IMPORTANT: These server reconfigurations should occur only after the CMN service is started. Reconfiguring the mail servers before starting CMN would at least briefly send mail to a nonexistent destination. |
A subdomain routing method may introduce a risk that the assigned subdomain names will escape your organization’s internal communications, which in turn can cause bounce-backs on replies to those addresses. To prevent this problem, set the Notes Forwarding Address attribute to user@subdomain@notesdomain, which causes Domino to set the reply address for external email to the user's primary SMTP address (internet address field value).
In the Domino Administrator, Configuration tab | Messaging section | Domains document | Foreign SMTP Domain: Change the destination server to the IP for CMN. Use MX priority designations for load balancing.
1 |
2 |
Select the server from the list, and click Edit Configuration. |
3 |
Click the MIME tab. |
4 |
5 |
Set the Message content field to: Create multi-part alternative including conversion and encapsulation. |
If Outlook recipients do not receive active mail attachments: Confirm the proper conversions within Notes (.OND attachments). Typically this occurs on the Domino server, but you can use this procedure to force the Notes client conversion as well. To configure Notes clients for active mail features, beginning in the Domino Administrator:
1 |
Click the Configuration tab. |
2 |
3 |
In the Create New Policy dialog box: Click the Settings radio button, then select Desktop from the drop-down list box, click OK, and enter a name for the new policy on the Basics tab. |
4 |
5 |
Under MIME Settings: In the drop-down list for Format for messages to internet addresses which cannot be found when message is sent, select Notes Rich Text format. Then click Save & Close. |
6 |
Back in the Configuration tab, under Tools | Policies in the navigation sidebar at right: Select Create. |
7 |
In the Create New Policy dialog box: Click the Settings radio button, then select Security from the drop-down list box, click OK, and name the new policy on the Basics tab. |
8 |
9 |
Change the Update Frequency to your preference, either Once daily or When Admin ECL Changes. Then click Save and Close. |
a |
In Domino Administrator: Click the Configuration tab. |
b |
c |
In the Create New Policy dialog box: Click the Policy radio button, click OK, and name the new policy on the Basics tab. |
d |
Under Basics, set Policy type to your preference, either Organizational or Explicit Users. (Note: If using Explicit Users, the Policy must be assigned in the person document for each appropriate user.) |
e |
In the Setting Type/Setting Name section, set the Desktop and Security fields to the Desktop and Security policy you've created. |
f |
Click Save & Close. |
If you want to use CMN’s active mail features (which require Rich Text outbound format), but want your outbound Internet mail to be sent in MIME format, you can route Notes' Internet-bound mail through CMN into Exchange and then let Exchange handle delivery to the internet. By this method, CMN will strip the extra attachments before relaying messages to Exchange, and then the Exchange MTA will handle delivery. This strategy works with either single- namespace or multi-domain mail routing (see Coexistence mail routing basics earlier in this chapter).
Another option is to designate a Domino server to be used for routing only, with no users assigned to it. This method, however, will work only with multi-domain mail routing. To configure a Domino server for MIME-format outbound Internet mail while CMN active mail features are enabled:
2 |
For this server: Create a Server Configuration document and enable Notes encapsulation on the Outbound MIME tab. |
3 |
4 |
5 |
6 |
• |
Messages Addressed to — Exchange SMTP Domain: The name of the Exchange SMTP domain to which this document applies. For example: exchange.company.com |
• |
Should be Routed to — Domain name: A fictitious, logical domain name (for example, CMNDom) to which messages that match the pattern in the Internet Domain field will be routed. The name you specify serves as a placeholder only; Domino uses the name to pair the Foreign SMTP Domain document with the connection document you will create below. |
7 |
8 |
9 |
On the Basics tab, complete these fields, and then save the document: |
• |
Connection type: SMTP |
• |
Source server: Name of the newly created Domino server where other Domino servers will route mail bound for Exchange via CMN. |
• |
Connect via: Direct connection—for servers that communicate over LAN connections. |
• |
Destination server: Unique fictitious placeholder name—for example, CMNServer. Domino does not use the value in this field, but the Connection document will not work if the field is empty. The name you specify must not match the name of any server on the network. |
• |
Destination domain: Fictitious, logical domain name specified in the Internet Domain name field of the corresponding Foreign SMTP domain document (CMNDom in the earlier example). |
• |
SMTP MTA relay host: IP address or DNS name of the CMN server, to which the source server transfers outbound mail. |
10 |
On the Replication/Routing tab, complete these fields: |
• |
Replication task: Disabled. |
• |
Routine task: Choose Mail Routing. There is no need to specify SMTP routing, since the same routing task is responsible for transferring messages over NRPC and SMTP. The source server must have SMTP routing enabled in its Server document; otherwise, the Router discards the information in the SMTP Connection document. |
• |
Route at once if: Number of pending messages that will force routing. The default is 5. |
11 |
On the Schedule tab, specify the desired routing schedule. |
12 |
Click Save & Close. |
In the Organization Configuration | Hub Transport | Send Connector tab | Domino Send Connector Properties | Network tab: Add the IP or the FQDN for CMN as a "smart host" through which to route mail. You may use MX priority designations for load balancing.
