Basic Messaging Settings
The following sections address a few of the basic settings that can be applied to mail and messaging. Other messaging settings are covered in more detail in the Mail chapters in this book related to the other exams (Chapter 8, "Mail," for Exam 621, and Chapter 17, "Resolving Server Problems," for Exam 622).
Creating Archiving Policies
An archiving policy is a document that defines and can control the settings for mail archiving for users in the domain. For the first time in Domino Release 6, administrators can centrally control mail file archiving using policies. Archiving is particularly useful for mail databases because users typically save both sent and incoming mail, causing the mail file to increase in size. Archiving the mail file frees up space and improves the performance of the mail database by storing documents in an archive database when they are old or not in use anymore.
The mail archive database is a Notes database and can be accessed like any other Notes database. The views in a user's mail archive mirror the views in the mail file. The archive includes the folder hierarchy of the original mail database, enabling users to easily find and read messages in the archive.
Mail file archiving is a three-step process that includes selecting documents (deciding which ones should be archived), copying files to an archive database, and performing mail file cleanup.
When you use policies to manage archiving, you use either server-based archiving or client-based archiving. The terms server-based and client-based don't refer to the storage location for the archive, but rather to where the archiving process occurs: either on a server or on the client's workstation. The server performs archiving using the Compact task. The administrator triggers the server to archive by scheduling the running of the Compact task using a Program document. Client-based archiving assumes that the user will be initiating the archiving process, which means that the workstation must be running for archiving to be successful.
If the user schedules client-based archiving when the workstation is not running, archiving will not occur.
An Example of How to Use Policies to Manage Mail Archiving
The administrator at Acme Corporation has had difficulty controlling or supporting users who want to archive mail. She plans to use policy-based archiving to solve some of the following problems and issues related to mail archiving:
Acme needs a centralized archive server.
Space is limited on the current mail server.
Because archiving increases network traffic, Acme wants all mail archiving to happen during off-peak hours.
To ensure consistency, users must not be allowed to control their archive settings. Archive settings will be implemented and changed only by administrators.
Users within different organizational units will need to have slightly different archiving settings.
To resolve Acme's archiving issues, the administrator uses these Archive policy settings and applies them to all users via organizational policies:
Server-based archiving is enabled from a mail server to a designated archive server.
Archive settings are centrally managed and enforced by the administrator; users are prohibited from changing or creating archive settings.
Archiving is scheduled to be server-based and will occur during off-peak hours.
Optionally, the administrator can implement pruning (removing attachments and body of mail, but leaving header information intact), which might help conserve server disk space.
Creating an Archive Policy Settings Document
Setting up mail file archiving is a two-step process: You must create the following three documents in the Domino Directory:
The Archiving Settings document(s)This specifies whether users are allowed to archive. If they are, all further archiving settings are created in this document.
The Archive Criteria Settings document(s)This document is created from within the Archiving Settings document. The criteria determine which documents are archived and how the mail file is cleaned up.
The Policy document that references the correct Archiving Settings documentThis policy refers to the correct Archiving Settings document and might also refer to other Settings documents.
The Archiving Settings document specifies whether to allow archiving either centrally by administrators or privately by Notes users. If you prevent all archiving, that is essentially the only setting listed in your Archiving Settings document. You must then reference that Settings document in your Policy document. If you prevent private archiving, the Archiving Settings document determines how documents in the user's mail file are archived, and users cannot change these settings or create private archive settings.
If you allow archiving, use the Archiving Settings document to define whether archiving is server-based or client-based, to specify source and destination archive servers, and to set the archive schedule. You can also change the name and location of the default archive log file if you want.
Implementing Mail Quotas
Users can receive and save a high volume of email, including their own sent messages, in their mail files. Large mail files can overwhelm a server's disk capacity and reduce the performance of the mail client. Because you generally cannot provide users with unlimited storage space, set a size limit, or database quota, for each mail file; these limits are called mail quotas. When delivering mail to a user's mail file, the router checks the current size of the mail file against the specified mail quota.
