific address that other

servers and Notes clients use to locate the server on the network. In a TCP/IPnetwork, this is the fully qualified Internet host name (e.g.,

hub.teamapps.com).Though they serve different purposes, in a TCP/IP

network this address is typically the same as the one specified in the Fullyqualified Internet host namefield on the Basics tab, for example:

Note:The first server you set up in your Domain will automatically be defined

as having the Domino Named Network name, Portname + Network, for

example, TCPIP Network. For additional servers, however, you must manually

enter the name in the Serverdocument after registration but before setting upthe additional server. If the additional server is in the same Domino Named

Network, specify the exact same name when you set it up.

Multiple Domino Named Networks

If you have a network that uses different protocols or in which servers are

connected only via modem, you must create multiple Domino Named Networks.

This diagram shows three Domino Named Networks within the TeamApps

domain:

Domain=TeamApps

TCPIP HQ

TCPIP NY

TCPIP LA


8/12/2019 8.51 MailAdmin

26/75

Two servers belong to TCPIP HQ because they both support TCPIP and

communicate on the same LAN. When users at the home office use the OpenApplication dialog box, they see both servers.

The other servers belong to their own Domino Named Networks. Users only seeone server at those locations when they use the Open Application dialog box.

Keeping the servers in separate Domino Named Networks encourages users to usetheir local server, which frees up bandwidth on slow leased lines for intra-server

communication (message routing and replication).

If users know the name of a server in another Domino Named Network, they can

still enter its name into the Serverfield in the Open Database dialog box. Once aBookmark is created or database icon is added to the workspace, of course, theuser no longer needs to remember the server name. (This assumes, of course, that

the Server Access List allows users from other Domino Named Networks to open

a server.)

Multiprotocol servers

Servers supporting multiple protocols are members of multiple Domino NamedNetworks. This diagram shows a multiprotocol Domino Server that belongs to

two Domino Named Networks:

Domain=TeamApps

NetBIOS HQ

TCPIP NY

TCPIP HQ

The multiprotocol server, running both NetBIOS and TCP/IP, is responsible forreplication and message routing between the Domino Named Networks.

Because the two Domino Named Networks intersect at one server, Notes Maildelivery between the two Domino Named Networks through the multiprotocol

server is automatic and does not require further configuration (no Connectiondocuments are required). A Connectiondocument isrequired, however, formessage routing between the server in the TCPIP NY Domino Named Networkand a server in TCPIP HQ. In this example, because the servers in NetBIOS HQ

and TCPIP NY do not have a protocol in common, they must route messages and

replicate indirectly via a server in TCPIP HQ (or you could configure a server inTCPIP HQ as a Passthru Server).


8/12/2019 8.51 MailAdmin

27/75

NRPC routing

The placement of Domino Servers into Domino Named Networks and Domino

Domains affects message routing.

This diagram shows the major components and message flow of the Notes Mailsystem architecture (assuming a LAN-based Notes user and NRPC routing):

Client Mailer

sends/saves memo

Memo saved

to User Mail File

Router polls

MAIL.BOX

Memo deposited

in MAIL.BOX of

Home/Mail Server

Instant delivery

if on same server

Instant transfer to

another server's

MAIL.BOX if in the same

Domino Named Network

Scheduled/Triggered

transfer to

another server'sMAIL.BOX if in another

Domino Named Network

or Domino Domain

Using Serverand Connectiondocuments, each Router independently builds arouting table of least hop-count paths to all servers in its own Domino Named

Network and to those in other Domino Named Networks and Domino Domains

that require more information to successfully transfer messages (via Connectiondocuments).

When a message is found inMAIL.BOX, the dispatch thread:

immediately delivers the message if on the local server (uses Persondocument information to look up the users Home/Mail server name andMaildatabase file name)

immediately transfers the message if the other server is in the same DominoNamed Network

waits for the Connectiondocument schedule/threshold to come true andhands the message over to the appropriate transfer thread for transfer out of aspecified port to another Domino Named Network or Domino Domain.

The process repeats at each server hop until the terminal destination Home/Mail

server delivers the message to the usersMail database.

If the message calls for a Delivery Confirmation or Return Receipt, the process is

reversed and the sender is sent the confirmation or receipt. The specific path of

servers may or may not be the same.


8/12/2019 8.51 MailAdmin

28/75

Note:If you are routing messages to another Domino Domain, be aware that

you can only configure the routing of messages to a point server in the other

domain. It is up to the administrators in the other Domino Domain to configurerouting withinthe domain and to configure routing back to a point server inyour domain. You will configure inter-domain routing in a later Topic.

