Date post: | 03-Jun-2018 |
Category: |
Documents |
Upload: | shailesh-surroop |
View: | 225 times |
Download: | 0 times |
of 75
8/12/2019 8.51 MailAdmin
1/75
Lotus Domino 8.5.1 Mail Administration
Version 1.0
8/12/2019 8.51 MailAdmin
2/75
Copyright Information
2010 wareSource.comPart #DSMA851-1.0, updated for Notes and Domino 8.5.1 Fix Pack 3
Under the copyright laws, this book may not be photocopied, reproduced,translated, or reduced to any electronic medium or machine-readable form, in
whole or in part, without the prior written consent of wareSource.com.
While every reasonable precaution has been taken in the preparation of this book,
the author assumes no responsibility for errors or omissions, nor for the uses made
of the material contained herein and the decisions based upon such use. No
warrantees are made, express or implied, with regard to either the contents of thiswork, its merchantability, or fitness for a particular purpose. The author shall not
be liable for direct, indirect, special, incidental, or consequential damages arising
out of the use or inability to use the contents of this book.
In no event shall the author be liable for any damages whatsoever (including
without limitation, damages for loss of business profits, business interruption, lossof business information, or any other loss) arising out the use of or inability to use
this material, even if the author has been advised of the possibility of such
damages.
Lotus, Domino, Domino Designer, ScreenCam, LotusScript, Notes/FX, Lotus
Notes, Notes, DataLens, Notes Minder, and Sametime are trademarks orregistered trademarks of Lotus Development Corporation and/or IBM
Corporation. IBM, OS/2, AS/400, S/390, AIX, DB2, and WebSphere are
registered trademarks of International Business Machines, Incorporated.Microsoft is a registered trademark and Windows, ActiveX, and Visual Basic are
trademarks of Microsoft Corporation. Netscape and Netscape Navigator are
trademarks of Netscape Communications Corporation. Java and JavaScript are
trademarks of Sun Microsystems, Inc.
All other marks are the property of their respective owners.
2 Lotus Domino 8.5.1 Mail Administration
8/12/2019 8.51 MailAdmin
3/75
Table of Contents
Topic 1: Mail Overview...........................................................................................7
Topic 2: NRPC Message Transfer and Delivery ...................................................21Topic 3: Notes Configuration ................................................................................35Topic 4: Inter-Domino Named Network NRPC Routing ......................................51
Topic 5: Inter-Named Network Routing Topologies.............................................75
Topic 6: NRPC Controls........................................................................................87
Topic 7: Domino Directory and Message Addressing...........................................97Topic 8: Directory Assistance..............................................................................111
Topic 9: Directory Catalogs.................................................................................127
Topic 10: Mail Database Design......................................................................... 149Topic 11: User Mail Database Administration ................................................... 163
Topic 12: Notes Mail Security.............................................................................201
Topic 13: Calendar and Scheduling.....................................................................207Topic 14: Domino Attachment and Object Service........................................... 243
Topic 15: SMTP Mail Transfer............................................................................255
Topic 16: SMTP Inbound Controls......................................................................289
Topic 17: Blacklists and Whitelists .....................................................................313Topic 18: Rules ....................................................................................................321
Topic 19: SMTP Outbound Controls...................................................................345
Topic 20: Internet Message Disclaimers..............................................................349Topic 21: POP/IMAP Clients ..............................................................................357
Topic 22: LDAP Directory Service .....................................................................379
Topic 23: Internet Certificate Authority ..............................................................393
Topic 24: Issue Internet Client Certificates .........................................................435Topic 25: Sign and Encrypt Internet Mail ...........................................................461
Topic 26: Lotus iNotes........................................................................................ 479Topic 27: Security for Lotus iNotes.....................................................................515
Topic 28: Domino Access for Microsoft Outlook...............................................537
Topic 29: Mail Monitoring Tools ........................................................................551
Topic 30: Message Tracking and Reporting........................................................571Topic 31: Message Archiving and Journaling .....................................................585
Topic 32: Troubleshooting and Performance ......................................................609
Index ....................................................................................................................637
Lotus Domino 8.5.1 Mail Administration 3
8/12/2019 8.51 MailAdmin
4/75
Description
During this course you will configure traditional Notes Mail as well as standards-based SMTP mail transfer and delivery. You will set up several mail clients,
including Notes, Internet mail (POP/Outlook Express), Domino Access forMicrosoft Outlook, and iNotes.
This course stresses the role of directories, including theDomino Directory,Directory Catalog,Mobile Directory Catalog, andExtended Directory Catalog,and how to make them available via Directory Assistance. It also covers theconfiguration of Domino to support LDAP requests.
This course also covers mail security for both Notes and Internet mail clients,including how to configure SSL on Domino and to issue Internet Certificates to
users for digital signing and encryption.
Course goals
In this course, you will learn how to:
configure intranet and Internet mail routing using the NRPC and SMTPprotocols
set up Notes to send and receive mail, set up an Internet mail client to send
mail via SMTP and retrieve mail via POP3 or IMAP4 protocols, use abrowser to access mail via iNotes, and configure Domino Access for
Microsoft Outlook
utilize the various directory types for mail addressing as well as for mailtransfer and delivery
configure the Domino Server to support address lookups by Internet mail
clients using LDAP
configure the NRPC and SMTP Router controls and restrictions to improverouting performance and reduce unsolicited email
utilize Notes Mail security features and serve as your own Internet CertificateAuthority, create server and client Internet Certificates, enable SSL, and
digitally sign and encrypt mail sent to Internet mail clients
support Notes Calendar and scheduling, including inter-domain resourcereservations
configure Domino Attachment and Object Service to reduce disk space and
network traffic due to message transfer, delivery, and storage
4 Lotus Domino 8.5.1 Mail Administration
8/12/2019 8.51 MailAdmin
5/75
reduceMaildatabase size using design and document compression amongother methods
manage Notes Mail files using Domino Administrator with the assistance of
the Administration Process
utilize mail monitoring, tracking, and journaling features
retain messages using archiving and journaling
monitor and troubleshoot mail transfer and delivery.
Audience
This course is part of a series of Domino administration training courses. Follow
these paths to master all aspects of administering the Domino Server, Lotus
Notes, and other clients:
Lotus Domino
Administration Basics
3 days
Lotus Notes
Administration
3 days
Lotus Domino
Mail Administration
4 days
Notes
Experience
Lotus Notes
Support
3 days
Lotus Notes
User Essentials
1 day
Lotus Domino
Monitoring and Maintenance
2 days
Lotus Notes
User Essentials
PLUS Pack
Courses later in the series assume that you have mastered the content of earlier
courses.
This course is designed for LAN administrators who are responsible for
supporting mail on Lotus Domino Servers, Notes, and Internet mail clients and
who:
are proficient Notes mail users
have installed and configured a Domino Server
understand basic DNS and SMTP principles
have taken theLotus Domino Administration BasicsandLotus NotesAdministration courses or have the equivalent knowledge and experience
ideally have taken theLotus Domino Monitoring and Maintenance course orhave the equivalent knowledge and experience.
Lotus Domino 8.5.1 Mail Administration 5
8/12/2019 8.51 MailAdmin
6/75
Course design
This is an intensely practical course, combining thorough conceptual training withsignificant hands-on experience with Domino and Domino Administrator as well
as the various mail clients Domino supports. As you learn about various aspectsof the Domino Server and Domino Administrator as they relate to messaging, you
will immediately apply the concepts and techniques you learn.
Please consult the Set Updocument for this course to make sure the correctenvironment is in place before starting the course.
Font conventions
This course follows these font conventions:
Italic - database, view, page, form, document, macro, and field names, objectevent types, and new terms introduced in the text
Bold- Notes menu options, command button names (whether Notes ordeveloper defined), field labels, and accelerator keys
Courier- user input, sample values, code examples
Helvetica URLs
Lucinda Console HTML, XML, CSS, and programming code examples.
6 Lotus Domino 8.5.1 Mail Administration
8/12/2019 8.51 MailAdmin
7/75
Topic 1: Mail Overview
Key points
Notes Mail has always usedand continues to usethe Notes Remote Procedure
Call (NRPC) protocol to transfer messages, and proprietary directories, like theDomino Directory, to store information needed for message addressing, routing,and delivery.
With NRPC sending messages to other systems or devicesif even possible
involved complicated gateways that would convert messages (and even network
protocols) and recipient addresses.
With the advent of standards-based Internet mail and directory protocols and mail
clients, Web browsers, and handheld devices (mobile phones, PDAs, pagers), the
Lotus Domino Server has been adapted to also support standards-based Internetmessaging and directory protocols. Knowledge of how both Notes and Internet
messaging protocols operate and are configured is required when building a mailinfrastructure using Domino.
