在现场碰到客户自己在定制邮件的过程中导致邮件群发的问题，用户需要加强安全的控制。提供如下的建议,具体可以参见附件：

1、  首先需要在notes.ini中增加Enforce_Personal_Agents=1；

2、修改服务器文档的安全性设置编程设置：

运行受限制的LotusScript/Java代理：允许所有人去执行。可以通过通配符来处理，确保人员能够运行 离开办公室的代理。

运行简单操作和公式代理：则添加相应的管理员。

Problem

In Notes/Domino R5, in order for users to run their Out of Office agents, they have to be listed in the Agent Manager agent security setting for "Allowed to Run Restricted LotusScript Operations" because sending mail is a restricted operation.  This means that users can create any LotusScript agents using any restricted methods, and can conceivably create bad agents that could do harm (such as causing endless loops) to the Domino server.  Most users, however, do not create LotusScript agents, but instead create Simple Action or @Formula agents in their mail files.  Most users in Notes R5, who do not have Domino Designer clients installed on their workstations, also never change the default agent, so these agents are set to run as private agents.  In order to prevent these user-created private agents from running, the Notes/Domino Administrator in R5 can restrict who can run Private agents in the R5 server security settings.  This effectively blocks most user-created agents, but is not truly secure as a user-created shared agent will circumvent this security.
When customers upgrade to Notes/Domino 6.x, the upgrade path defined explains that they should upgrade their servers, then clients, then the client mail file designs.
Customers who were previously using the method described above of restricting private agents to limit who can run server agents in R5 find that when they upgrade their servers to Domino 6, these agents start running.  The reason is that there is no longer a setting to restrict who can run private agents, but there are additional settings for who can run simple action/formula agents.  The problem is that in the Domino agent security model, the agent restrictions are hierarchical.  So if users are allowed to run restricted LotusScript agents, they are automatically allowed to run Simple Action or Formula agents, as that is a lesser restriction.
The solution in Domino 6.x is to set the users' access level in the Access Control List (ACL) to their mail files to "Editor".  At that level, when they enable the Out of Office agent, a new function kicks in that enables it on behalf of them but it is actually run by someone else (by default this is Lotus Notes Template Development).  When done in this fashion, the users do not need to be given access to run restricted LotusScript agents, so they can be restricted from those operations and the simple action/formula agent operations.
Unfortunately, in order for this process to work, the users MUST be given Editor access and they MUST be using a Domino 6 mail template design (Mail60.ntf).  If the users have a higher access level, it will simply sign the Out of Office agent with their ID and they will need rights to run restricted LotusScript agents.  If the user is not using a Domino mail template design, the functionality that enables the "run on behalf" agent is not available.
For many customers, though, there may be a significant time difference between the time the servers are upgraded and the time the mail files are upgraded, because the Notes Clients must be upgraded during that time.  During that time, private Simple Action and Formula agents that were created by users that will not run on a Domino R5 Server will run on a Domino 6.x Server.

Content

This issue was reported to Lotus Software Quality Engineering, and was addressed in Notes/Domino 6.0.3 and 6.5 (Software Problem Report #SSHE5FNNBU).

With either of these releases (or higher) installed on a server, and the Notes.ini parameter, Enforce_Personal_Agents=1 is added to the server's Notes.ini, users must be specifically listed in the field called 'Run Simple Action/Formula Agents' of the Server document, in order to run those agents.  The hierarchical security restrictions will not flow to that field.

A common configuration in the Server document would then be:

Run Restricted LotusScript Agents:  */Organization

Run Simple Action/Formula Agents:  admingroup, devgroup

Individual users not listed in "admingroup" or "devgroup" would be allowed to run their Out of Office agent.  When they attempted to schedule any event or scheduled Simple Action or Formula agent, they would be informed that they did not have execution authority to run those agents.  Users could still schedule an run private and shared LotusScript agents that they create.

Related Documents:
Notes Does not Allow Users to Run Out Of Office Agent but Have No Rights To Run any Other Agents
Document #:  1085284

Related LDD Article: Decoding the New Notes/Domino 6 Agent Features:
http://www-10.lotus.com/ldd/today.nsf/62f62847467a8f78052568a80055b380/177bbe55c6848ae000256c44003aee17?OpenDocument&Highlight=0,julie,agent

Related Document Links

Notes Does not Allow Users to Run Out Of Office Agent b - Document 1085284
Decoding the New Notes/Domino 6 Agent Features - Document 1113823

This document is based on the following Software Problem Report (SPR):

SSHE5FNNBU