Router task

NRPC message routing (transfer and delivery) is handled by the Router server

task. This multi-threaded task is started when the server starts as a result of being

listed in the ServerTasks=variable in theNOTES.INI, for example:

ServerTasks=Replica,Router,Update,Stats,AMgr,Adminp,

The Router task should also be enabled in the Routing taskfield in the Serverdocument:

In a single server environment, or if all servers are in the same Domino Named

Network (and have the Router task running as shown above by selecting MailRouting), there really isnt much else you need to do to establish basic NRPC

email within your domain.

The Router makes its decisions about where to transfer or deliver a message based

on information found in the:

incoming or outgoing message SendTofield (and possibly CopyToandBlindCopyTofields)


8/12/2019 8.51 MailAdmin

29/75

Domino Directoryhidden views (primarily $Users, which selects Person,Group,Mail-in Database, and Certifierdocuments):

The first step in processing a message is to parse the address following @ to find

the domain name (Domino or Internet). The Domino Domain is specified in theServerdocument (as well as in theNOTES.INI), so this is easy to find.

Assuming that the message is addressed to this domain, look up the address in the$Users view. If a match is found, use theMailServerandMailFilevalues to movethe message from theMAIL.BOXto the usersMaildatabase (the database locationis specified in each users Persondocument) for delivery or to another servers

MAIL.BOX for transfer.

Router task functions

With no additional configuration the Router task performs these functions:

transfers messages simultaneously out multiple LAN ports

employs multiple transfer threads to the same target server so large messages

dont impede smaller messages destined for the same server

determines when to deliver messages based on message delivery priority andqueues large messages to be transferred or delivered off-hours

sends delivery failure messages and return receipts back to senders

marks undeliverable messages as dead if there is no connection or route

found back to sender to return a delivery failure and stores them inMAIL.BOX

for administrative action

logs its actions and maintains a full complement of performance statistics.


8/12/2019 8.51 MailAdmin

30/75

With very little additional configuration, the Router also performs these functions:

determines the next server hop in a computed shortest path when there area number of Connectiondocuments in the sameDomino Directory

has a limited ability to route around unsuccessful connections and recover tothe normal/preferred route when the connection is restored

generates events that can be handled by the Event task and responds toDomino Domain Monitoring messaging probes

monitorsMaildatabase size using quotas and optionally restricts additionalmessages from being created until the size is reduced.

As the course progresses, you will learn how to configure these and other Routertask functions.

Exercise: Test message delivery

Follow these steps to test the delivery of messages on a single server (which is bydefault in a single Domino Domain and single Domino Named Network):

Step Action

1 Make sure your Domino Server is running and the Server Console isshowing.

2 Work in Notes.

3 Press Ctrl+Mto create a new message.

4 Because there is only one Notes user (you) in your Domino Domainand you do not yet have Connectiondocuments to other Domains,address the new message to yourself.

5 When you send the message, watch the Server Console messages on

the server.

6 Press F9to refresh yourInboxview to find the message youreceived.

7 As an experiment, try sending a message to this user:

Fake User

What happens at the client? At the server?


8/12/2019 8.51 MailAdmin

31/75

Step Action

8 Try sending a message to this user:

Fake User@FakeDomain

This is a Notes users address in another Domino Domain name.

What happens at the client? At the server?

9 Try sending a message to this user:

[email protected]

Notes interprets this as an Internet address because the domain name

(anything after the @) has a period in it. What happens at the

client? At the server?

10 Open theNotes Logdatabase on the Domino Server. Switch to theMail Routing Eventsview.

Open up theLogdocument(s) for today and find the events relatedto your mail activity.

11 Working at the Server Console (or in the Remote Server Console),

enter these commands one at a time:

>tell router delivery stats>tell router show queues

12 Or, from the list of Server Tasks in Domino Administrator, right-

click the Router task and choose Tell Taskto select the samecommands:

The output displays delivery statistics and information aboutmessages held in the transfer and local delivery queues.


8/12/2019 8.51 MailAdmin

32/75

Message document internals

Open yourInboxand right-click a message you have received. Choose DocumentPropertiesand click the Fieldstab to expose the internals of the message

document:

Most of the fields have been added by the Notes Mailer user (such as SendTo,Subject, andBody), but some are added by Notes as part of the form design, andothers by the Router as it processes the message document.

The standard fields (for both Notes and Internet mail) that make up a message

document are the SendTo, Subject, andBodyfields (if the message is long, therewill be more than oneBodyitem listedall of the items are put together whenreading the message). Additional addresses are stored in CopyToandBlindCopyTo(if used).

The Fromand FromDomain(if from a different Domino Domain) fields tell youwho sent the message.