This Topic shows the similarities and differences between routing messages usingthe proprietary NRPC routing protocol and the standards-based Simple Mail
Transfer Protocol (SMTP).
Mail terminology
There are a few terms pertaining to mail that must be defined before looking
specifically at NRPC or SMTP message routing. This diagram shows therelationship between these terms:
User Agent(UA)
Message
Transfer Agent(MTA)
TransportProtocol
User Agent(UA)
Internet
MQ
MSLMS
MQ
Directory Directory
LMS
Message Transfer Agent (MTA)
Message Delivery Agent (MDA)
MailAccess
Protocol
MessageQueue (MQ)
Local MessageStore (LMS)
Local MessageStore (LMS)
Message Store(MS)
MessageQueue (MQ)
MailTransportProtocol
MailTransportProtocol Mail
Delivery
Protocol
Topic 1: Mail Overview 7
8/12/2019 8.51 MailAdmin
8/75
User Agent (UA). This is the software that users use to send and read email.This could be Notes, any of the Internet mail packages (Mozilla Thunderbird,
Outlook/Outlook Express, or Eudora), a Web browser, or a phone or PDA. Infact, depending on users changing locations, they could access their email at
work, home, and while traveling using any of the clients. Most of what users
think about when they think of their email is the responsibility of the UA.
Message Transfer Agent (MTA). The mail server process responsible foraccepting messages transferred either by UAs or other MTAs and either
transferring them to other MTAs or delivering them to users with accounts
and message stores on that server. The MTA could be a Domino Server orMicrosoft Exchange, or any one of hundreds of commercial and open source
SMTP mail servers.
Message Transfer. The routing of a message from the UA to the MTA andbetween MTAs.
Message Store (MS). The MS is used by the MTA to store messages that areaddressed to users who have an account on that server. In the case of
Domino, each user is assigned an MS database (theirMail database).
Message Delivery Agent (MDA). A server process responsible fordelivering the message to a UAs MS. Often running on the same server as
the MTA. For Internet mail servers, this server responds to either the POP3
(Post Office Protocol, version 3) or IMAP4 (Internet Message AccessProtocol, version 4) employed by the UA. The Domino Mail Router acts as
both the MTA and MDA.
Message Delivery.The delivery of a message by the MDA to the UAs MS.
Local Message Store (LMS). The UA may have a local message store formessages downloaded from the MS. For a POP3 client, messages are
downloaded (and removed from) the server to a local store. For a mobile
Notes user, messages are replicated to a local replica copy of the usersMaildatabase.
Message Queue (MQ). A database used by the MTA that temporarily storesincoming and outgoing messages. Incoming messages may be transferred
from UAs or other MTAs. Outgoing messages may be transferred to other
MTAs or delivered to the MS. Mobile Notes users have a localMail Boxdatabase (MAIL.BOX) that holds sent messages until reconnected to
Domino, at which time the messages are transferred to the serversMail Boxdatabase.
8 Topic 1: Mail Overview
8/12/2019 8.51 MailAdmin
9/75
Directory. Used by the MTA to determine where to transfer or delivermessages in the MQ. Also used to determine the user MS if the message is to
be delivered to that server. Domino uses its ownDomino Directorydatabasefor both routing and delivery. Two directories are used for Internet mail:
the Internets global Domain Name Service (DNS), a distributed databaseof name-to-IP address mappings (MX records) to find MTAs in other
Internet domains
a directory used to find users in the domain, often accessible via theLDAP protocol (Lightweight Directory Access Protocol).
Mail Transfer Protocol. The syntax and commands exchanged between theUA and MTAs and between MTAs. Relies on underlying network protocols,
such as TCP/IP, to transport the higher-level protocol and message content.For Internet mail, the protocol to transfer messages from the UA to the MTA
and from MTA to MTA is SMTP. For Notes Mail, the protocols aregenerically referred to as Notes Remote Procedure Call (NRPC).
Mail Delivery Protocol. The protocol used by the MDA to deliver themessage to the users MS. There are no standards for this protocol, as it
depends on the type of MS being usedit can be anything from a text file toa high-end RDMS. For Domino, delivery is via NRPC to a Domino database
assigned to each user.
Mail Access Protocol. The protocol used to read and/or download messages
from the MS on the MDA. The download protocol for UAs to downloadmessages for reading is either POP3 or IMAP4, and NRPC for Notes.
Topic 1: Mail Overview 9
8/12/2019 8.51 MailAdmin
10/75
Recipient Address. The basis for any message transfer and delivery systemis the recipient address. Addresses are protocol-dependent, for example:
For NRPC routing within a Domino Domain, the address is any value
found in the Persondocument FullName(User name) or ShortName
fields.
For NRPC routing to another Domino Domain, the person name plus
@domainname is specified, for example, Joe Smith@GlobalUS. If there
are intermediary Domino Domains through which the message must be
routed to reach the recipient domain, those domains can be appended, for
example,Mary Jones@GlobalUS@GlobalInt. The address is read from
right to left by the Router as the message is transferred to the next
Domino Domain found in the recipient address until it arrives at theusers own Domino Domain. Youll see below what happens next.
For SMTP routing, the address is the user name (no spaces) plus thedomain name and domain class, for example, [email protected]. If
there are IP subdomains, they can also be included, for example,
[email protected]. Unlike NRPC routing, subdomains
are not intermediary domains through which the message must route. All
message transfers directly to that subdomain. If routing to a Notes userwho has not been assigned an Internet address, any spaces in the name
can be substituted with underscores, for example,
Because address accuracy is absolutely essential, the directory is often made
available to users to help select addresses of users within the domain ratherthan having to type them from memory. Notes goes one step further and
prevents users from sending a message to an unknown user within the
domain. All UA software also provides a personal directory so users canstore their own list of valid recipient addresses.
10 Topic 1: Mail Overview
8/12/2019 8.51 MailAdmin
11/75
NRPC message flow
This diagram shows the message flow using NRPC with the Notes UA and theDomino MTA:
Notes
Domino
Router
NRPCand/or
SMTP
NotesNRPC
and/or
SMTP
LAN
WAN
InternetNRPC
MAIL.BOXMAIL.BOX
User Mail.NSFUser Mail.NSF
Replica Mail.NSFReplica Mail.NSF
MAIL.BOXMAIL.BOX
Domino
Router
Domino DirectoryDomino Directory Domino DirectoryDomino Directory
User Mail.NSFUser Mail.NSF
NRPC
This table describes the steps of the message flow using NRPC with the Notes UA
and the Domino MTA:
Step Action
1 The UA is Notes, which is used to create the message and transferthe message to the MTA, which is the Domino Server.
This example starts with a message originating from a LAN-connected client.
2 The message is transferred via NRPC to the Domino Server (MTA).
Note:While NRPC is most typically transported by TCP/IP, it can
also be carried by any of the other network protocols supported by
Domino/Notes as well.
3 The message is written to the MQ, which is theMail Boxdatabaseon the server.
Note: This database ACL -Default- access is set to Depositor sousers can deposit messages but cannot read any of the messages
waiting for delivery.
Topic 1: Mail Overview 11
8/12/2019 8.51 MailAdmin
12/75
Step Action
4 By default (can be changed under user preferences or on a per-
message basis), the message is also saved in the sendersMaildatabase (MS) on the users Home/Mail server for later reference.
The per-user database architecture of Notes Mail is considered one
of the most reliable in the industry, being far more fail-proof than
use a single MS database for all users.
5 The Router server task uses theDomino Directoryto determinewhere to transfer the message. If the destination Domino Domain is:
the same as the servers, the Router looks up the recipientsPersondocument in theDomino Directoryto find the recipientsHome/Mail server name
in another Domino Domain, the Router looks up the Connectiondocument to a Domino Server in that other Domain.
6-9 If the message is destined for a user on the same Home/Mail Serveras the sender, the Router delivers it immediately. Otherwise, the
Router copies the message out of the localMail Box and writes it tothe remoteMail Boxdatabase on the target Domino Server using theNRPC protocol.
If successful, the Router then deletes the message from the local
Mail Boxdatabase.
10 The Router server task uses theDomino Directoryto determinewhere to transfer or deliver the message. If the recipientMaildatabase is on:
the same server, the Router looks up the recipients Persondocument to find theMail database file name
another server in the same Domino Named Network, the Routerimmediately transfers the message to that server via NRPC
another server in a different Domino Named Network, the Router
looks up the Connectiondocument to a Domino Server in thatother Domino Named Network and transfers the message viaNRPC when the connection conditions come true (number of
messages or scheduled).
Whether for message transfer or delivery, the Router stamps its
name and the current date/time that it handled the message.
