The Exchange Gateway lets you control access through the gateway. For example, you can:
Control which GroupWise users can send messages and to which Exchange users
Control which GroupWise users can receive messages and from which Exchange users
Control the maximum size for messages sent through the gateway
Control whether or not rule-generated GroupWise messages are sent through the gateway
The standard way to control access for all GroupWise and Exchange users on the GroupWise side of the gateway is with the access.cfg file in the domain\wpgate\exchange directory. In addition, you can control individual user access using the Gateway Access field of individual User objects in ConsoleOne.
On the Exchange side of the gateway, access control is provided on the Permissions page of the Site Addressing object. See your Exchange documentation for more information.
The access.cfg file is an ASCII text file that can be edited with a standard text editor. It is located in the gateway root directory (for example, domain\wpgate\exchange). The access.cfg file enables you to implement the following specific types of access control:
Provide specific access control based on GroupWise domains and post offices
Provide specific access control based on access groups that you define
Limit the size of incoming and outgoing messages to and from your GroupWise system for specific domains, post offices, or access groups
Prevent messages from specific addresses from entering your GroupWise system for specific domains, post offices, or access groups
Allow messages from specified addresses to enter your GroupWise system, while preventing all others for specific domains, post offices, or access groups
Prevent rule-generated messages from going out of your GroupWise system for specific domains, post offices, or access groups
The initial access.cfg file includes descriptions and examples of the section headers and keywords that you can use in the file. However, all lines are initially commented out and access control is off by default. Print the initial access.cfg file in the domain\wpgate\exchange directory. Reviewing the file can help you understand how it works.
Add the following line at the top of the file to turn on access control:
After access control has been turned on, you can create sections in the access.cfg file for various groups of users. Section headers are enclosed in square brackets ([header]). Within each section, you use keywords to define the access control settings for the group to which the section applies. The following section headers and keywords are available:
Section headers, keywords, and settings are not case sensitive. The In and Out directions are from the point of view of the GroupWise system. Semicolons (;), slashes (/), and pound signs (#) can be used to comment out lines of text. In the examples provided in the access.cfg file, the string gwaddresstext represents the address of an Exchange user. For example, you could replace gwaddresstext with Novell.Sales.Glen if that is the appropriate address format, as explained in Section 3.8, Selecting User Address Type and Format.
Exchange Gateway Web Console You can turn access control on and off for the current gateway session on the Access Control page. You can also adjust the maximum message size.
Section headers establish groups of users to which access control settings are applied.
This section lists the access control settings for users who are not covered by access control settings for a particular GroupWise domain, post office, or access group.
This example limits incoming messages to 100 KB but does not limit the size of outgoing messages. It prevents rule-generated GroupWise messages from transferring through the gateway to the Exchange system. These access control settings would apply to any users who did not fall under a more specific section header.
This section lists the access control settings for users in a particular GroupWise domain.
This example limits incoming messages to 1 MB but does not limit outgoing messages. It allows GroupWise users to send rule-generated messages.
This section lists the access control settings for users in a particular GroupWise post office.
This example allows users in the Temps post office to exchange messages with users in the Exchange NetTech system only. It restricts incoming and outgoing messages to 10 KB. It prevents rule-generated messages.
This section lists the access control settings for individual GroupWise users who are assigned to the access group in ConsoleOne, as described in Using the Gateway Access Field on Individual User Objects. Access groups do not have direction parameters. If you want to control access in both directions, you must create separate access groups.
This example allows users in the SysAdminsIn and SysAdminsOut access groups to receive messages up to 5 MB in size and to send rule-generated messages.
Keywords define the access control settings for the users included under each section header.
This keyword provides unrestricted access to the Exchange Gateway for those GroupWise users specified by the section header. Users can send messages to or receive messages from Exchange users, depending on the direction specified by the header.
This example allows all GroupWise users in the Executives post office to exchange messages with all Exchange users with no access control restrictions.
This keyword restricts access to the Exchange Gateway for those GroupWise users specified by the section header. Users cannot send or receive messages through the gateway, depending on the direction specified in the header.
This example prevents all GroupWise users in the Temps post office from exchanging messages with Exchange users.
This keyword restricts access to the Exchange Gateway from the perspective of Exchange users. This keyword differs from NoAccess because a specific Exchange address must be provided. If GroupWise users try to send mail to a Exchange address that has been blocked, they receive a message from the gateway stating that the message is undeliverable.
The first example prevents GroupWise users in the Temps post office from exchanging messages with users in the Exchange XYZCorp system. The second example prevents GroupWise users in the Executives post office from receiving messages from a specific Exchange user. Providing the username in both formats is required to totally block a user.
This keyword allows messages to pass through the Exchange Gateway only if the message’s recipient matches the Exchange address specified on the Allow line. Any messages addressed to other Exchange addresses are blocked.
The first example allows GroupWise users in the Temps post office to exchange messages with the NetTech Exchange system but no others. The second example allows all users to receive messages from a specified user.
This keyword determines the maximum size of messages that the Exchange Gateway can transfer between systems. Maxsize is specified in bytes (1000 = 1000 bytes or 1 KB), with a range from 0 to 2147483647.
Unless you have a reason to limit the message size (for example, you are charged for the amount of data transferred by the gateway), you might not want to limit the message size. When attachments are encoded as they pass through the gateway, they generally become larger.
This example prevents GroupWise users in the Temps post office from receiving messages larger than 1 MB and from sending messages larger than 5 MB.
This keyword determines whether or not rule-generated messages are allowed through the Exchange Gateway. It applies only to outbound messages from GroupWise to Exchange.
You could use this keyword to control rule-generated messages such as “On Vacation” from entering the Exchange system. Unlike NoAccess and Block, the gateway does not generate a status message stating that the mail message was undeliverable. Instead, the message remains pending in the sender’s mailbox.
This example prevents all rule-generated messages from transferring from the GroupWise system to the Exchange system.
You can use the Gateway Access field on the GroupWise Account page of each User object in ConsoleOne to control individual user access. This can be useful if you only have a few users whose access you want to control. If you have many users whose access you want to control, you should use the access.cfg file, as described in Using the Access.cfg File in the Gateway Directory.
If desired, create an access control group in the access.cfg file.
In ConsoleOne, browse to and right-click the user whose access you want to control, then click.
Clickto display the Account page.
Fill in thefield.
If you created an access control group in the access.cfg file in Step 1, specify the name of the access control group that you want this user to be associated with.
If you have not created an access control group, you can put access control information unique to this user in the Gateway Access field.
The following keywords are valid in the Gateway Access field:
In this example, the gateway name is Exchange, the maximum message size is 500 KB, and rule-generated messages are prevented from leaving the GroupWise system. The gateway direction designations and their keywords are separated by a semicolon (;).
Click OK to save the access control information for the selected user.
ConsoleOne passes the access control information to the Exchange Gateway so that the access control settings are in force immediately.