You can set two types of size limits on a user's mail file: a warning threshold and an absolute quota size. Set a warning threshold to provide users with advance notice when their mail files approach the designated mail file quota, so they can reduce the size of their mail files before message flow is interrupted. Set a quota if you intend to establish a policy of interrupting users' mail usage if their mail files exceed a specified size.
You must set a quota before you can set a warning threshold.
You can configure the router to respond in several ways when a mail file exceeds its quota, each representing a higher level of enforcement. The least restrictive response is to have the router issue automatic notifications to users when their mail files exceed the quota. If users fail to respond to notifications, you can hold pending messages in MAIL.BOX or return messages to the senders as undeliverable until the users reduce the size of their mail files.
Along with the methods the router uses to enforce quotas, the Notes client displays a warning to any user who has exceeded the designated warning threshold or quota whenever the user attempts to send mail.
Setting the Quota or Warning Threshold on a Mail Database
You can set quota limits and warning thresholds in one of two ways:
During registrationQuotas specified during registration apply only to new users, not to existing users. You can also set mail quotas before registration by listing the quota information in the Registration Policy document and applying this document during registration.
Per databaseUsing the Domino Administrator, you can manually specify the warning threshold and quota of one or more mail files. This method works for any database, including the mail database. Quotas and warning thresholds are set using the Quotas tool in the File Tab of the Administrator client.
Understanding Mail Encryption
Encryption protects data from unauthorized access. Using Notes and Domino, you can encrypt the following:
Mail messages sent to other usersEncryption can be applied to outgoing messages, in which case an unauthorized user cannot read the message while it is in transit. You can also encrypt saved and incoming messages.
Network portsInformation can be encryption when being sent between a Notes workstation and a Domino server, or between two Domino servers, thereby preventing unauthorized users from reading the data while it is in transit.
SSL transactionsYou can use SSL to encrypt information sent between an Internet client, such as a Notes client, and an Internet server, to prevent unauthorized users from reading the data while it is in transit.
Fields, documents, and databasesApplication developers can encrypt fields within a document, an entire document, and local databases, allowing only the specified users to read the information.
The Role of Public and Private Keys in Mail Encryption
Domino uses public and private keys so that data encrypted by one of the keys can be decrypted only by the other. The public and private keys are mathematically related and uniquely identify the user. Both keys are stored in the ID file. The certificate containing the public key is also stored in the user's Person document in the Domino Directory, where it is available to other users.
Domino uses two types of public and private keys: Notes and Internet. You use the Notes public key to encrypt fields, documents, databases, and messages sent to other Notes users; the Notes private key is used for decryption. Similarly, you use the Internet public key for S/MIME encryption and the Internet private key for S/MIME decryption. For both Notes and Internet key pairs, electronic signatures are created with private keys and verified with public keys.
To properly understand mail encryption, it is best to use a scenario. Let's say that John wants to send an encrypted mail message to Carol. John and Carol both work for Acme Corporation and are listed in the Domino Directory. John creates the mail message and chooses to encrypt it in the Delivery Options for the message. When he pushes the Send button, his Notes workstation encrypts the message by applying three keys:
John's public key from his user ID
John's private key from his user ID
Carol's public key from her Person document in the Domino Directory
While the message is in transit, the body of the message is encrypted. When Carol receives the message, her workstation decrypts it using the private key located on her ID file.
Only the Body field in a mail message is encrypted. The only key that can decrypt the message is the recipient's private key, which is mathematically related to the public key and is only stored on the ID file. The To, cc, bcc, and Subject fields are not encrypted and can be read by anyone who can access the message in the mail database.
In general, mail sent to users in an external domain cannot be encrypted. However, if the recipient of the mail uses Lotus Notes and the sender has access to the recipient's public key, the sender can encrypt the mail message. The recipient's public key can be stored in the Domino Directory, in an LDAP directory to which the sender has access, or in the sender's Personal Address Book. If a user attempts to send an encrypted message to someone and the user can't access the recipient's public key, encryption will fail at the time of sending, prompting the user with an error message that asks whether to continue sending the message in unencrypted format.