12 Topic 1: Mail Overview
8/12/2019 8.51 MailAdmin
13/75
Step Action
11 The Router checks any user mail rules that may delete or modify the
message. If not, the Router copies the message out of its localMailBox and writes it to the usersMail database (MS) using the NRPC
protocol.
The Router deletes the message from its localMail Boxdatabase.
12 The Notes UA is used to read the message from the server copy of
theMaildatabase. This is just like reading any other Dominodatabase.
The message is retained in the usersMaildatabase (MS) on theserver until explicitly deleted by the user (or archived to another
database via an agent running in theMaildatabase).
13 A mobile Notes user may also have a replica copy of theMaildatabase on the local hard drive, in which case incoming messages
are added to the local LMS (for offline reading) via replication (and
NOT via message transfer).
Note: The model used by Lotus iNotes access is almost identical to that used by
Notes. The differences are in:
Step 1, where the message is created using an HTML form run in thebrowser and when submitted is handed from the Domino Web server task to
theMail Boxdatabase for delivery or transfer.
Step 12, where users read their messages rendered in HTML by the Domino
Web Server task from theMail databases using a browser.
Topic 1: Mail Overview 13
8/12/2019 8.51 MailAdmin
14/75
SMTP message flow
This diagram shows the message flow using the SMTP protocol with an InternetUA and MTAs:
UA
MTA
SMTP
UAInternet
MQMQ
MSMSLMSLMSMQMQ
DNSDNS DirectoryDirectory
22
LMSLMS
11
MTA
MDASMTP SMTP
POP or
IMAP
This table describes the steps of the message flow using Internet mail protocols
with an Internet UA and MTAs:
Step Action
1 The UA is used to create the message and includes the software to
initiate the lookup of the MTA IP address in the DNS and transferthe message to the MTA.
2 The message is transferred to the MTA via SMTP.
Whether for message transfer or delivery, the MTA stamps its nameand the current date/time that it handled the message to the email
header.
3 The message is written to the MQ, which could be a text file or arelational database.
4 By default, the message is also saved to a local message store
(LMS) on the UA.
14 Topic 1: Mail Overview
8/12/2019 8.51 MailAdmin
15/75
Step Action
5 The sending MTA looks at the recipient address to find the
destination domain.
The sending MTA sends the domain name to the Domain NameService (DNS), the DNS finds an MX Record (Mail Exchange) for
an MTA in the destination domain, and the DNS returns the IP
address of the highest preference recipient MTA to the sendingMTA.
The sending MTA initiates a TCP/IP connection to the IP address ofthe recipient MTA.
6 - 7 A SMTP connection request is made to the receiving MTA.
8 The receiving MTA responds to the connection request and the
sending MTA sends the message header to the receiving MTA.
9 If the message is accepted by the receiving MTA, the sending MTAtransfers the message contents (using the DATA command).
When the transfer is complete, the receiving MTA acknowledgesreceipt and waits for another message transfer or disconnect.
10 The MTA then uses its local directory (not DNS) to determine
where to transfer or deliver the message inside the domain. If therecipientMaildatabase is on:
the same server, look up the recipients mail account name tofind the users Message Store (MS) database file name
another server in the same domain, transfer the message to that
server via SMTP.
11 Copy the message out of the local MQ to the usersMaildatabase(MS) using an internal database procedure call.
Delete the message from the MQ.
Topic 1: Mail Overview 15
8/12/2019 8.51 MailAdmin
16/75
Step Action
12-
13
If the UA is using POP3, it contacts its MDA (in this case a POP
mail server). The MDA uses an internal database procedure call to
retrieve the message from the MS and allows the UA to move the
message to its LMS.
If the UA is using IMAP4, the user has the choice of downloading
the message to the LMS or reading (and leaving) the message on theserver.
Note:Some UAs using POP3 also allow you to leave the messageson the server, but with limitations solved by IMAP4. The
distinctions between these two protocols will be described in a later
Topic.
Domino mail clients
Once a message has been routed to the users Home/Mail server and delivered to
the usersMaildatabase, it is now up to the UA to access the message for reading.
There are four types of UAs (covered in this course) that can access a Maildatabase on a Domino Server:
Mail.NSF
Domino
Server
Notes
Client
Internet MailClient
Web
Browser
iNotes
NRPC
POP or IMAP
HTTP
SMTP
Outlook
Client
NRPC
Domino supports these UA clients (and associated mail access protocols):
Notes. Notes users can, of course, use native NRPC to access theirMail
databases on the Domino Server.
16 Topic 1: Mail Overview
8/12/2019 8.51 MailAdmin
17/75
8/12/2019 8.51 MailAdmin
18/75
License implications
Just a quick note about licensing. Lotus charges a Client Access License (CAL)fee for users who are listed in theDomino Directoryfor mail access, regardless of
protocol or mail client used. There is also a enterprise CAL, which includes bothgeneral database access as well as mail access to the server.
Note:For the latest license information see http://www-
01.ibm.com/software/lotus/notesanddomino/clientpackaging.html.
Choosing a mail protocol
While the users location and connectivity capabilities usually determine the most
appropriate mail client, there are a few protocol-dependent issues that determine
which client can be used.
Which should you use? Consider these points when making a decision:
You cannot use NRPC to transfer messages to Internet mail servers expecting
SMTP. You MUST enable SMTP to send/receive messages from Internet
mail servers.
You can use the Internet as a Virtual Private Network (VPN) using NRPC totransfer messages to other Domino Servers in your Domino Domain or to
other Domino Domains, either directly or via a third-part mail intermediarythat routes NRPC, such as Lotus Support (http://www-
306.ibm.com/software/lotus/support/lnn/), 4T Domino
(http://www.4tdomino.com/), or NaviSite(http://messaging.navisite.com/ManagedLotusDomino.shtml). You can
encrypt packets between Domino Servers using an encryption key created as
a by-product of authentication to ensure secure transmission (this is on top of
any encryption and digital signing that Notes may use).
Even if transferring messages destined for Internet addresses using SMTP,
there are advantages to using NRPC for server-to-server transfers inside yourDomino Domain (or to other Domino Domains). NRPC is a guaranteed
messaging system built on an internally managed, replicated directory.
Domino Administrator includes a number of tools to troubleshoot failuresand bottlenecks, including message trace, load balancing, statistics and eventhandlers, and Domino Domain Management probes.
18 Topic 1: Mail Overview
http://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.htmlhttp://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.htmlhttp://www-306.ibm.com/software/lotus/support/lnn/http://www-306.ibm.com/software/lotus/support/lnn/http://www.4tdomino.com/http://messaging.navisite.com/ManagedLotusDomino.shtmlhttp://messaging.navisite.com/ManagedLotusDomino.shtmlhttp://www.4tdomino.com/http://www-306.ibm.com/software/lotus/support/lnn/http://www-306.ibm.com/software/lotus/support/lnn/http://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.htmlhttp://www-01.ibm.com/software/lotus/notesanddomino/clientpackaging.html8/12/2019 8.51 MailAdmin
19/75
When using the Internet mail and directory protocols, you are relying on theDNS servers on the Internet (or Internal DNS for internal message routing) to
find an MX record for the destination Internet domain. When using NRPC(whether over the Internet or not), you are instead relying on the
configuration in your own DominoDirectory (and possibly though not
necessarily using the DNS for the destination servers IP address). Who doyou trust more to guarantee service?
Network design
The diagrams shown in this course are functional diagrams that show the flow of
messages through various systems.
They dont tell you much about how to design your network or how to connect
your network to your corporate WAN or to the Internet. Network design that
balances the sometimes-contradictory goals of throughput, resilience, and securityis as much science as magic.
Though beyond the scope of this course, we do have a few comments andrecommendations about network design:
Domino (as a mail server) can be used in any network design from the very
simple single server connected directly to the Internet to the most complex
multi-tier, global network.
For more information about how to place Domino in large networks, the bestresource is the two-part article, Using Notes/Domino SMTP with a DMZavailable at www.ibm.com/developerworks/lotus/library/smtp-dmz1andhttp://www.ibm.com/developerworks/lotus/library/smtp-dmz2/.
Notes and Domino are extremely well equipped with respect to messaging
security at all points, such as public/private key authentication of users andservers, network packet encryption, message encryption/digital signatures
using both proprietary and standards-based technologies, server and database
access lists, Notes Execution Control Lists, etc. All these securitymechanisms are integrated and easily managed with Domino Administrator
and the Administration Process task. You will see many of these mechanismsdescribed in this course.
With respect to message transport security, Domino includes an array of
mechanisms to help prevent everything from denial of service attacks to
spoofed addresses to spam. You will see how to configure these mechanismsin this course.
