Using CIDR Notation In IBM Domino Configuration

There are multiple resources that suggest CIDR Notation may be used in an IBM Domino server’s Configuration. For instance, IP address filter for SMTP inbound connection controls and CIDR address not working on AS400. However, in ALL of my testing, I’ve NEVER seen it work.

The ugly work-around is to convert the CIDR into a format that IS accepted. One shortcut is to use this excellent tool to convert CIDR to IP Ranges: CIDR TO IP RANGES CONVERTER.

Once you have the range, you’ll still need to “manually” format it.

For instance, use the values displayed in the IBM column to represent the CIDR in the first column:

CIDR IBM
13.107.6.152/31 [13.107.6.152-153]
13.107.9.152/31 [13.107.9.152-153]
13.107.18.10/31 [13.107.18.10-11]
13.107.19.10/31 [13.107.19.10-11]
23.103.160.0/20 [23.103.160-175.*]
23.103.224.0/19 [23.103.224-255.*]
40.96.0.0/13 [40.96-103.*.*]
40.104.0.0/15 [40.104-105.*.*]
70.37.151.128/25 [70.37.151.128-255]
111.221.112.0/21 [111.221.112-119.*]
131.253.33.215/32 [131.253.33.215]
132.245.0.0/16 [132.245.*.*]
134.170.68.0/23 [134.170.68-69.*]
157.56.96.16/28 [157.56.96.16-31]
157.56.96.224/28 [157.56.96.224-239]
157.56.106.128/28 [157.56.106.128-143]
157.56.232.0/21 [157.56.232-239.*]
157.56.240.0/20 [157.56.240-255.*]
191.232.96.0/19 [191.232.96-127.*]
191.234.6.152/32 [191.234.6.152]
191.234.140.0/22 [191.234.140-143.*]
191.234.224.0/22 [191.234.224-227.*]
204.79.197.215/32 [204.79.197.215]
206.191.224.0/19 [206.191.224-255.*]
207.46.150.128/25 [207.46.150.128-255]
207.46.203.128/26 [207.46.203.128-191]
Advertisements

TLS For Domino SMTP

Those that are already using or considering enabling secure SMTP sessions using STARTTLS for Domino should either disable it / wait for now (until SPR# MKENA4SQ7R is resolved in an IF or 9.0.1 FP6), obtain hotfix(es) directly from IBM, or risk the inability to deliver/receive TLS with (at least) some @outlook.com addresses.

For those using (or planning to use) TLS, you should also look at adding the SSL_SESSION_SIZE notes.ini setting. When the setting is not used, the value defaults to 5000 and this is too low to prevent errors like:

02/25/2016 12:23:52 PM New SSL session data length of 5121 bytes is larger than the current size of 5000 bytes.
02/25/2016 12:23:52 PM You may want to set the Notes.ini variable SSL_SESSION_SIZE to at least 5121 bytes.

Note that the server suggested the 5121 value in this example (presumably based upon the handshake with the external server) and I’ve been unable, as yet, to find any other scientific method for determining what other value might be better.