The PostedDatefield indicates when the user sent the message, while theDeliveredDateis when the Router wrote the document to the userMaildatabase.

RouteServersandRouteTimesare multi-value fields that collect all of the Routernames that handle a message. Since you have only seen delivery on a singleserver, you will only see one server name and a single timestamp pairing. When

you route a message between Domino Servers, you will see all of the names here.


8/12/2019 8.51 MailAdmin

33/75

To see the internals of a message document a bit more clearly, open the message

you received and click the More action button and chooseDelivery Information.

The Delivery Information dialog box opens:

The Delivery and Routing Informationfield shows the PostedDateandDeliveredDatefields; scroll down to see theRouteServersandRouteTimesinformation.

As you may suspect, the Delivery Optionsand Importancefields are also storedin various fields in the message document.

The time and date stamps can be seen on the Document Infotab in Document

properties.

Since the server wrote the document to yourMaildatabase, it is listed as the lastmodifier.


8/12/2019 8.51 MailAdmin

34/75

The first two lines on the last tab shows the Universal Note ID (UNID) of the

message document that was sent; the UNID uniquely identifies a document:

When the Router logs its transfer and delivery actions in theDomino Server Log(LOG.NSF) database, it records only the last eight characters of the UNID:

When written to the recipientsMail database, the UNID will typically stay thesame (unless there happens to be a duplicate, in which case a new, unique UNID

is assigned), so you can, if necessary, track the message down in the logs ofservers listed in theRouteServers field and also compare the message in thesenders and recipientsMail databases. (You will do this later in the course.)

The DB identifier will always change in the recipient copy of the message

document to match the Replica ID of the recipientsMail database.

Note:For more information about document identifiers, read the Lotus Support

document, What Are the Components of a Note ID?found athttp://www.ibm.com/support/docview.wss?rs=899&uid=swg27002668 .

http://www.ibm.com/support/docview.wss?rs=899&uid=swg27002668http://www.ibm.com/support/docview.wss?rs=899&uid=swg27002668

8/12/2019 8.51 MailAdmin

35/75

Topic 3: Notes Configuration

Key points

There are a number of options with respect to how Notes sends and receives

messages, but there are really only a few basic settings that control how Notesinteracts with the Domino Server with respect to email. The settings answer these

questions:

What is required for the user to create a new message from anywhere inNotes?

How is the message content formatted for the recipient (Notes Rich Text or

MIME)?

What is required to send the message?

What is required for the Router to deliver messages to a usersMaildatabase?

What is required for users to read their messages?

Beyond these basic questions, all of the other configuration options are related tothe usability and add-on features of the UA itself.

Another fundamental question is how users address their messages. This is

covered in a later Topic when we discuss directories.

Note: We can assume in this Topic that:

Notes is connected to the Domino Server on a local area network

the users Notes ID has been certified or cross-certified by a Certifier ID inthe servers Organization so authentication is possible (User ID is not locked

out due to incorrect password)

the user is allowed to access the server (is represented in the Server AccessList in Server document, is not in any Deny Access group, and is in noother way blocked from accessing the server)

the -Default- access ofMAIL.BOXon the Domino Server is Depositor (this

prevents users from reading or tampering with other users messages)

the user has at least Editor access to his/herMail database.

Topic 3: Notes Configuration 35

8/12/2019 8.51 MailAdmin

36/75

Create message

What is required for a user to create a new message anywhere in Notes?

Before answering this question, it is important to remember that Notes knowswho the current user is, and the users currentLocationname from the Notes UserID file name specified in theNOTES.INIvariables Keyfilename=and Location=.

With these two pieces of information Notes learns from the currentLocationinthe local Contactsthat the usersMail database is on a Domino Server (Locationdocuments are used by both the Notes Basic and Standard configurations; thesecond image is from Preferences in Notes Standard configuration which is just a

different UI but with the same settings):

TheMail database name and Domino Domain name are specified; the user hashis/her own database (the .NSFextension is optional), which exists on the

Home/Mail server.

The Home/Mail server on which the usersMail database resides is specified onthe Servers tab in theLocation document using the fully distinguished name, forexample:

When the user creates a new memo (presses Ctrl+M, clicks the Newbutton onthe Mail bar on the Basics Home Page, opensMail and clicks the New actionbutton, or chooses Create Mail Message anywhere outside ofMail), theMemoform from the specified database (mail\psmith.nsf) on the specifiedserver (Magic/TeamApps) is opened.