Topic 1: Mail Overview 19
http://www.ibm.com/developerworks/lotus/library/smtp-dmz1http://www.ibm.com/developerworks/lotus/library/smtp-dmz2/http://www.ibm.com/developerworks/lotus/library/smtp-dmz2/http://www.ibm.com/developerworks/lotus/library/smtp-dmz18/12/2019 8.51 MailAdmin
20/75
The most important thing we can stress is that in spite of Dominos strengthswith respect to messaging security, there are far better products that you
should use as your front-line defenses against network attacks, mailedviruses, spam, phishing, zombie relays, employees leaking company secrets,
employees deleting messages that must be kept for legal purposes, and a host
of other perils and challenges related to messaging. It is critical that youemploy a multi-layered approach to messaging security, with Domino as the
lastdefense and not the first or only defense.
20 Topic 1: Mail Overview
8/12/2019 8.51 MailAdmin
21/75
Topic 2: NRPC Message Transfer and Delivery
Key points
This Topic builds on the basic concepts of NRPC as the message transport and
delivery protocol you learned in the previous Topic.
Key to NRPC message routing is the grouping of servers and users into a Domino
Domain. All nodesservers and usersare defined in theDomino Directoryforthat particular Domino Domain.
This Topic also looks at the internal fields of a message routed via NRPC.
Protocol independence
NRPC message routing was designed to operate on any network protocol.
Depending on the computing platform, NRPC was originally created to run over
NetBEUI/NetBIOS, NetBIOS over IP, NetBIOS over IPX, SPX, SPX II,
AppleTalk, TCP/IP, TCP/IP IPV6, and network type (LAN, Internet, WAN,MAN, etc.). This network protocol and type independence has allowed mail to
work even if the network is made up of a mixture of protocols with minimal or no
dependence on external directories, such as DNS, in order to work properly. Allthat is necessary is a Domino Server that is connected to the network and
configured to use one or more network protocols.
In practice, however, most operating systems and networks today run only
TCP/IP, so most new Domino/Notes installations only run TCP/IP (and TCP/IP is
the only protocol supported between Domino Servers in a Domino Cluster).
Note: Starting with Domino/Notes 8.5, the proprietary X.PC used by Notes
Direct Dialup is no longer supported and the \modemsdirectory is not installed.
So if you rely on X.PC you cannot upgrade to 8.5.
Think Domino
When configuring mail to run on Domino Servers using NRPC, you need to focus
your thoughts on the Domino-think world, for example:
domain means the Domino Domain defined in theDomino DirectoryNOT the IP domain or a Windows domain
directory is theDomino Directorydatabase and associated servicesNOTDNS or LDAPwhich means that you have total end-to-end control over the
entire system without having to rely on outside parties or other servers
Topic 2: NRPC Message Transfer and Delivery 21
8/12/2019 8.51 MailAdmin
22/75
network is a Domino Named NetworkNOT the underlying physicalnetwork or network protocols
connection is a Connectiondocument defined in theDomino DirectoryNOT any record you will find in the DNS.
Domino Domain
If a group of servers and users are all defined in the same Domino Directory, theyare in the sameDomino Domain. The domain name is used:
for Notes Mail message routing between Domino Domains
to uniquely identify the Notes installation at a particular company.
As it is replicated to all servers, theDomino Directoryis what servers use to make
decisions regarding message transfer and delivery, identifying how to find:
other Domino Domains or Internet domains to transfer messages not
addressed to users within the domain
the Home/Mail server of a recipient
theMaildatabase name of a recipient.
The server finds its Domino Domain name when it starts from the Domain=
variable in theNOTES.INI. This was defined during Server Setup.
The Domino Domain is also required in the Serverdocument so that it can locateother configuration documents:
Note:SearchLotus Domino Administrator Help for Ensuring DNS resolves inNRPC -- Best practices to see why the Servers common name (e.g. HUB)
should be the same as the servers name in DNS (e.g. hub.teamapps.com) andhave an A record linking the entry to a numeric IP address, and how the NET
Address field in the Server document should match as well (e.g.hub.teamapps.com). But remember again that the IP domain name, while it may
be the same as the Domino Domain name, serves a different function.
22 Topic 2: NRPC Message Transfer and Delivery
8/12/2019 8.51 MailAdmin
23/75
The Domino Domain name must also be used on any Connectiondocumentsbetween servers in two different Domino Domains (or between two servers in two
different Domino Named Networks in the same Domino Domain):
Later in the course you will create Connection documents for mail routing andwill also review inter-Organization authentication using Cross Certificates and
server security that was covered in theLotus Domino Administration Basicscourse.
Domino Named Networks
Servers in the same virtual location (having the ability to communicate
continuously on the same LAN/WAN) using the same protocol canbe defined inthe sameDomino Named Network. Being in the same Domino Named Networkmeans that the server can connect to any other server in the Domino NamedNetwork using a common network protocol without having to establish a dial-up
connection.
This diagram shows a Domino Domain with a single Domino Named Network:
Domain=TeamApps
TCPIP HQ
Servers in the same Domino Named Network can:
all be seen by Notes users whose Home/Mail server is also in the Domino
Named Network in the Open Database dialog box
Topic 2: NRPC Message Transfer and Delivery 23
8/12/2019 8.51 MailAdmin
24/75
exchange messages automatically and immediately without furtherconfiguration.
To see the networks, open theDomino Directoryto theNetworksview or expandNetworksin Domino Administrator:
This Navigation Pane shows several Domino Named Networks, including TCPIPHQ, which is expanded to show several servers HUB, Magic, Mirage, etc. The
key on the icon for Magic means it is the Administration Server for theDominoDirectory.
The Domino Named Network name for a server is defined in its Serverdocumenton the Ports Domino Named Network Portstab (under Notes Network, thelegacy name for Domino Named Networks):
Unlike Domino Domain names, which should be unique between companies,Domino Named Network names are only used internally by the servers to develop
routing tables between servers in the same Domino Domain.
24 Topic 2: NRPC Message Transfer and Delivery
8/12/2019 8.51 MailAdmin
25/75
Since users never see Domino Named Network names, they do not have to be
user-friendly. You should code the name to include any administrator-helpful
information, such as a physical location and/or protocol.
Note:The Net Addressfield contains the protocol-specific address that other
servers and Notes clients use to locate the server on the network. In a TCP/IPnetwork, this is the fully qualified Internet host name (e.g.,
hub.teamapps.com).Though they serve different purposes, in a TCP/IP
network this address is typically the same as the one specified in the Fullyqualified Internet host namefield on the Basics tab, for example:
Note:The first server you set up in your Domain will automatically be defined
as having the Domino Named Network name, Portname + Network, for
example, TCPIP Network. For additional servers, however, you must manually
enter the name in the Serverdocument after registration but before setting upthe additional server. If the additional server is in the same Domino Named
Network, specify the exact same name when you set it up.
Multiple Domino Named Networks
If you have a network that uses different protocols or in which servers are
connected only via modem, you must create multiple Domino Named Networks.
This diagram shows three Domino Named Networks within the TeamApps
domain:
Domain=TeamApps
TCPIP HQ
TCPIP NY
TCPIP LA
Topic 2: NRPC Message Transfer and Delivery 25
8/12/2019 8.51 MailAdmin
26/75
Two servers belong to TCPIP HQ because they both support TCPIP and
communicate on the same LAN. When users at the home office use the OpenApplication dialog box, they see both servers.
The other servers belong to their own Domino Named Networks. Users only seeone server at those locations when they use the Open Application dialog box.
Keeping the servers in separate Domino Named Networks encourages users to usetheir local server, which frees up bandwidth on slow leased lines for intra-server
communication (message routing and replication).
If users know the name of a server in another Domino Named Network, they can
still enter its name into the Serverfield in the Open Database dialog box. Once aBookmark is created or database icon is added to the workspace, of course, theuser no longer needs to remember the server name. (This assumes, of course, that
the Server Access List allows users from other Domino Named Networks to open
a server.)
Multiprotocol servers
Servers supporting multiple protocols are members of multiple Domino NamedNetworks. This diagram shows a multiprotocol Domino Server that belongs to
two Domino Named Networks:
Domain=TeamApps
NetBIOS HQ
TCPIP NY
TCPIP HQ
The multiprotocol server, running both NetBIOS and TCP/IP, is responsible forreplication and message routing between the Domino Named Networks.
Because the two Domino Named Networks intersect at one server, Notes Maildelivery between the two Domino Named Networks through the multiprotocol
server is automatic and does not require further configuration (no Connectiondocuments are required). A Connectiondocument isrequired, however, formessage routing between the server in the TCPIP NY Domino Named Networkand a server in TCPIP HQ. In this example, because the servers in NetBIOS HQ
and TCPIP NY do not have a protocol in common, they must route messages and
replicate indirectly via a server in TCPIP HQ (or you could configure a server inTCPIP HQ as a Passthru Server).
