ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzair_5.4.0.1/rzairrestrictrelayconnect.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Use relay restriction and connection restriction functions together" />
<meta name="abstract" content="i5/OS enables you to use the relay restriction function along with the connection restriction function to carefully control who can access your e-mail server." />
<meta name="description" content="i5/OS enables you to use the relay restriction function along with the connection restriction function to carefully control who can access your e-mail server." />
<meta name="DC.Relation" scheme="URI" content="rzairneardomain.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzairrestrictrelayconnect" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Use relay restriction and connection restriction functions together</title>
</head>
<body id="rzairrestrictrelayconnect"><a name="rzairrestrictrelayconnect"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Use relay restriction and connection restriction functions together</h1>
<div><p><span>i5/OS™ enables you to use the relay restriction
function along with the connection restriction function to carefully control
who can access your e-mail server.</span></p>
<div class="section"><p>You can restrict specific groups of users from connecting to your
e-mail server but allow certain Post Office Protocol (POP) clients within
that group to use your SMTP server to send e-mail messages.</p>
<p>For
example, you know that users within a specific range of IP addresses routinely
send spam e-mail. Therefore, you want to restrict addresses in that range
from connecting to your e-mail server. However, several of the IP addresses
in the IP address range represent trusted i5/OS users, and you want to enable those
users with i5/OS user
profiles to relay messages for a specified period of time after they log on
to the POP server.</p>
<p>Fortunately, you can use the connection
restriction function to restrict connections of the specific range of IP addresses
and use the relay restriction function to allow certain trusted users (POP
clients) within the restricted range to send e-mail using your Simple Mail
Transfer Protocol (SMTP) server. i5/OS first checks to see if you configured
the server to allow POP clients to relay messages for a specified period of
time. Then, it checks for restricted connections. This i5/OS capability enables you to precisely
control who can use your SMTP server to relay messages and who can connect
to your e-mail server.</p>
<p>If you choose to use the connection restriction
function and the relay restriction functions together, you need to create
the appropriate data area in the QUSRSYS library to enable the POP server
authentication capability to override the connection restriction configuration.
You need to create the data area before you configure the relay restriction
and connection restriction in iSeries™ Navigator. At a later date, you
might want to remove the relay restriction that allows the POP clients within
the restricted group to use your e-mail server. In that case, you need to
delete the data area.</p>
<p>To create or delete the data area in QUSRSYS,
follow these steps from the command line on the character-based interface:</p>
</div>
<ol><li class="stepexpand"><span>Enter <samp class="codeph">CRTDTAARA DTAARA (QUSRSYS/QTMSPOPOVR) TYPE(*CHAR)</samp> to
create the data area, or enter <samp class="codeph">DLTDTAARA DTAARA (QUSRSYS/QTMSPOPOVR)
TYPE(*CHAR)</samp> to delete the data area.</span></li>
<li class="stepexpand"><span>If the SMTP server is currently running, you need to end and restart
the SMTP server for the changes to take effect: </span><ol type="a"><li><span>Enter <samp class="codeph">ENDTCPSVR *SMTP</samp> to end the SMTP server.</span></li>
<li><span>Enter <samp class="codeph">STRTCPSVR *SMTP</samp> to restart the SMTP server.</span></li>
</ol>
  <div class="note"><span class="notetitle">Note:</span>  After you create the data area, refer to the <a href="rzairneardomain.htm#rzairneardomain">Restrict relays</a> and <a href="rzairlmtsvr.htm#rzairlmtsvr">Restrict connections</a> topics
for configuration details.</div>
</li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzairneardomain.htm" title="A common concern that you might face is protecting your server from people who try to use your e-mail server for spamming, or sending large amounts of bulk e-mail. To avoid these problems, use the relay restriction function to specify as closely as possible who can use your server for relay.">Restrict relays</a></div>
</div>
</div>
</body>
</html>