36 Topic 3: Notes Configuration

8/12/2019 8.51 MailAdmin

37/75

If the:

Mail filefield does not specify a valid path and file name on the Home/Mailserver (or on the local hard drive if configured for Local mail), the Create -

Mail menu will display (None Available) .

Mail file locationfield is set to Local, then theMaildatabase must exist onthe local hard drive (ideally in the same subdirectory structure as on the

server).

Otherwise because the user has Editor+ access to the database and can create new

documents in it (both ACL settings), the new message opens.

Note:Locationdocuments can be keyed to the User ID on the Advanced Basicstab, so that the Home/Mail server,Maildatabase file name, and othersettings all switch based on the User ID currently active. This allows a singlecopy of Notes to be shared by multiple users by merely switching to another

location. For a more robust multi-user client, though, you should set up Notes to

run specifically as a multi-user client. TheLotus Notes Support course describeshow to do this.

Message format

Most modern email software (including Notes) allows you to send messages thatinclude formatted text and attachments. How the message content (theBodyfield)is formatted for a particular recipient depends on the recipient UA. If the recipient

UA is:

Notes, the message is formatted using the proprietary CD (Composite

Document) rich text structure, which offers the greatest fidelity and retains

special Notes features such as sections and Document Links

an Internet email client, the message is converted (as best as possible) fromthe CD format to MIME (Multipurpose Internet Mail Extensions), using

plain text, HTML, or both in the same message.

It is ultimately up to the Notes user to determine the message format, but Notes

can be configured to help in this effort. How does Notes know which format to

use, especially if sending the message to multiple recipients, some who use Notesand others who use an Internet email client?


8/12/2019 8.51 MailAdmin

38/75

The first thing Notes does is check theDomino Directoryfor the recipient; iffound, the recipients Persondocument specifies the preferred message format:

Thus, for recipient UAs that can interpret MIME (for all Internet mail picked upby POP and IMAP users), the Notes Mailer creates a version of the message that

uses MIME.

For recipients that can read only Notes Rich Text (Notes 4.x and prior), the Mailer

creates a version that uses the CD format.

If the setting is Keep in senders format, the message is sent using the field

definition in the mail template (which by default is the Notes Rich Text format). Itis then up to the recipients UA to convert theBodyfield format.

The recommended settings are:

Keep in senders format if the UA is Notes R5 or higher.

Prefers MIMEif the UA is POP3 or IMAP.

Prefers Notes Rich Textif the UA is Notes pre-R5.


8/12/2019 8.51 MailAdmin

39/75

If the recipient domain name has a period (meaning it is an Internet address), the

recipients format preference wont be found in theDomino Directory. Instead,the Notes Mailer looks to the currentLocationdocument for instructions on howto format messages bound for the Internet (the last field):

With the MIME Formatpreference set, all recipients outside the users Domino

Domain with Internet addresses will receive messages in the MIME format.

But wait, theres more! The User Preferences (File Preferences User

Preferences Mail Internet in Notes Basic configuration) determine whetherthe MIME is sent as HTML, reduced to text, or both (if the recipient mail client

supports HTML it will use the attachment; otherwise the text is used):


8/12/2019 8.51 MailAdmin

40/75

In Notes Standard configuration, choose File Preferencesto open User

Preferences. Then expand Mail\Internetto find the Internet mail formatsetting.

If set to Prompt when sending, the user is prompted when the message is

actually sent to select the format of the MIME encoded content:

It is up to the user to know the message format capabilities of the recipient UA.

Note: All the MIME recipients in a messagesAddressfields will be convertedto the same format. If you want to send a particular format to a particular

person, you will have to create another message. If some recipients are also

Notes users, the result is that you will possibly see two messages being

deposited inMAIL.BOXone for Notes Rich Text format, and one for MIME.

Submit message to recipient

What is required to enable Notes to send a message?

The fact that a particular message is saved to a users Maildatabase is a function

of that user:

having the rights in the ACL to author documents in that database

choosing to save the message when it was sent:


8/12/2019 8.51 MailAdmin

41/75

Note:User Preferences (Mail\Sending and Receiving) also determines if the

default button performs a Send & Saveor Send Only:

If the user opts to send the message, the message document is deposited in the

MAIL.BOXdatabase on the Home/Mail server specified in the currentLocationdocument stored in the local Contacts.

Once the document is deposited to theMAIL.BOXdatabase on the server, it is up to

the Router task to poll that database for messages to transfer or deliver.

If the userMail database file location is set to Local(for mobile users), themessage document is saved to the localMAIL.BOXdatabase. When the user

schedules or forces a message transfer, the documents in the localMAIL.BOX

database are moved to theMAIL.BOXdatabase on the Home/Mail server.