26 Topic 2: NRPC Message Transfer and Delivery
8/12/2019 8.51 MailAdmin
27/75
NRPC routing
The placement of Domino Servers into Domino Named Networks and Domino
Domains affects message routing.
This diagram shows the major components and message flow of the Notes Mailsystem architecture (assuming a LAN-based Notes user and NRPC routing):
Client Mailer
sends/saves memo
Memo saved
to User Mail File
Router polls
MAIL.BOX
Memo deposited
in MAIL.BOX of
Home/Mail Server
Instant delivery
if on same server
Instant transfer to
another server's
MAIL.BOX if in the same
Domino Named Network
Scheduled/Triggered
transfer to
another server'sMAIL.BOX if in another
Domino Named Network
or Domino Domain
Using Serverand Connectiondocuments, each Router independently builds arouting table of least hop-count paths to all servers in its own Domino Named
Network and to those in other Domino Named Networks and Domino Domains
that require more information to successfully transfer messages (via Connectiondocuments).
When a message is found inMAIL.BOX, the dispatch thread:
immediately delivers the message if on the local server (uses Persondocument information to look up the users Home/Mail server name andMaildatabase file name)
immediately transfers the message if the other server is in the same DominoNamed Network
waits for the Connectiondocument schedule/threshold to come true andhands the message over to the appropriate transfer thread for transfer out of aspecified port to another Domino Named Network or Domino Domain.
The process repeats at each server hop until the terminal destination Home/Mail
server delivers the message to the usersMail database.
If the message calls for a Delivery Confirmation or Return Receipt, the process is
reversed and the sender is sent the confirmation or receipt. The specific path of
servers may or may not be the same.
Topic 2: NRPC Message Transfer and Delivery 27
8/12/2019 8.51 MailAdmin
28/75
Note:If you are routing messages to another Domino Domain, be aware that
you can only configure the routing of messages to a point server in the other
domain. It is up to the administrators in the other Domino Domain to configurerouting withinthe domain and to configure routing back to a point server inyour domain. You will configure inter-domain routing in a later Topic.
Router task
NRPC message routing (transfer and delivery) is handled by the Router server
task. This multi-threaded task is started when the server starts as a result of being
listed in the ServerTasks=variable in theNOTES.INI, for example:
ServerTasks=Replica,Router,Update,Stats,AMgr,Adminp,
The Router task should also be enabled in the Routing taskfield in the Serverdocument:
In a single server environment, or if all servers are in the same Domino Named
Network (and have the Router task running as shown above by selecting MailRouting), there really isnt much else you need to do to establish basic NRPC
email within your domain.
The Router makes its decisions about where to transfer or deliver a message based
on information found in the:
incoming or outgoing message SendTofield (and possibly CopyToandBlindCopyTofields)
28 Topic 2: NRPC Message Transfer and Delivery
8/12/2019 8.51 MailAdmin
29/75
Domino Directoryhidden views (primarily $Users, which selects Person,Group,Mail-in Database, and Certifierdocuments):
The first step in processing a message is to parse the address following @ to find
the domain name (Domino or Internet). The Domino Domain is specified in theServerdocument (as well as in theNOTES.INI), so this is easy to find.
Assuming that the message is addressed to this domain, look up the address in the$Users view. If a match is found, use theMailServerandMailFilevalues to movethe message from theMAIL.BOXto the usersMaildatabase (the database locationis specified in each users Persondocument) for delivery or to another servers
MAIL.BOX for transfer.
Router task functions
With no additional configuration the Router task performs these functions:
transfers messages simultaneously out multiple LAN ports
employs multiple transfer threads to the same target server so large messages
dont impede smaller messages destined for the same server
determines when to deliver messages based on message delivery priority andqueues large messages to be transferred or delivered off-hours
sends delivery failure messages and return receipts back to senders
marks undeliverable messages as dead if there is no connection or route
found back to sender to return a delivery failure and stores them inMAIL.BOX
for administrative action
logs its actions and maintains a full complement of performance statistics.
Topic 2: NRPC Message Transfer and Delivery 29
8/12/2019 8.51 MailAdmin
30/75
With very little additional configuration, the Router also performs these functions:
determines the next server hop in a computed shortest path when there area number of Connectiondocuments in the sameDomino Directory
has a limited ability to route around unsuccessful connections and recover tothe normal/preferred route when the connection is restored
generates events that can be handled by the Event task and responds toDomino Domain Monitoring messaging probes
monitorsMaildatabase size using quotas and optionally restricts additionalmessages from being created until the size is reduced.
As the course progresses, you will learn how to configure these and other Routertask functions.
Exercise: Test message delivery
Follow these steps to test the delivery of messages on a single server (which is bydefault in a single Domino Domain and single Domino Named Network):
Step Action
1 Make sure your Domino Server is running and the Server Console isshowing.
2 Work in Notes.
3 Press Ctrl+Mto create a new message.
4 Because there is only one Notes user (you) in your Domino Domainand you do not yet have Connectiondocuments to other Domains,address the new message to yourself.
5 When you send the message, watch the Server Console messages on
the server.
6 Press F9to refresh yourInboxview to find the message youreceived.
7 As an experiment, try sending a message to this user:
Fake User
What happens at the client? At the server?
30 Topic 2: NRPC Message Transfer and Delivery
8/12/2019 8.51 MailAdmin
31/75
Step Action
8 Try sending a message to this user:
Fake User@FakeDomain
This is a Notes users address in another Domino Domain name.
What happens at the client? At the server?
9 Try sending a message to this user:
Notes interprets this as an Internet address because the domain name
(anything after the @) has a period in it. What happens at the
client? At the server?
10 Open theNotes Logdatabase on the Domino Server. Switch to theMail Routing Eventsview.
Open up theLogdocument(s) for today and find the events relatedto your mail activity.
11 Working at the Server Console (or in the Remote Server Console),
enter these commands one at a time:
>tell router delivery stats>tell router show queues
12 Or, from the list of Server Tasks in Domino Administrator, right-
click the Router task and choose Tell Taskto select the samecommands:
The output displays delivery statistics and information aboutmessages held in the transfer and local delivery queues.
Topic 2: NRPC Message Transfer and Delivery 31
8/12/2019 8.51 MailAdmin
32/75
Message document internals
Open yourInboxand right-click a message you have received. Choose DocumentPropertiesand click the Fieldstab to expose the internals of the message
document:
Most of the fields have been added by the Notes Mailer user (such as SendTo,Subject, andBody), but some are added by Notes as part of the form design, andothers by the Router as it processes the message document.
The standard fields (for both Notes and Internet mail) that make up a message
document are the SendTo, Subject, andBodyfields (if the message is long, therewill be more than oneBodyitem listedall of the items are put together whenreading the message). Additional addresses are stored in CopyToandBlindCopyTo(if used).
The Fromand FromDomain(if from a different Domino Domain) fields tell youwho sent the message.
The PostedDatefield indicates when the user sent the message, while theDeliveredDateis when the Router wrote the document to the userMaildatabase.
RouteServersandRouteTimesare multi-value fields that collect all of the Routernames that handle a message. Since you have only seen delivery on a singleserver, you will only see one server name and a single timestamp pairing. When
you route a message between Domino Servers, you will see all of the names here.
32 Topic 2: NRPC Message Transfer and Delivery
8/12/2019 8.51 MailAdmin
33/75
To see the internals of a message document a bit more clearly, open the message
you received and click the More action button and chooseDelivery Information.
The Delivery Information dialog box opens:
The Delivery and Routing Informationfield shows the PostedDateandDeliveredDatefields; scroll down to see theRouteServersandRouteTimesinformation.
As you may suspect, the Delivery Optionsand Importancefields are also storedin various fields in the message document.
The time and date stamps can be seen on the Document Infotab in Document
properties.
Since the server wrote the document to yourMaildatabase, it is listed as the lastmodifier.
Topic 2: NRPC Message Transfer and Delivery 33
8/12/2019 8.51 MailAdmin
34/75
The first two lines on the last tab shows the Universal Note ID (UNID) of the
message document that was sent; the UNID uniquely identifies a document:
When the Router logs its transfer and delivery actions in theDomino Server Log(LOG.NSF) database, it records only the last eight characters of the UNID:
When written to the recipientsMail database, the UNID will typically stay thesame (unless there happens to be a duplicate, in which case a new, unique UNID
is assigned), so you can, if necessary, track the message down in the logs ofservers listed in theRouteServers field and also compare the message in thesenders and recipientsMail databases. (You will do this later in the course.)
The DB identifier will always change in the recipient copy of the message
document to match the Replica ID of the recipientsMail database.
Note:For more information about document identifiers, read the Lotus Support
document, What Are the Components of a Note ID?found athttp://www.ibm.com/support/docview.wss?rs=899&uid=swg27002668 .
