Monday, January 8, 2007

How to block spam in Lotus Domino 6.x?

This is a simple how to, and I hope will take you a quick guide to block spam with Lotus Domino 6.x
First, Lotus Domino is a great software. It's not just email, it simple more than that. If you want to use just email, you can have many options availbale, from pop3, imap, exchange, webmail etc. But if you need email AND also sharing, groupware and colaboration capabilities, Lotus Domino is the BEST choice.

But, when it many features, Lotus Domino is lack of it anti spam capabilities. It's improving, but still not enough.

If you have resources and time, you should put another server in the front of Lotus Domino to handle spam, but if you not, you can maximize Lotus Domino features. Like I said, its not enough, but its better then nothing.

All smtp configurations available in Domino Directory at Configuration --> Servers --> Configuration

DNS Blacklist Filters
This is a must. This is the first guard againts spam, in others mta, it known as rbl or dnsbl.
Most popular rbl servers are spamhaus and spamcop.
How it works? In smtp connection, smtp task will do a query for every incoming email if that email originating ip listed in the rbl server. If listed, then the smtp task simple reject the server, if not than continue the smtp connection. It saves bandwith and server resources and it block spam.
One must be carefull to choose the rbl server, because some servers are very aggresive, it may block your legitimate emails.
My persoanl choice is spamhaus, and the server is sbl-xbl.spamhaus.org. But that my personal choice.

Options available in DNS Blacklist Filters and also an example:
DNS Blacklist filter: Enabled
DNS Blacklist sites: sbl-xbl.spamhaus.org
Desired Actions when a connecting host is found in a DNS Blacklist: Log and Reject messages.
Custom SMTP error response for rejected messages: 'leave it blank'

Inbound Connection Controls
If you want to tight up the spam control than you can enable this. It will check your the host (computer name) than send the emails is listed in DNS query, and it must have reverse lookup entry in DNS.
Example: If new email come from domain testdomain.com with hostname testhost, the smtp will check if the testhost.testdomain.com will resolve an ip address. If not the it will reject the connection. If it resolve an ip address like 202.xxx.xxx.xxx then it will accept the connection.

Options availbale in Verify connecting hostname is DNS:
Allow connections only from the following SMTP internet hostnames/IP addresses:
Deny connections only from the following SMTP internet hostnames/IP addresses:

Inbound Sender Controls
This is a must. The smtp will check if the domain sender can be found in a DNS query. If not, it simply reject the connection.

Options available in Verify sender's domain in DNS:
Allow messages only from the follwoing external internet addresses/domains:
Deny messages only from the follwoing external internet addresses/domains:

0 comments:

Template Designed by Douglas Bowman - Updated to Beta by: Blogger Team
Modified for 3-Column Layout by Hoctro