Deliver message to user

What is required for the Router to deliver messages to a usersMaildatabases?

If a message originates from a Domino Server other than the users Home/Mailserver, the message is transferred by the server to the next hop on the way to the

users Home/Mail server using the same process of depositing the message into

the next serversMAIL.BOXdatabase, and if successful, deleting it from its own

MAIL.BOX.

When the message arrives at the recipients Home/Mail server, the Router

performs a lookup of the users name from a view of Persondocuments to findtheHome/Mail Serverfield to match. It then looks for theMaildatabase file name

and deposits the message into that database. If successful, the Router deletes thedocument from itsMAIL.BOXdatabase.

Again, how the message is stored depends on the recipients Persondocument,which specifies the preferred message format.


8/12/2019 8.51 MailAdmin

42/75

Read messages

What is required for a user to read messages using the Notes UA?

When the user clicks the Mailicon on the Home Page or clicks in NotesStandard configuration and chooses Mail(or any other ways to openMail), again,theLocationdocument is used to determine which database to open on thespecified Home/Mail server (or the Local drive).

User registration

Most of the Persondocument (in theDomino Directory) andLocationdocument(in the local Contacts) information for Notes Mail delivery is created as part ofuser registration and/or Notes setup; you do not generally have to create this

information manually.

User registration is covered fully in theLotus Notes Administration course, butlets review the mail-related aspects of registering a new user.

The Mailpage in the Register Person dialog box (with the Advancedcheck boxselected) is where you set the Home/Mail server, mail system type,Maildatabasedesign template and file name, and the ACL setting for the user:


8/12/2019 8.51 MailAdmin

43/75

This table describes the fields on the Mailtab:

Field Function

Mail system Choose from LotusNotes, POP, IMAP, or iNotes, whichall use a Notes database to store user mail.

If set to Other Internetor Other, a new field appears where

you can enter the users forwarding Internet or other mail

address (aMaildatabase will NOT be created for the user)so other users can address memos and send them via anMTA or gateway.

Choose Noneif the user doesnt need mail or you want to

configure it later.

Mail Serverbutton

The fully distinguished name of the Home/Mail server, forexample:

Mail Magic/TeamApps

The Home/Mail server performs several functions:

stores the usersMaildatabase

is responsible for running the Administration Process tomake any changes to theMaildatabase

using the list of servers in the same Domino NamedNetwork, presents the user with a list of servers in the

Open Database dialog box

serves as a network name resolver to help Notes findother Domino Servers if:

the server name cannot be resolved using protocol-

level methods or a numeric IP address is required

the server name is different from the protocol-specificname (such as the computer host name)

the server uses different common names in the ServerdocumentNet Addressfield; the Home/Mail serverpicks the correct name given the Notes protocol.


8/12/2019 8.51 MailAdmin

44/75

Field Function

Mail file

name

The path and database file name for the user. By default the

file name is created using the first letter of the users first

name and first seven characters of the last name.

If the directory does not exist, it will be added automatically

under the \DATAdirectory. You cannot, however, specify a

linked directory name here.

Note:For easier administration, you should always create

allMaildatabase files in a separate mail directory (ordirectories) under the data directory. The default is \MAIL.

Mail file

template

Unlike previous versions of Domino that had multiple mail

templates, now just the singleMail (R8.5) (MAIL85.NTF)

design template for allMailUA types (Lotus Notes,POP/IMAP, iNotes, and Domino Access for MicrosoftOutlook/DAMO).

If your company has created a custom template, you can

specify that template name instead of the default. You may,

for example, provide additional views and custom forms(employee reviews, travel authorization, timesheets, etc.), or

reduce the functionality to reduce the userMaildatabase filefootprint such as to remove the code if the user will neveraccess Mail with a browser.

Note:You will learn later in the course how to use acentral design and/or compress design elements to save

space.

Mail File

Replicasbutton

Allows you to create a replica of the userMaildatabase onmore than one server; typically when using DominoClustering,Maildatabases are stored on at least two serversin the cluster.


8/12/2019 8.51 MailAdmin

45/75

Field Function

Mail file

owner access

The setting the user has in the ACL. If set to:

Editor, users can delegate their Mail and enable the Out

of Officeagent. This is the recommended setting.

Designer, users also can change the design (and blockdesign updates) and create a full text index (if you dont

create it now). Generally not recommended.

Manager, users have complete control over theirMaildatabases, including the ability to change the ACL and

delete the database. NOT recommended!

Note:If you give Editoror Designer access, you (the

person registering the user) will be given Manager access

in the database ACL. Remember that Full Access

administrators can still control the ACL of any database.

