Use relay restriction and connection restriction functions together

You can restrict specific groups of users from connecting to your e-mail server but allow certain Post Office Protocol (POP) clients within that group to use your SMTP server to send e-mail messages.

For example, you know that users within a specific range of IP addresses routinely send spam e-mail. Therefore, you want to restrict addresses in that range from connecting to your e-mail server. However, several of the IP addresses in the IP address range represent trusted i5/OS users, and you want to enable those users with i5/OS user profiles to relay messages for a specified period of time after they log on to the POP server.

Fortunately, you can use the connection restriction function to restrict connections of the specific range of IP addresses and use the relay restriction function to allow certain trusted users (POP clients) within the restricted range to send e-mail using your Simple Mail Transfer Protocol (SMTP) server. i5/OS first checks to see if you configured the server to allow POP clients to relay messages for a specified period of time. Then, it checks for restricted connections. This i5/OS capability enables you to precisely control who can use your SMTP server to relay messages and who can connect to your e-mail server.

If you choose to use the connection restriction function and the relay restriction functions together, you need to create the appropriate data area in the QUSRSYS library to enable the POP server authentication capability to override the connection restriction configuration. You need to create the data area before you configure the relay restriction and connection restriction in iSeries™ Navigator. At a later date, you might want to remove the relay restriction that allows the POP clients within the restricted group to use your e-mail server. In that case, you need to delete the data area.

To create or delete the data area in QUSRSYS, follow these steps from the command line on the character-based interface: