Newsletters   Subscriptions  Forums  Store  Media Kit  About Us  Contact  Search   Home 
fhg
Volume 4, Number 17 -- May 19, 2004

Admin Alert: A Lotus Notes Adjustment for Fighting Spam


by Joe Hertvik

When you're in charge of an organization's Lotus Notes-based e-mail system, you're going to spend a lot of time thinking about and fighting spam. Spammers are notorious for sneaking e-mail into all kinds of companies, but if you have a Notes 6.0.x server, there's one simple adjustment you can make that just might cut down on the amount of unwanted e-mail your users receive.

I found this particular setting when my Domino 6.0.1 users started experiencing a dramatic increase in the amount of spam making it to their desktops. Even users who didn't normally receive spam were getting several unwanted messages a day. After analyzing sample e-mails, I found one common thread: that most of the new spam violated our company's standard Internet e-mail addressing format: 

Firstname.lastname@companyname.com

But these e-mails were mostly addressed to and received by our users in two formats: 

firstname@companyname.com

Or 

lastname@companyname.com

I contacted Lotus support and found that, by default, Domino separates and services its Internet addresses into two categories. The first category is full name addresses, which consist of full Internet addresses that are explicitly listed in a "person" document (addresses like john.doe@company.com). These addresses are usually listed in the Internet Address field of a person document, but they can also appear in either the User Name or Short Name/UserID fields of such documents.

The second category of Notes Internet addresses are local part addresses. By default, when an e-mail is received in the system, the Notes router searches for an exact full name match first, then it also searches the Domino directory for a match on the local part of the incoming e-mail address. The local part of an Internet address is the phrase or word before the @ sign. So if an e-mail is addressed to john@company.com, the local part of the address would be the word john.

These definitions are important for this particular spam problem because, if you define a person document for a user named John Doe with the following values: 

Internet Address = john.Doe@company.com

User name =  John Doe
             John Doe/Company

Then e-mail addressed to the following Internet addresses could be delivered to John's mailbox: John.Joe@company.com, john@company.com, and Doe@company.com.

Once e-mail with these addresses is received, the router delivers it to John's mailbox according to the following process. If the incoming address is john.Doe@company.com, the router matches the explicit full name value in the Internet address field and delivers the e-mail. If the incoming e-mail is addressed to either john@company.com or Doe@company.com, the router will match the local parts of the incoming Internet address (the words to the left of @) to the words John and Doe in the user name field, and it may also deliver that e-mail to his mailbox.

This means that John Doe really has three addresses in the system, one explicit Internet address and two assumed Internet addresses, based on combining the local parts of his name with one of the server's domain names. The only thing that would stop a local-part-addressed e-mail from being delivered to John would be if there was another person document in the Domino directory that had the same local parts in its user name field. When the Domino router finds multiple matches for a local part address, the router will register an error and the incoming e-mail will not be delivered.

All of which leads back to our spam problem and the simple setting change that solves it. My company's increase in receiving spam was because certain spammers had stepped up their efforts by sending out tons of e-mail to Internet addresses that matched local part addresses on the system. Spam messages were being addressed to, for instance, pam@company.com or turner@company.com, and to any number of addresses that contained a common first or last name combined with my domain name. When the incoming spam matched a local part address that was unique on my system, the spam was delivered to that user's mailbox. When the spam matched multiple users with the same local part address, the e-mail was held in the Domino mail file with an error message. Either way, the increase in received e-mail was starting to clog our system.

If you're having a similar problem with your Notes installation on an iSeries- or a Windows-based Notes 6.0.x server, here's the procedure we ran to turn off local parts addressing on a Notes system and reduce this type of spam.

STEP 1

Open the Domino Administrator and review all person documents to ensure each person's full name Internet addresses are contained in either the Internet address field or the user name field of the appropriate document. Only one full name address can be contained in the Internet address field, but several alternate full name Internet addresses can be listed in the user name field. If you have any local part addresses to which Internet e-mail is routinely delivered, convert that address to a full name address in the user name field. Once local part addressing is turned off, the router will no longer deliver e-mail to an address that doesn't contain a full name address.

Though it's not a necessity, I also recommend that you move any full name Internet addresses listed in the short name/user ID field of a person document to the user name field, because there may be situations when the Domino router may not be able to match addresses found in that field.

STEP 2

Review all group records in the Domino directory that contain entries in their Internet address fields in order to ensure that those entries contain full name addresses only. Convert any local part addresses in the Internet address field of a group record to full name addresses.

STEP 3

Go into the configuration document for the server and click edit configuration.

STEP 4

Click Router/SMTP and Basics in the configuration settings.

STEP 5

Change the address lookup field on the "Router/SMTP Basics" screen from full name then local part (the default) to fullname only.

STEP 6

Load the new settings into the router. This can be done by stopping and starting the router by using either of the following sequences from the system console: 

Tell router quit
<wait for the router to shutdown>
Load router

Or:

Restart task router

The new router setting can also be loaded by updating the router's routing table through the following Tell command: 

	Tell router update config

Once you've completed these steps, the Notes router will only accept e-mail that matches a full name Internet address defined in the Domino directory.

Changing a Notes server's address lookup field is simple, but it can significantly reduce unwanted e-mail.

Sponsored By
DAMON TECHNOLOGIES

RSP is the Evolution of RPG

RSP (RPG Server Pages) is the best way to develop Web applications with RPG.

· Developers use their existing RPG skills.
· More robust than CGI with greater flexibility and speed.
· RSP is not just visual development. It is an application server built specifically for the iSeries.
· Full debug capabilities.
· Session Handling with a built in garbage collector.
· Use WDSc to develop your web content.
· Priced Right.

With RSP, Web content is developed with the Ease, Speed, and Reliability of RPG.

In today's fast paced business world, there is not enough time or resources to convert RPG developers into Java developers. The logical step to bring your business critical applications to the Web is with RSP. RSP gives the developer the tools necessary to create fast and reliable Web applications.

Download your free copy of RSP today!

www.damontech.com
Evolve
Editors: Howard Arner, Joe Hertvik, Ted Holt,
Shannon O'Donnell, Kevin Vandever
Managing Editor: Shannon Pastore
Contributing Editors: Joel Cochran, Wayne O. Evans, Raymond Everhart,
Bruce Guetzkow, Marc Logemann, David Morris
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

THIS ISSUE
SPONSORED BY:

Advanced Systems Concepts
iTera
WorksRight Sofware
Damon Technologies


BACK ISSUES

TABLE OF
CONTENTS
Date Handling in RPG IV

A Solution to the Numeric Parameter Problem

Read a Data Area As a One-Row Table with SQL

Admin Alert: A Lotus Notes Adjustment for Fighting Spam



Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, 50 Park Terrace East, Suite 8F, New York, NY 10034
Privacy Statement