Configuring User Access through the Domain

Although users do not access the domain as they use the GroupWise client, their messages often pass through domains while traveling from one post office to another.


Restricting Message Size between Domains

You can configure the MTA to restrict the size of messages that users are permitted to send outside the domain.

  1. In ConsoleOne, click Tools > GroupWise Utilities > Link Configuration.


    Link Configuration Tool window
  2. Double-click the domain where you want to restrict message size.


    Edit Domain Link dialog box
  3. In the Maximum Send Message Size field, specify in megabytes the size of the largest message you want users to be able to send outside the post office.

  4. If you want to delay large messages, specify the size in megabytes for message files the MTA can process immediately in the Delay Message Size field.

    If a message file exceeds the delay message size, the message file is moved into the low priority (6) message queue, where only one MTA thread is allocated to process very large messages. This arrangement allows typical messages to be processed promptly, while delaying large messages that exceed the specified size. The result is that large messages do not slow down processing of typical messages.

  5. Click OK.

  6. To exit the Link Configuration Tool and save your changes, click File > Exit > Yes.

    ConsoleOne then notifies the MTA to restart using the new message size limits.

If a user's message is not sent out of the domain because of this restriction, the user receives an e-mail message with a subject line of:

Delivery disallowed

plus the subject of the original message. This message provides information to the user about why and where the message was disallowed. However, the message is still delivered to recipients in the sender's own domain.

There are additional ways to restrict the size of messages that users can send, as described in Restricting the Size of Messages That Users Can Send.


Enabling Live Remote

You can configure the MTA to redirect GroupWise Remote client requests to other MTAs and POAs. The GroupWise client can establish a client/server connection to an MTA across the Internet, eliminating the queuing and polling process used by earlier Remote clients. The result is significantly improved performance for Remote client users.

To configure the MTA to redirect Remote client requests, add the /liveremote, /lrconn and /lrwaitdata switches to the MTA startup file.

You can monitor the live remote connections from the MTA agent console. See Displaying Live Remote Status.

As an alternative to live remote connections from outside your firewall, you could set up proxy servers for the POAs, so that Remote client users connect to their mailboxes through the proxy servers rather than through MTAs. Full SSL security is provided through the proxy servers. See Securing Client/Server Access through a Proxy Server.


Enhancing Domain Security with SSL Connections to the MTA

Secure Sockets Layer (SSL) ensures secure communication between the MTA and other programs by encrypting the complete communication flow between the programs. For background information about SSL and how to set it up on your system, see Encryption and Certificates.

To configure the MTA to use SSL:

  1. In ConsoleOne, browse to and right-click the MTA object, then click Properties.

  2. Click GroupWise > Network Address to display the Network Address page.


    MTA Network Address property page
  3. To use SSL connections between the MTA and the POAs for its post offices, select Enabled in the Message Transfer SSL drop-down list.

    The MTA must use a TCP/IP connection to each POA in order to enable SSL for the connection. See Using TCP/IP Links between a Domain and its Post Offices.

    Each POA must also have SSL enabled for the connection to be secure. See Enhancing Post Office Security with SSL Connections to the POA.

  4. To use SSL connections between the MTA and the MTA Web console displayed in your Web browser, select Enabled in the HTTP SSL drop-down list.

    To set up the MTA Web console, see Setting Up the MTA Web Console.

  5. Click Apply to save the settings on the Network Address page.

  6. Click GroupWise > SSL Settings to display the SSL Settings page.


    MTA SSL Settings property page

    For background information about certificate files and SSL key files, see Encryption and Certificates.

  7. In the Certificate File field, browse to and select the public certificate file provided to you by your CA.

  8. In the SSL Key File field:

    1. Browse to and select your private key file.

    2. Click Set Password.

    3. Provide the password that was used to encrypt the private key file when it was created.

    4. Click Set Password.

  9. Click OK to save the SSL settings.

    ConsoleOne then notifies the MTA to restart using the new message size limits.

Corresponding Startup Switches
You could also use the /certfile, /keyfile, /keypassword, /httpssl, and /msgtranssl switches in the MTA startup file to configure the MTA to use SSL.

MTA Web Console
You can list which connections the MTA is using SSL for from the Links page. Click View TCP/IP Connections to display the list if TCP/IP links.