Gumbo Software, Inc. - SMTP Authentication

Overview

Several of our products generate email. When they do so, they pass the email to IBM^® i's SMTP stack for delivery using IBM's^® QtmmSendMail() api. Some of our customers use service providers to handle delivery (aka. forwarding or relaying) of email. Increasingly, email service providers are requiring SMTP Authentication before delivering email. Unfortunately, IBM^® i's SMTP stack does not support outbound SMTP Authentication.

This article describes a method of avoiding the problem by configuring the System i to deliver email directly to the world at large. The three key elements required are:

Removing the mail router specification if present.
Configuring IBM^® i access to DNS servers.
Configuring DNS to correctly identify the SMTP host name.

1. Direct Delivery

IBM^® i will deliver email directly if a mail router has not been configured. To check or remove the mail router specification, prompt the Change SMTP Attributes (CHGSMTPA) command, page down once and change the Mail router (MAILROUTER) parameter to *NONE:

                        Change SMTP Attributes (CHGSMTPA)                       
                                                                                
 Type choices, press Enter.                                                     
                                                                                
 User ID delimiter  . . . . . . .   '.'           *SAME, *DFT, ?, =, ., &, $... 
 Mail router  . . . . . . . . . .   *NONE                                       
                                                                                
                                                                                
                                                                                
 Coded character set identifier     00819         1-65533, *SAME, *DFT          
 Outgoing EBCDIC/ASCII table:                                                   
   Outgoing EBCDIC/ASCII table  .   *CCSID        Name, *SAME, *CCSID, *DFT     
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
 Incoming ASCII/EBCDIC table:                                                   
   Incoming ASCII/EBCDIC table  .   *CCSID        Name, *SAME, *CCSID, *DFT     
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
 Firewall . . . . . . . . . . . .   *YES          *SAME, *YES, *NO              
 Journal  . . . . . . . . . . . .   *YES          *SAME, *YES, *NO              
 Process all mail through MSF . .   *YES          *SAME, *YES, *NO              
 Percent routing character  . . .   *YES          *SAME, *YES, *NO              
                                                                        More... 
 F3=Exit   F4=Prompt   F5=Refresh   F12=Cancel   F13=How to use this display    
 F24=More keys

2. DNS Access

In order to determine how to deliver email for a recipient, IBM^® i must have access to a DNS server. The IP address of the DNS server(s) you should use are supplied by your internet service provider. If for example your service provider supplies DNS servers 192.0.2.1 and 192.0.2.2, prompt the Change TCP/IP Domain (CHGTCPDMN) command and enter the IP addresses.

                        Change TCP/IP Domain (CHGTCPDMN)                        
                                                                                
 Type choices, press Enter.                                                     
                                                                                
 Host name  . . . . . . . . . . .   'mailout'                                   
                                                                                
 Domain name  . . . . . . . . . .   'ofc.widget.com'                            
                                                                                
                                                                                
                                                                                
 Domain search list . . . . . . .   *DFT                                        
                                                                                
                                                                                
                                                                                
 Host name search priority  . . .   *LOCAL        *REMOTE, *LOCAL, *SAME        
 Domain name server:                                                            
   Internet address . . . . . . .   '192.0.2.1'                                   
                                    '192.0.2.2'                                   
                                                                                  
                                                                                
                                                                         Bottom 
 F3=Exit   F4=Prompt   F5=Refresh   F10=Additional parameters   F12=Cancel      
 F13=How to use this display        F24=More keys

To verify that IBM^® i can resolve external names run ping ibm.com. You may or may not receive responses, but you should not receive Unknown host, ibm.com.

If you do not know the IPs to use, a reasonable guess can be retrieved from a PC attached to the local area network that contains the System i:

PC Choose Start > Programs > Accessories > Command Prompt
PC Run command:
ipconfig /allEnter
PC Note the IP addresses given for DNS Servers.

3. DNS Identity

When IBM^® i contacts a recipient's mail server, it introduces itself with the fully qualified SMTP host name configured using the Change TCP/IP Domain (CHGTCPDMN) command. In the example below, the machine introduces itself as mailout.ofc.widget.com.

                        Change TCP/IP Domain (CHGTCPDMN)                        
                                                                                
 Type choices, press Enter.                                                     
                                                                                
 Host name  . . . . . . . . . . .   'mailout'                                   
                                                                                
 Domain name  . . . . . . . . . .   'ofc.widget.com'                            
                                                                                
                                                                                
                                                                                
 Domain search list . . . . . . .   *DFT                                        
                                                                                
                                                                                
                                                                                
 Host name search priority  . . .   *LOCAL        *REMOTE, *LOCAL, *SAME        
 Domain name server:                                                            
   Internet address . . . . . . .   '192.0.2.1'                                   
                                    '192.0.2.2'                                   
                                                                                  
                                                                                
                                                                         Bottom 
 F3=Exit   F4=Prompt   F5=Refresh   F10=Additional parameters   F12=Cancel      
 F13=How to use this display        F24=More keys

When a recipient's mail server is contacted by IBM^® i, the mail server sees the traffic as coming from the publicly visible IP address of your connection. For example, the external IP address of your DSL modem. To determine the IP address seen externally go to network-tools.com. The IP address shown in the search box is the external public IP of your connection.

Increasingly, mail servers are confirming the identity of machines sending email by performing a DNS look up on the fully qualified host name sent during the introduction, mailout.ofc.widget.com in this example. If the IP address returned by DNS is not the same as the visible IP address the traffic is coming from, email is rejected or discarded as spam.

To insure that your System i passes this test, you must add, or have your domain registrar add, an address record for your System i's fully qualified SMTP host name to the DNS records for your domain. In this example:

mailout.ofc.widget.com. IN A nnn.nnn.nnn.nnn

Is added to the DNS records for the domain widget.com where nnn.nnn.nnn.nnn is the publicly visible IP address determined above.

	[ Products \| Downloads \| PTFs \| Distributors \| Contact Us \| Site Index ]
	SMTP Authentication