After going through the configuration for port restriction on an old 170
@ V5R3M0, you cannot specify the IP address along with the port, just
the port / user so that will not work.
IP Sec if very tricky to configure. You have to open all the necessary
IP/ports cause once you start IP sec, the default rule denies all that
is not explicitly opened. I don't know if you can restrict an IP/PORT
to a user there either.
I would skip starting the native POP server until after Notes is
started. Make is a procedure to end the Native POP server if Notes has
to be restarted, then restart the native POP server.
Good Luck,
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Friday, March 07, 2008 11:48 AM
To: Midrange Systems Technical Discussion
Subject: RE: Binding the i5/os POP server to a particular address.
Which user are you talking about registering in the IP sec? QTCP and
QNOTES or all the clients?
Where do you add these IP sec restrictions?
Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
"Chris Bipes" <chris.bipes@xxxxxxxxxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
03/07/2008 02:13 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
To
"Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
cc
Subject
RE: Binding the i5/os POP server to a particular address.
Well when you want to run two different POP server, yes it does matter.
First question, do you need the native i5O/S POP server running if you
have the Domino POP server running? If no, just end the Native one,
else use IP sec restrictions to restrict access to IP address / Port for
the different user profiles for the different application on the same
port.
Chris Bipes
Director of Information Services
CrossCheck, Inc.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Friday, March 07, 2008 10:47 AM
To: Midrange Systems Technical Discussion
Subject: RE: Binding the i5/os POP server to a particular address.
No. It matters a whole hell of a lot. I try accessing Domino's POP
server but the freaking i5/os POP server has bound to all interfaces.
I'd rather the i5/os pop server only bind to the interface for i5/os and
not to all the IP addresses reserved for Domino.
I try this command
TELNET RMTSYS(NOTES01.DEKKO.COM) PORT(110) and find out the only user
id's and passwords that are valid are i5/os user id's and passwords.
And NETSTAT *CNN shows port 110 (pop) bound to all addresses and not
just my i5/os interface.
Connection identification:
Remote host name . . . . . . . . . . . . . . :
Remote internet address . . . . . . . . . . : *
Remote port . . . . . . . . . . . . . . . . : *
Local host name . . . . . . . . . . . . . . . :
Local internet address . . . . . . . . . . : *
Local port . . . . . . . . . . . . . . . . : pop3
Associated user profile . . . . . . . . . . . : QTCP
midrange.com