34 Topic 2: NRPC Message Transfer and Delivery
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27002668http://www.ibm.com/support/docview.wss?rs=899&uid=swg270026688/12/2019 8.51 MailAdmin
35/75
Topic 3: Notes Configuration
Key points
There are a number of options with respect to how Notes sends and receives
messages, but there are really only a few basic settings that control how Notesinteracts with the Domino Server with respect to email. The settings answer these
questions:
What is required for the user to create a new message from anywhere inNotes?
How is the message content formatted for the recipient (Notes Rich Text or
MIME)?
What is required to send the message?
What is required for the Router to deliver messages to a usersMaildatabase?
What is required for users to read their messages?
Beyond these basic questions, all of the other configuration options are related tothe usability and add-on features of the UA itself.
Another fundamental question is how users address their messages. This is
covered in a later Topic when we discuss directories.
Note: We can assume in this Topic that:
Notes is connected to the Domino Server on a local area network
the users Notes ID has been certified or cross-certified by a Certifier ID inthe servers Organization so authentication is possible (User ID is not locked
out due to incorrect password)
the user is allowed to access the server (is represented in the Server AccessList in Server document, is not in any Deny Access group, and is in noother way blocked from accessing the server)
the -Default- access ofMAIL.BOXon the Domino Server is Depositor (this
prevents users from reading or tampering with other users messages)
the user has at least Editor access to his/herMail database.
Topic 3: Notes Configuration 35
8/12/2019 8.51 MailAdmin
36/75
Create message
What is required for a user to create a new message anywhere in Notes?
Before answering this question, it is important to remember that Notes knowswho the current user is, and the users currentLocationname from the Notes UserID file name specified in theNOTES.INIvariables Keyfilename=and Location=.
With these two pieces of information Notes learns from the currentLocationinthe local Contactsthat the usersMail database is on a Domino Server (Locationdocuments are used by both the Notes Basic and Standard configurations; thesecond image is from Preferences in Notes Standard configuration which is just a
different UI but with the same settings):
TheMail database name and Domino Domain name are specified; the user hashis/her own database (the .NSFextension is optional), which exists on the
Home/Mail server.
The Home/Mail server on which the usersMail database resides is specified onthe Servers tab in theLocation document using the fully distinguished name, forexample:
When the user creates a new memo (presses Ctrl+M, clicks the Newbutton onthe Mail bar on the Basics Home Page, opensMail and clicks the New actionbutton, or chooses Create Mail Message anywhere outside ofMail), theMemoform from the specified database (mail\psmith.nsf) on the specifiedserver (Magic/TeamApps) is opened.
36 Topic 3: Notes Configuration
8/12/2019 8.51 MailAdmin
37/75
If the:
Mail filefield does not specify a valid path and file name on the Home/Mailserver (or on the local hard drive if configured for Local mail), the Create -
Mail menu will display (None Available) .
Mail file locationfield is set to Local, then theMaildatabase must exist onthe local hard drive (ideally in the same subdirectory structure as on the
server).
Otherwise because the user has Editor+ access to the database and can create new
documents in it (both ACL settings), the new message opens.
Note:Locationdocuments can be keyed to the User ID on the Advanced Basicstab, so that the Home/Mail server,Maildatabase file name, and othersettings all switch based on the User ID currently active. This allows a singlecopy of Notes to be shared by multiple users by merely switching to another
location. For a more robust multi-user client, though, you should set up Notes to
run specifically as a multi-user client. TheLotus Notes Support course describeshow to do this.
Message format
Most modern email software (including Notes) allows you to send messages thatinclude formatted text and attachments. How the message content (theBodyfield)is formatted for a particular recipient depends on the recipient UA. If the recipient
UA is:
Notes, the message is formatted using the proprietary CD (Composite
Document) rich text structure, which offers the greatest fidelity and retains
special Notes features such as sections and Document Links
an Internet email client, the message is converted (as best as possible) fromthe CD format to MIME (Multipurpose Internet Mail Extensions), using
plain text, HTML, or both in the same message.
It is ultimately up to the Notes user to determine the message format, but Notes
can be configured to help in this effort. How does Notes know which format to
use, especially if sending the message to multiple recipients, some who use Notesand others who use an Internet email client?
Topic 3: Notes Configuration 37
8/12/2019 8.51 MailAdmin
38/75
The first thing Notes does is check theDomino Directoryfor the recipient; iffound, the recipients Persondocument specifies the preferred message format:
Thus, for recipient UAs that can interpret MIME (for all Internet mail picked upby POP and IMAP users), the Notes Mailer creates a version of the message that
uses MIME.
For recipients that can read only Notes Rich Text (Notes 4.x and prior), the Mailer
creates a version that uses the CD format.
If the setting is Keep in senders format, the message is sent using the field
definition in the mail template (which by default is the Notes Rich Text format). Itis then up to the recipients UA to convert theBodyfield format.
The recommended settings are:
Keep in senders format if the UA is Notes R5 or higher.
Prefers MIMEif the UA is POP3 or IMAP.
Prefers Notes Rich Textif the UA is Notes pre-R5.
38 Topic 3: Notes Configuration
8/12/2019 8.51 MailAdmin
39/75
If the recipient domain name has a period (meaning it is an Internet address), the
recipients format preference wont be found in theDomino Directory. Instead,the Notes Mailer looks to the currentLocationdocument for instructions on howto format messages bound for the Internet (the last field):
With the MIME Formatpreference set, all recipients outside the users Domino
Domain with Internet addresses will receive messages in the MIME format.
But wait, theres more! The User Preferences (File Preferences User
Preferences Mail Internet in Notes Basic configuration) determine whetherthe MIME is sent as HTML, reduced to text, or both (if the recipient mail client
supports HTML it will use the attachment; otherwise the text is used):
Topic 3: Notes Configuration 39
8/12/2019 8.51 MailAdmin
40/75
In Notes Standard configuration, choose File Preferencesto open User
Preferences. Then expand Mail\Internetto find the Internet mail formatsetting.
If set to Prompt when sending, the user is prompted when the message is
actually sent to select the format of the MIME encoded content:
It is up to the user to know the message format capabilities of the recipient UA.
Note: All the MIME recipients in a messagesAddressfields will be convertedto the same format. If you want to send a particular format to a particular
person, you will have to create another message. If some recipients are also
Notes users, the result is that you will possibly see two messages being
deposited inMAIL.BOXone for Notes Rich Text format, and one for MIME.
Submit message to recipient
What is required to enable Notes to send a message?
The fact that a particular message is saved to a users Maildatabase is a function
of that user:
having the rights in the ACL to author documents in that database
choosing to save the message when it was sent:
40 Topic 3: Notes Configuration
8/12/2019 8.51 MailAdmin
41/75
Note:User Preferences (Mail\Sending and Receiving) also determines if the
default button performs a Send & Saveor Send Only:
If the user opts to send the message, the message document is deposited in the
MAIL.BOXdatabase on the Home/Mail server specified in the currentLocationdocument stored in the local Contacts.
Once the document is deposited to theMAIL.BOXdatabase on the server, it is up to
the Router task to poll that database for messages to transfer or deliver.
If the userMail database file location is set to Local(for mobile users), themessage document is saved to the localMAIL.BOXdatabase. When the user
schedules or forces a message transfer, the documents in the localMAIL.BOX
database are moved to theMAIL.BOXdatabase on the Home/Mail server.
Deliver message to user
What is required for the Router to deliver messages to a usersMaildatabases?
If a message originates from a Domino Server other than the users Home/Mailserver, the message is transferred by the server to the next hop on the way to the
users Home/Mail server using the same process of depositing the message into
the next serversMAIL.BOXdatabase, and if successful, deleting it from its own
MAIL.BOX.
When the message arrives at the recipients Home/Mail server, the Router
performs a lookup of the users name from a view of Persondocuments to findtheHome/Mail Serverfield to match. It then looks for theMaildatabase file name
and deposits the message into that database. If successful, the Router deletes thedocument from itsMAIL.BOXdatabase.
Again, how the message is stored depends on the recipients Persondocument,which specifies the preferred message format.
Topic 3: Notes Configuration 41
8/12/2019 8.51 MailAdmin
42/75
Read messages
What is required for a user to read messages using the Notes UA?
When the user clicks the Mailicon on the Home Page or clicks in NotesStandard configuration and chooses Mail(or any other ways to openMail), again,theLocationdocument is used to determine which database to open on thespecified Home/Mail server (or the Local drive).
User registration
Most of the Persondocument (in theDomino Directory) andLocationdocument(in the local Contacts) information for Notes Mail delivery is created as part ofuser registration and/or Notes setup; you do not generally have to create this
information manually.
User registration is covered fully in theLotus Notes Administration course, butlets review the mail-related aspects of registering a new user.
