Parameter:
SMTPRelayHostsAndDomainsShort description: Whitelist of hosts / domains that are allowed to use the Domino server for SMTP relay – decisive for protection against open relay.
Profile
Parameter | SMTPRelayHostsAndDomains |
Category | Mail / Router |
Component | Server |
Available since | 9.0 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | Configuration document |
Possible values | Comma-separated list, e.g. *.example.com,partner.de,10.0.0.0/8 |
Description
The Domino SMTP listener only accepts mail to external recipients for forwarding (relay) if the submitting host is on the relay whitelist.
SMTPRelayHostsAndDomains holds this list – either as wildcards (*.example.com), individual hosts, or network ranges. Without an entry the server (together with the default protection rules) behaves as a closed relay and accepts relay only for locally authenticated senders, which is mandatory for internet operation. Misconfigured wildcards (e.g. *.com) turn the server into an open relay – which leads immediately to spam abuse and blacklisting.Example configuration
SMTPRelayHostsAndDomains=*.acme.local,10.10.0.0/16
Notes & pitfalls
- Never enter
*alone – that is open relay.
- Works together with other relay restrictions in the Configuration document; on conflicts notes.ini wins.
- Takes effect after restarting the SMTP task.
- Regularly test open-relay status externally (e.g. with
mail-tester.comor MXToolbox).