Note:For users to delegateMaildatabase access, they mustalso be listed as Author in theAdministration Requestsdatabase (this may be accomplished with Default set to

Author or more likely the Organization, e.g., */TeamApps)

and given Author access.

Mail filemanager

Adds an entry to the ACL with Manager access if the userisnt set as Manager.

The idea is to have at least one person or group listed asManager, and if not the user, then ideally a group name of

trusted administrators responsible for managing userMaildatabases.

If the user is set to be Editor or Designer in the previous

field, the person doing the registration will be set asManager in the ACL unless this field contains a user or

group name, in which case that name will be set as Manager

to the ACL.


8/12/2019 8.51 MailAdmin

46/75

Field Function

Create file in

background

If you create theMaildatabase(s) now (option is notselected):

registration will take much more time

you must have physical connectivity to the Home/Mailserver(s).

If you let the Administration Process create the database(s)in the background (option is selected):

registration will go must faster

you dont need to have physical connectivity to theHome/Mail server if it is at a remote location

the Create Mail File Administration Request placed in theAdministration Process Requestsdatabase must replicateto the Home/Mail server and be processed before you can

set up the user.

Whether created now or in the background, you must have

the right to create databases on the Home/Mail server(s).

If you migrate users from other mail directories, you must

create theMaildatabases now.

Create full

text index

Allows users to quickly search their mail for words and

phrases. Keep in mind that full text indexes can be as large

as 75% of the database size.

We recommend that you create the index later using the

Database - Full Text Indextool in the Filesfunction tab in

Domino Administrator. This is actually a better way tocreate the index, as you can also set various options that

affect the search capability and index size.

Note: If you had set the user access level to Editor earlier,

the user will not have sufficient access to create the full textindex him/herself.


8/12/2019 8.51 MailAdmin

47/75

Field Function

Set database

quota/

warning

threshold

Specify the maximum file size of the usersMaildatabase. Ifusers exceed the quota, by default they can still receive mail

but cannot save mail until they delete existing messages.

Specify the warning level at which users are notified that

they are about to exceed their quota.

Note:You will learn how to set/reset quotas and how they

are enforced later in the course.

The Addresstab (also appears when you check the Advancedcheck box) lets

you add the users Internet email address and Internet domain to allow the user to

receive mail from the Internet addressed to them:

This table describes the fields on the Addresstab:

Field Function

Internetaddress

This is the email address of the user that is used when theMail Router routes mail from the Internet.

Tip: The Internet address will be created for you if you

leave this field blank, enter the Internet Domain on the right,and have selected an Address name format option and

Separator. You will see the address being built as you typein the Internet Domain name. If you type an address in theInternet Address field, however, your entry will override theauto-generated address.


8/12/2019 8.51 MailAdmin

48/75

Field Function

Internet

Domain

The registered Internet domain name used to send mail from

the Internet into your company. This name corresponds to one

or more MX records in the public DNS.

Address

nameformat/

Separator

Determines how a users name should be concatenated to

automatically create the Internet address.

Note:Once you decide on a particular format, you should

stick with it for all users, especially if they have advertisedtheir address. If you want to change the Internet Address

format later, you can do so using the Set Internet Address

tool in the People & Groupsfunction tab.

Tip:The default values for user registration fields can be set with an explicit orOrganizational Policydocument that is paired toRegistrationand SetupSettings. Then repeat the settings in theDesktop Settingspolicy so you candynamically reconfigure the user settings. TheLotus Notes 8 Administrationcourse describes how to do this.

Note: Domino Administrator also includes migration tools to move users from

cc:Mail, Exchange, Netscape Mail, Windows directory, or an LDIF file (the

result of an export from an LDAP directory). There are also third-partymigration tools that you can use to port email accounts and files to other clients

(e.g., http://www.binarytree.com/). Migrating from Exchange? See the still-

relevant IBM Redbook Migrating from Microsoft Exchange2000/2003 toLotus Notes and Domino 7 athttp://www.redbooks.ibm.com/redpieces/abstracts/sg247777.html?Open .

Exercise: Test message delivery

Follow these steps to show how settings in your Persondocument in theDominoDirectoryand yourLocationdocument in your local Contactsaffect your abilityto create, send, and read messages:

Step Action

1 Make sure your Domino Server is running and the Server Console is

showing.

2 Work in Notes.

http://www.binarytree.com/http://www.redbooks.ibm.com/redpieces/abstracts/sg247777.html?Openhttp://www.redbooks.ibm.com/redpieces/abstracts/sg247777.html?Openhttp://www.binarytree.com/

8/12/2019 8.51 MailAdmin

49/75

Step Action

3 Open theDomino Directoryon your server.

Open theMessaging\Mail Usersview and determine your

Home/Mail server, Mail Address, and Mail File names.