The Mailpage in the Register Person dialog box (with the Advancedcheck boxselected) is where you set the Home/Mail server, mail system type,Maildatabasedesign template and file name, and the ACL setting for the user:
42 Topic 3: Notes Configuration
8/12/2019 8.51 MailAdmin
43/75
This table describes the fields on the Mailtab:
Field Function
Mail system Choose from LotusNotes, POP, IMAP, or iNotes, whichall use a Notes database to store user mail.
If set to Other Internetor Other, a new field appears where
you can enter the users forwarding Internet or other mail
address (aMaildatabase will NOT be created for the user)so other users can address memos and send them via anMTA or gateway.
Choose Noneif the user doesnt need mail or you want to
configure it later.
Mail Serverbutton
The fully distinguished name of the Home/Mail server, forexample:
Mail Magic/TeamApps
The Home/Mail server performs several functions:
stores the usersMaildatabase
is responsible for running the Administration Process tomake any changes to theMaildatabase
using the list of servers in the same Domino NamedNetwork, presents the user with a list of servers in the
Open Database dialog box
serves as a network name resolver to help Notes findother Domino Servers if:
the server name cannot be resolved using protocol-
level methods or a numeric IP address is required
the server name is different from the protocol-specificname (such as the computer host name)
the server uses different common names in the ServerdocumentNet Addressfield; the Home/Mail serverpicks the correct name given the Notes protocol.
Topic 3: Notes Configuration 43
8/12/2019 8.51 MailAdmin
44/75
Field Function
Mail file
name
The path and database file name for the user. By default the
file name is created using the first letter of the users first
name and first seven characters of the last name.
If the directory does not exist, it will be added automatically
under the \DATAdirectory. You cannot, however, specify a
linked directory name here.
Note:For easier administration, you should always create
allMaildatabase files in a separate mail directory (ordirectories) under the data directory. The default is \MAIL.
Mail file
template
Unlike previous versions of Domino that had multiple mail
templates, now just the singleMail (R8.5) (MAIL85.NTF)
design template for allMailUA types (Lotus Notes,POP/IMAP, iNotes, and Domino Access for MicrosoftOutlook/DAMO).
If your company has created a custom template, you can
specify that template name instead of the default. You may,
for example, provide additional views and custom forms(employee reviews, travel authorization, timesheets, etc.), or
reduce the functionality to reduce the userMaildatabase filefootprint such as to remove the code if the user will neveraccess Mail with a browser.
Note:You will learn later in the course how to use acentral design and/or compress design elements to save
space.
Mail File
Replicasbutton
Allows you to create a replica of the userMaildatabase onmore than one server; typically when using DominoClustering,Maildatabases are stored on at least two serversin the cluster.
44 Topic 3: Notes Configuration
8/12/2019 8.51 MailAdmin
45/75
Field Function
Mail file
owner access
The setting the user has in the ACL. If set to:
Editor, users can delegate their Mail and enable the Out
of Officeagent. This is the recommended setting.
Designer, users also can change the design (and blockdesign updates) and create a full text index (if you dont
create it now). Generally not recommended.
Manager, users have complete control over theirMaildatabases, including the ability to change the ACL and
delete the database. NOT recommended!
Note:If you give Editoror Designer access, you (the
person registering the user) will be given Manager access
in the database ACL. Remember that Full Access
administrators can still control the ACL of any database.
Note:For users to delegateMaildatabase access, they mustalso be listed as Author in theAdministration Requestsdatabase (this may be accomplished with Default set to
Author or more likely the Organization, e.g., */TeamApps)
and given Author access.
Mail filemanager
Adds an entry to the ACL with Manager access if the userisnt set as Manager.
The idea is to have at least one person or group listed asManager, and if not the user, then ideally a group name of
trusted administrators responsible for managing userMaildatabases.
If the user is set to be Editor or Designer in the previous
field, the person doing the registration will be set asManager in the ACL unless this field contains a user or
group name, in which case that name will be set as Manager
to the ACL.
Topic 3: Notes Configuration 45
8/12/2019 8.51 MailAdmin
46/75
Field Function
Create file in
background
If you create theMaildatabase(s) now (option is notselected):
registration will take much more time
you must have physical connectivity to the Home/Mailserver(s).
If you let the Administration Process create the database(s)in the background (option is selected):
registration will go must faster
you dont need to have physical connectivity to theHome/Mail server if it is at a remote location
the Create Mail File Administration Request placed in theAdministration Process Requestsdatabase must replicateto the Home/Mail server and be processed before you can
set up the user.
Whether created now or in the background, you must have
the right to create databases on the Home/Mail server(s).
If you migrate users from other mail directories, you must
create theMaildatabases now.
Create full
text index
Allows users to quickly search their mail for words and
phrases. Keep in mind that full text indexes can be as large
as 75% of the database size.
We recommend that you create the index later using the
Database - Full Text Indextool in the Filesfunction tab in
Domino Administrator. This is actually a better way tocreate the index, as you can also set various options that
affect the search capability and index size.
Note: If you had set the user access level to Editor earlier,
the user will not have sufficient access to create the full textindex him/herself.
46 Topic 3: Notes Configuration
8/12/2019 8.51 MailAdmin
47/75
Field Function
Set database
quota/
warning
threshold
Specify the maximum file size of the usersMaildatabase. Ifusers exceed the quota, by default they can still receive mail
but cannot save mail until they delete existing messages.
Specify the warning level at which users are notified that
they are about to exceed their quota.
Note:You will learn how to set/reset quotas and how they
are enforced later in the course.
The Addresstab (also appears when you check the Advancedcheck box) lets
you add the users Internet email address and Internet domain to allow the user to
receive mail from the Internet addressed to them:
This table describes the fields on the Addresstab:
Field Function
Internetaddress
This is the email address of the user that is used when theMail Router routes mail from the Internet.
Tip: The Internet address will be created for you if you
leave this field blank, enter the Internet Domain on the right,and have selected an Address name format option and
Separator. You will see the address being built as you typein the Internet Domain name. If you type an address in theInternet Address field, however, your entry will override theauto-generated address.
Topic 3: Notes Configuration 47
8/12/2019 8.51 MailAdmin
48/75
Field Function
Internet
Domain
The registered Internet domain name used to send mail from
the Internet into your company. This name corresponds to one
or more MX records in the public DNS.
Address
nameformat/
Separator
Determines how a users name should be concatenated to
automatically create the Internet address.
Note:Once you decide on a particular format, you should
stick with it for all users, especially if they have advertisedtheir address. If you want to change the Internet Address
format later, you can do so using the Set Internet Address
tool in the People & Groupsfunction tab.
Tip:The default values for user registration fields can be set with an explicit orOrganizational Policydocument that is paired toRegistrationand SetupSettings. Then repeat the settings in theDesktop Settingspolicy so you candynamically reconfigure the user settings. TheLotus Notes 8 Administrationcourse describes how to do this.
Note: Domino Administrator also includes migration tools to move users from
cc:Mail, Exchange, Netscape Mail, Windows directory, or an LDIF file (the
result of an export from an LDAP directory). There are also third-partymigration tools that you can use to port email accounts and files to other clients
(e.g., http://www.binarytree.com/). Migrating from Exchange? See the still-
relevant IBM Redbook Migrating from Microsoft Exchange2000/2003 toLotus Notes and Domino 7 athttp://www.redbooks.ibm.com/redpieces/abstracts/sg247777.html?Open .
Exercise: Test message delivery
Follow these steps to show how settings in your Persondocument in theDominoDirectoryand yourLocationdocument in your local Contactsaffect your abilityto create, send, and read messages:
Step Action
1 Make sure your Domino Server is running and the Server Console is
showing.
2 Work in Notes.
48 Topic 3: Notes Configuration
http://www.binarytree.com/http://www.redbooks.ibm.com/redpieces/abstracts/sg247777.html?Openhttp://www.redbooks.ibm.com/redpieces/abstracts/sg247777.html?Openhttp://www.binarytree.com/8/12/2019 8.51 MailAdmin
49/75
Step Action
3 Open theDomino Directoryon your server.
Open theMessaging\Mail Usersview and determine your
Home/Mail server, Mail Address, and Mail File names.
This view (also available in Domino Administrator) gives you anoverview of users who have aMaildatabase file name listed byHome/Mail server.
This view is also helpful to ensure unique address and file names, as
well as to distinguish users who have been registered in theDominoDirectorybut who are not set up for mail.
4 Open your Persondocument in Read mode.
Click the Basicstab to see the information the server uses to delivermessages to yourMaildatabase.
Close the document.
5 Open theMessaging\Networksview and locate the Domino NamedNetwork that your Home/Mail server belongs to.
There is probably only one server in the Domino Named Network. Ifthere were more servers, messages would be instantly transferred to
those servers for delivery to users withMaildatabases on thoseservers.
