There are a number things needed to send email from Notes when you have local mailfiles.
Local Notes client:-
- (1) local mail.box
- (2) local mailfile.nsf
- (3) server mailfile.nsf – not explicitly needed.
- (4) mail.box
If you restrict access to the mailfile (2) by making the user have Reader or NoAccess all you do is prevent the users from saving a message into their server replica. This will probably not work via their local replica as the ACL is not enforced. We can argue that we could enable a consistent ACL and this would prevent them saving the message. However, when they send a message two things happen, the message is saved into the mailfile (2) and second the message is deposited into the local mailbox (1) for replication and sending.
So now we somehow need to prevent mail from getting into the mailbox (1). There is no real way to do this on the client without changing code in the mail database to apply an ACL change, even then it is flaky. So we would need to turn our attention to preventing the users from sending the message to the server. (4).
You could have a “allow” access group which will list everybody in the environment added onto every mail.box on all servers. You run the risk of service impacting issues if you do not get all the explicit names correct. Once you have done this you can then remove the migrated users from the “allow group” preventing them from depositing the new email item in the server mailbox (4). Which is fine. But now, the user has “sent” a message which potentially hasn’t been saved in the mail database (2) but which might still exists in the local mail.box (1) which might be even worse situation as they might think the message has been sent, but it has not.
There are other options, like simply modifying the mail template so that users get popups and notifications. But this will not solve any compliance issues, and the notes client has a default method to hook into the mail form from the file menu. This appears in most applications to forward a workflow form etc.
Here, you could argue that you could deploy a policy to modify the location documents so that no mailfile is listed. However, you might have training issues and support calls when users cannot open their mailfile when they use the “mail icon” rather than the “database icon” in their client.
Ultimately, if you want to prevent users ability to send email, it’s really a best efforts of changing the mailfile ACL. But this only really works if do not have local replica’s, you will need to apply a consistent ACL as local replicas do not adhere to ACL security, and this is only replicates perfectly if the administration servers are correct on the mailfile ACL.
But, what happens if your users are still using Lotus Notes applications. You have gone through all of the above to find that a workflow application still needs to send email from the local notes client using the local mail.box (1)
Would be very pleased to hear/learn from the community if there is any perfect way to do this or manage this situation. As there are just too many loopholes and functionality/technology you need to account for, when you throw applications into the mix there is a whole different world of pain.