This view (also available in Domino Administrator) gives you anoverview of users who have aMaildatabase file name listed byHome/Mail server.

This view is also helpful to ensure unique address and file names, as

well as to distinguish users who have been registered in theDominoDirectorybut who are not set up for mail.

4 Open your Persondocument in Read mode.

Click the Basicstab to see the information the server uses to delivermessages to yourMaildatabase.

Close the document.

5 Open theMessaging\Networksview and locate the Domino NamedNetwork that your Home/Mail server belongs to.

There is probably only one server in the Domino Named Network. Ifthere were more servers, messages would be instantly transferred to

those servers for delivery to users withMaildatabases on thoseservers.

6 Choose File Preferences - Location Preferencesto open yourcurrentLocationdocument.

Click the Serverstab. What is the name of your Home/Mail server?This should match what your Person document said.

Click the Mailtab. Where is yourMaildatabase located? Thisshould match what your Person document said.

7 Press Ctrl+Mto create a new message.

WhichMaildatabase is opened? (Use Databaseproperties toverify.)

What controls which database opens?

8 Address the new message to yourself.


8/12/2019 8.51 MailAdmin

50/75

Step Action

9 Send the message.

Which Home/Mail server is used when sending the message? What

controls which server is used?

10 Close yourMaildatabase.

11 Click the Mailbookmark.

WhichMaildatabase is opened? (Use Databaseproperties toverify.)

What controls which database opens?


8/12/2019 8.51 MailAdmin

51/75

Topic 4: Inter-Domino Named Network NRPC Routing

Key points

As you know, you do not have to configure message transfer between two

Domino Servers in the same Domino Named Network; the messages aretransferred and delivered immediately regardless of any delivery priority set by

the user. This Topic looks at message transfer using NRPC between two:

Domino Named Networks in the same Domino Domain

different Domino Domains.

The basic mechanism to enable inter-Named Network message routing is aConnectiondocument in theDomino Directoryon both ends (and any nodes

between), so that messages can route both ways.

When you need Connectiondocuments

If you only have a single Domino Named Network or never want to route

messages via NRPC to another Domino Domain, you do not have to create anyConnectiondocuments for message routing. Well look at an example of severalDomino Named Networks that are not connected. The Messaging\Mailfunction

tab in Domino Administrator shows the Mail Routing Topology by DominoNamed Networks:

Topic 4: Inter-Domino Named Network NRPC Routing 51

8/12/2019 8.51 MailAdmin

52/75

In this Domino Domain there are several Domino Named Networks. Within each

network, message routing to/from any server is automatic and immediate withoutrequiring any Connectiondocuments that specify message routing (you will stillneed Connection documents to schedule replication).

There will not, however, be any message routing (or replication) between the

Domino Named Networks without Connection documents defined.

Note: The topology map is rebuilt at 2 AM by the Maps Extractor server task.

After adding new Connection documents, you wont see the new topologymaps. There is no way to force it to update immediately. You can try starting

the Maps task manually using this Server Console command (use the liveconsole):

>load maps

Then restart Domino Administrator. But in most cases, you wont see new

drawings until tomorrow.

You can change the number of hours after the Map task starts that the maps are

rebuilt using theNOTES.INIvariable Topology_WorkInterval=#hours. The

maps will then be rebuilt every #hoursafterwards. SearchDomino 7

Administrator Helpfor details.

If you have a large multi-network or multi-domain enterprise, however, then you

will undoubtedly create and maintain manyConnection documents (typicallythrough one or more centralized Domino Servers acting as mail hubs).

The topology map, by the way, shows routing in the same Domino Named

Network (the legend for the topology diagram labels it Default Mail Routing) asa solid blue line between two servers.

Though none are shown in the topology above, explicit connections would be

drawn with a dashed red line. In this other example, Sea and Rock are in the same

Domino Named Network, whereas Rock and Hub are not but do have aConnection document defined:

52 Topic 4: Inter-Domino Named Network NRPC Routing

8/12/2019 8.51 MailAdmin

53/75

There are several other examples of message routing that may or may not require

Connection documents. If you route messages via:

SMTP to the Internet, you do NOT need Connectiondocuments unless youroute messages first to a mail hub (such as outside the firewall) that is

responsible for routing messages to the Internet

NRPC over the Internet, then you DO need Connectiondocuments (there areno MX records in the DNS that can be used for NRPC routing).

Two Connectiondocuments are needed

Two Connection documents are necessary to send and receive messages fromanother server in another Domino Named Network.