6 Choose File Preferences - Location Preferencesto open yourcurrentLocationdocument.
Click the Serverstab. What is the name of your Home/Mail server?This should match what your Person document said.
Click the Mailtab. Where is yourMaildatabase located? Thisshould match what your Person document said.
7 Press Ctrl+Mto create a new message.
WhichMaildatabase is opened? (Use Databaseproperties toverify.)
What controls which database opens?
8 Address the new message to yourself.
Topic 3: Notes Configuration 49
8/12/2019 8.51 MailAdmin
50/75
Step Action
9 Send the message.
Which Home/Mail server is used when sending the message? What
controls which server is used?
10 Close yourMaildatabase.
11 Click the Mailbookmark.
WhichMaildatabase is opened? (Use Databaseproperties toverify.)
What controls which database opens?
50 Topic 3: Notes Configuration
8/12/2019 8.51 MailAdmin
51/75
Topic 4: Inter-Domino Named Network NRPC Routing
Key points
As you know, you do not have to configure message transfer between two
Domino Servers in the same Domino Named Network; the messages aretransferred and delivered immediately regardless of any delivery priority set by
the user. This Topic looks at message transfer using NRPC between two:
Domino Named Networks in the same Domino Domain
different Domino Domains.
The basic mechanism to enable inter-Named Network message routing is aConnectiondocument in theDomino Directoryon both ends (and any nodes
between), so that messages can route both ways.
When you need Connectiondocuments
If you only have a single Domino Named Network or never want to route
messages via NRPC to another Domino Domain, you do not have to create anyConnectiondocuments for message routing. Well look at an example of severalDomino Named Networks that are not connected. The Messaging\Mailfunction
tab in Domino Administrator shows the Mail Routing Topology by DominoNamed Networks:
Topic 4: Inter-Domino Named Network NRPC Routing 51
8/12/2019 8.51 MailAdmin
52/75
In this Domino Domain there are several Domino Named Networks. Within each
network, message routing to/from any server is automatic and immediate withoutrequiring any Connectiondocuments that specify message routing (you will stillneed Connection documents to schedule replication).
There will not, however, be any message routing (or replication) between the
Domino Named Networks without Connection documents defined.
Note: The topology map is rebuilt at 2 AM by the Maps Extractor server task.
After adding new Connection documents, you wont see the new topologymaps. There is no way to force it to update immediately. You can try starting
the Maps task manually using this Server Console command (use the liveconsole):
>load maps
Then restart Domino Administrator. But in most cases, you wont see new
drawings until tomorrow.
You can change the number of hours after the Map task starts that the maps are
rebuilt using theNOTES.INIvariable Topology_WorkInterval=#hours. The
maps will then be rebuilt every #hoursafterwards. SearchDomino 7
Administrator Helpfor details.
If you have a large multi-network or multi-domain enterprise, however, then you
will undoubtedly create and maintain manyConnection documents (typicallythrough one or more centralized Domino Servers acting as mail hubs).
The topology map, by the way, shows routing in the same Domino Named
Network (the legend for the topology diagram labels it Default Mail Routing) asa solid blue line between two servers.
Though none are shown in the topology above, explicit connections would be
drawn with a dashed red line. In this other example, Sea and Rock are in the same
Domino Named Network, whereas Rock and Hub are not but do have aConnection document defined:
52 Topic 4: Inter-Domino Named Network NRPC Routing
8/12/2019 8.51 MailAdmin
53/75
There are several other examples of message routing that may or may not require
Connection documents. If you route messages via:
SMTP to the Internet, you do NOT need Connectiondocuments unless youroute messages first to a mail hub (such as outside the firewall) that is
responsible for routing messages to the Internet
NRPC over the Internet, then you DO need Connectiondocuments (there areno MX records in the DNS that can be used for NRPC routing).
Two Connectiondocuments are needed
Two Connection documents are necessary to send and receive messages fromanother server in another Domino Named Network.
If you want to route messages:
between Domino Named Networks within your own domain, you mustcompose both Connectiondocuments in your domainsDomino Directory.
to other domains, you must create a Connectiondocument between oneserver in your domain (through your Domino Named Networks) to onepointserver in the other domain; the other domains Notes administrator is
responsible for creating a Connectionback to your domain.
Caution:Never create a Serverdocument in yourDomino Directory for anyDomino Servers outside of your Domino Domain. This will totally confuse the
Router.
Create Connection document
Connectiondocuments provide the Router with instructions on how and when totransfer messages to another Domino Server outside its own Domino NamedNetwork or Domino Domain.
Follow these steps to create a Connectiondocument relevant to message routing:
Step Action
1 Open the Configuration function tab in Domino Administrator.
Expand the Messaging item in the Context Pane and click
Connectionsto open the Connectionsview in theDominoDirectory.
Topic 4: Inter-Domino Named Network NRPC Routing 53
8/12/2019 8.51 MailAdmin
54/75
Step Action
2 Click the Add Connectionaction button.
A new Connectiondocument opens:
Connection documents are used to schedule message routing and/orreplication. In this course, we are only interested in routing, but you
would typically work on the schedule for both tasks in the same
Connectiondocument.
Note:Remember that because theDomino Directoryis replicatedto all servers in your Domino Domain, you can define the routing
topology and schedule for all servers in theDomino Directoryonone server and the Connection documents will eventually replicateto all the other servers.
3 Enter the field values (relevant to message routing) using thefollowing table.
54 Topic 4: Inter-Domino Named Network NRPC Routing
8/12/2019 8.51 MailAdmin
55/75
Field Function
Connection
type
Specify the type of connection, the default type being Local
Area Network, in which the destination server is always
available over a network connection.
Network Dialup can also be used for message transfer, which
uses a RAS dialer to connect to a SLIP or PPP dial-up server.
There are several other specialty connection types you can
choose from, most of which are now obsolete.
The type of connection you select reveals additional fields oran added tab to the Connectiondocument.
Source server
and domain
The distinguished server name (e.g., Hub/TeamApps) and the
Domino Domain name of the server initiating the exchange.
Use the
port(s)
The name of the port out from which the destination server
can be found.
If the other server is available via multiple ports, you can
optionally put an *to let the server determine a port to use,
starting at the top of the enabled port list.
Note:Ports are named using the Server\Setup Portstool inthe Serverfunction tab in Domino Administrator. If a LAN
port, the port name is also entered in the Ports - DominoNamed Network Portstab in the Server document.
Usage priority Affects how the source server finds the destination server,
which occurs in this sequence:
determine a path to the destination server using
Connectiondocuments with a Usage priority set toNormal
if not found, probe all enabled ports for the destination
address (the method varies by protocol)
use Connectiondocuments with a Usage priority set to Low
attempt to use a default Passthru Server to connect.
Note:If two ports are enabled in the same Domino Named
Network, you can force which port a server uses to connect
to the other server by setting one to a Usage priority to
Normal, and the other to Low.
Topic 4: Inter-Domino Named Network NRPC Routing 55
8/12/2019 8.51 MailAdmin
56/75
Field Function
Destination
server and
domain
The distinguished server name (e.g., Spoke1/TeamApps) and
(Domino) domain name of the destination server (NOT the
Internet domain, as we are routing via NRPC here).
You can also enter a group name as the destination. The
Groupdocument, in turn, contains a list of Domino Serversin theMembersfield.
This reduces the number of Connectiondocuments you needto manage if messages are to route out to multiple servers inthe destination Domino Named Network or Domino Domain.
Note:Message transfer is sensitive to the destinationdomain of the message.
If there are no messages bound for the destination domain,no connection will be attempted.
If, on the other hand, a user sends a message to a user inanother domain to which there is no connection, the
message is returned to the user as undeliverable.
Optionalnetwork
address
Specifies a network address if the common name of theserver is not a resolvable network address (such as when
using TCP/IP without a HOSTSfile or a DNS).
Note:Lotus highly recommends using a TCP/IP host nameas opposed to a numeric IP address. If your server has
trouble contacting a DNS, enter the IP address instead.
Step Action
4 Click the Replication/Routingtab to define the parameters for
routing:
Enter the field values (relevant to routing) using the following table.
56 Topic 4: Inter-Domino Named Network NRPC Routing
8/12/2019 8.51 MailAdmin
57/75
Field Function
Routing task Select Mail Routingfor NRPC routing.
The other routing tasks listed are virtual connections that
allow messages using other protocols to travel via NRPC to aserver that has been enabled to route messages to the external
mail system.
Route at once
if
In addition to scheduled connections, the Router can initiate
an unscheduled connection if this threshold of messages tothe same destination server is reached.
At the extreme values, if you set it to 1, one Normal pr