Check the Message Delivery Restrictions settings for any Exchange group to which you want Notes users to be able to send messages. Any such Exchange group must be of the universal distribution type to be mail-enabled. To change the settings, beginning in the Exchange Management Console:
1 |
Select the group under Recipient Configuration | Distribution Group, then double-click the group you want to edit. |
2 |
Click the Mail Flow Settings tab, and highlight Message Delivery Restrictions, then click Properties above. |
3 |
De-select (unmark) the check box for Require that all senders are authenticated. |
4 |
Save, and then restart the MS Exchange transport service. |
To enable and configure TLS/SSL encryption with CMN's Mail Connector:
a |
In Domino Administrator: Open the Server Certificate Administration database on your server (typically certsrv.nsf), or create one from the template if none exists. |
b |
Choose the option to Create Key Ring with Self-Certified Certificate, and enter the appropriate field values: |
• |
Key Ring File Name: Choose selfcert.kyr in the Domino root data directory. |
• |
Common Name: The fully qualified host name of your Domino server— for example, domino.company.com. |
• |
Organization: Should match the corresponding entry in your domain registration. |
• |
State or Province: In the U.S. this is the two-letter postal abbreviation for your state. Elsewhere, enter the name of the region, province, etc. |
• |
Country: The two-character country code. |
c |
Click the Create Key Ring with Self-Certified Certificate button. |
d |
e |
• |
SSL Settings: Set the SSL key file name to selfcert.kyr in the Domino root data directory. |
• |
SSL Protocol Version: Negotiated |
f |
Under Web: Enable HTTPS and ensure it is set to 443. (With HTTPS enabled, your browser will be able to retrieve the public key and install it into the cert store.) |
h |
Test the certificate: On the CMN client computer, point IE to https://domino.company.com (IE should render the page without errors). |
2 |
In CMN's Mail Connector Management Console, on the new TLS Settings screen: |
a |
Click the Enable TLS radio button. |
b |
In the Certificate Store drop-down list, select the location in your network where the certificate resides. If the certificate location does not appear in the list, you must copy the certificate to one of the listed locations, using the Microsoft Certificates Management Console, into a LOCAL-SYSTEM account (not a personal account). |
d |
a |
In the left-hand navigation tree, select Server|Configurations. Then select the server in the list (at the right), and click Edit Configuration. |
b |
In the Configuration Settings for the selected server, select the Router/SMTP tab, then the Advanced... tab, and then the Commands and Extensions tab. |
c |
Set the SSL negotiated over TCP/IP port field to either Enabled or Required. This is an important distinction: |
• |
Required: Prevents Domino’s receipt of non-TLS messages. (The Required setting disallows non-TLS encrypted messages, which CMN might otherwise transmit if a configuration issue prevents CMN from sending a TLS-encrypted message, in which case it would attempt to send the message as plain text.) |
• |
Enabled: Permits TLS-encrypted messages but does not prevent non-TLS messages. |
d |
Select the Ports/Internet Ports tab. |
e |
• TCP/IP port number: 25 |
• TCP/IP port number: 25 |
f |
• Anonymous: Yes • Anonymous: Yes |
• Key ring file name: keyfile.kyr |
g |
Click Save and Close, and restart the Domino server. |
a |
From the CMN client computer, telnet to the Exchange server on port 25, and send ‘EHLO’. If the Exchange reply includes 250-STARTTLS, then STARTTLS is already enabled (skip ahead to step 7). |
b |
If STARTTLS is not already enabled, enable it with this command: |
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center