If you want to route messages:

between Domino Named Networks within your own domain, you mustcompose both Connectiondocuments in your domainsDomino Directory.

to other domains, you must create a Connectiondocument between oneserver in your domain (through your Domino Named Networks) to onepointserver in the other domain; the other domains Notes administrator is

responsible for creating a Connectionback to your domain.

Caution:Never create a Serverdocument in yourDomino Directory for anyDomino Servers outside of your Domino Domain. This will totally confuse the

Router.

Create Connection document

Connectiondocuments provide the Router with instructions on how and when totransfer messages to another Domino Server outside its own Domino NamedNetwork or Domino Domain.

Follow these steps to create a Connectiondocument relevant to message routing:

Step Action

1 Open the Configuration function tab in Domino Administrator.

Expand the Messaging item in the Context Pane and click

Connectionsto open the Connectionsview in theDominoDirectory.


8/12/2019 8.51 MailAdmin

54/75

Step Action

2 Click the Add Connectionaction button.

A new Connectiondocument opens:

Connection documents are used to schedule message routing and/orreplication. In this course, we are only interested in routing, but you

would typically work on the schedule for both tasks in the same

Connectiondocument.

Note:Remember that because theDomino Directoryis replicatedto all servers in your Domino Domain, you can define the routing

topology and schedule for all servers in theDomino Directoryonone server and the Connection documents will eventually replicateto all the other servers.

3 Enter the field values (relevant to message routing) using thefollowing table.


8/12/2019 8.51 MailAdmin

55/75

Field Function

Connection

type

Specify the type of connection, the default type being Local

Area Network, in which the destination server is always

available over a network connection.

Network Dialup can also be used for message transfer, which

uses a RAS dialer to connect to a SLIP or PPP dial-up server.

There are several other specialty connection types you can

choose from, most of which are now obsolete.

The type of connection you select reveals additional fields oran added tab to the Connectiondocument.

Source server

and domain

The distinguished server name (e.g., Hub/TeamApps) and the

Domino Domain name of the server initiating the exchange.

Use the

port(s)

The name of the port out from which the destination server

can be found.

If the other server is available via multiple ports, you can

optionally put an *to let the server determine a port to use,

starting at the top of the enabled port list.

Note:Ports are named using the Server\Setup Portstool inthe Serverfunction tab in Domino Administrator. If a LAN

port, the port name is also entered in the Ports - DominoNamed Network Portstab in the Server document.

Usage priority Affects how the source server finds the destination server,

which occurs in this sequence:

determine a path to the destination server using

Connectiondocuments with a Usage priority set toNormal

if not found, probe all enabled ports for the destination

address (the method varies by protocol)

use Connectiondocuments with a Usage priority set to Low

attempt to use a default Passthru Server to connect.

Note:If two ports are enabled in the same Domino Named

Network, you can force which port a server uses to connect

to the other server by setting one to a Usage priority to

Normal, and the other to Low.


8/12/2019 8.51 MailAdmin

56/75

Field Function

Destination

server and

domain

The distinguished server name (e.g., Spoke1/TeamApps) and

(Domino) domain name of the destination server (NOT the

Internet domain, as we are routing via NRPC here).

You can also enter a group name as the destination. The

Groupdocument, in turn, contains a list of Domino Serversin theMembersfield.

This reduces the number of Connectiondocuments you needto manage if messages are to route out to multiple servers inthe destination Domino Named Network or Domino Domain.

Note:Message transfer is sensitive to the destinationdomain of the message.

If there are no messages bound for the destination domain,no connection will be attempted.

If, on the other hand, a user sends a message to a user inanother domain to which there is no connection, the

message is returned to the user as undeliverable.

Optionalnetwork

address

Specifies a network address if the common name of theserver is not a resolvable network address (such as when

using TCP/IP without a HOSTSfile or a DNS).

Note:Lotus highly recommends using a TCP/IP host nameas opposed to a numeric IP address. If your server has

trouble contacting a DNS, enter the IP address instead.

Step Action

4 Click the Replication/Routingtab to define the parameters for

routing:

Enter the field values (relevant to routing) using the following table.


8/12/2019 8.51 MailAdmin

57/75

Field Function

Routing task Select Mail Routingfor NRPC routing.

The other routing tasks listed are virtual connections that

allow messages using other protocols to travel via NRPC to aserver that has been enabled to route messages to the external

mail system.

Route at once

if

In addition to scheduled connections, the Router can initiate

an unscheduled connection if this threshold of messages tothe same destination server is reached.

At the extreme values, if you set it to 1, one Normal pr

8.51 mailadmin

Documents