Solved

Configure SMTP on iSeries w/ v4r5 aand or v5r1 to use SNDDST

Posted on 2011-09-04
53
3,187 Views
Last Modified: 2013-12-06
Please will someone help me configure SMTP properly on my iSeries so I can use SNDDST to direct e-mail to users to notify them when certain conditions occur in programs? I'm sick and tired of not getting this right. I need this right now. I'll give 500 points to get this working. Thanks, Phil
0
Comment
Question by:pipster1
  • 24
  • 10
  • 8
  • +4
53 Comments
 
LVL 16

Expert Comment

by:theo kouwenhoven
Comment Utility
Hi Phil,

On this moment I have limited access to the web, but afaik there is some info on the http://easy400.com/ site in the mmail part

Regards,
Murph
0
 

Author Comment

by:pipster1
Comment Utility
Not finding anything on MMAIL there.
0
 
LVL 5

Expert Comment

by:stevebowdoin
Comment Utility
make that http://www.easy400.net not ".com".

Steve
0
 
LVL 2

Expert Comment

by:mkc451
Comment Utility
Here is a config for using an internal email server as a smart host...

SMTP Using internal smart host

If you want to send from the 400 directly to the internet you need you need to be able to resolve DNS on the 400 to an inside or outside dns server...

Then here are some instructions:  IBM Tech Doc

At the above link, if you want to send email direct, the are where you config SMTP Attributes, it's the settings in step 7... where mail relay is "*NONE" ...


Michael Cody

0
 

Author Comment

by:pipster1
Comment Utility
That's the document I've been looking at Michael. Can you please help me figure this out?
I sort of understand it, but it isn't working.  I only need to send e-mail within the internal network.
I just am not understanding the host naming and user naming stuff.  Can you maybe talk me through this?
Any help is appreciated. Phil
0
 
LVL 2

Expert Comment

by:mkc451
Comment Utility
If you are only sending internally - have you looked at the log on your internal email server? That is the first thing you need to do to make sure you are getting there and if you are, then why is it being rejected.

Assuming you have the correct WRKDIRE entry for  the internet gateway and have changed your SMTP gateway, you really need to see if the 400 is hitting your internal email server. If it's not being rejected at your internal email server, then why is it not getting there.

IE if you are sending your email to a address like User@mydomain.com and your 400 can't resolve the MX record of "mydomain.com" or can't reach it, then it won't send email out.  Also a few other items:

1. Is MSF running  (ie STRMSF and ENDMSF commands)
2. In the SMTP Attributes are you using "Mail Router" *NONE or do you have a smart host listed
3. what kind of server is your internal mail server. IE if it's Exchange and you are trying to use it as a smarthost -- you have to configure Exchange to specifically allow relay for the 400 address.
4. If you are attempting to resolve & send out the outside domain address of your internal mail server, can the 400 send SMTP traffic out on port 25 .. depending on how your router is setup, it could be required or could re-route automatically because the destination is an internal server, depends on configs.

Basically if you are doing internal only mail, I would setup your system to use a smarthost IE "mailrouter("mymailserver") .. but you have to make sure that internal email server would allow mail relay from your 400. Though I have to admit as long as your AS400 can send mail out port 25 to the internet and can resolve DNS it's usually simpler to send it outside and allow it to route back in.

This normally is a simple thing but can be a real PIA because of all the security issues with networks and mail relay.

Michael Cody
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
I just am not understanding the host naming and user naming stuff.

Host/user naming of what? Where are you seeing the references?

Maybe there is some confusion about how e-mail delivery works and you could use some background info so that everything else makes sense.

Tom
0
 

Author Comment

by:pipster1
Comment Utility
Tom,

The guy I talk to at the customer says I've 'got to have the user name and password to get emails to go.  I have setup an email of xxxxxx@mdstrucking.com.   That will also be the user name.  Password is xxxxx.' This is what he's telling me. I don't see any place to enter a password in the SMTP ot TCP/IP setup.


The IP address of the mail server is 72.4.117.9 and is called SMTP.EMAILSRVR.COM
____________________________________________________________________________

In the TCP/IP Host Table entries, The iSeries IP address is 192.168.2.6, What is it's host name supposed to be?
__________________________________________________________________________

The 192.168.2.1 is the IP for the network.

The 192.168.2.1 has a host name of MDSTRUCKING.COM
__________________________________________________________________________

Also the TCP/IP routes is set up as:
Type options, press Enter.                                          
                     
       Route              Subnet          Next             Preferred  
Opt  Destination      Mask             Hop              Interface  
                                                                   
     *DFTROUTE        *NONE            192.168.2.1      192.168.2.6  

is this right for the iSeries to be able to routed right?

___________________________________________________________________________

In Change IP Domain (CHGTCPDMN) what are the host and domain name supposed to be?
___________________________________________________________________________

After that what are the proper settings for the SMTP configuration?

Let me know what else I need to check.

I really need to get this working ASAP.

Thanks for your help, Phil
0
 

Author Comment

by:pipster1
Comment Utility
The email server IP address is the same as the MDSTRUCKING.COM address.

Phil
0
 

Author Comment

by:pipster1
Comment Utility
Also, what is the WRKDIRE mail service level and preferred address supposed to be for the userid you want to send e-mail with? Phil
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
There are parts of networking setup that should be consistent with each other in order for everything to work seamlessly together. Numerous things will work fine if only some of the parts are there, but all will be better if all of the basics are set according to the appropriate RFCs.

The CFGTCP menu gets you to everything you need for fundamental TCP/IP networking. After those parts are set correctly, there are specific configurations for the different TCP/IP applications such as the CHGSMTPA command for SMTP attributes.

It looks like you have at least some of the TCP/IP network attributes set. Let's make sure they're all consistent.

First, CFGTCP option 1 configures a TCP/IP interface. That associates an IP address with a network adapter. You show 192.168.2.6 as the IP address that is associated with the interface for your network adapter.

Option 2 tells TCP/IP that outgoing data should be sent through that address/interface by default. (I.e., if you don't need any explicit routes, then everything will go through that adapter.) You also told TCP/IP that there is a router that can be reached addressed at 192.168.2.1 out that interface.

You should be able to PING that router address as well as your interface address. If either fails to respond, some troubleshooting needs to be done.

The address of the local "network" actually appears to be 192.168.2.0 rather than 192.168.2.1, but that's a technical quibble.

CFGTCP option 12 is where you tell your system's TCP/IP what your system's host and domain names are. The domain would seem to be MDSTRUCKING.COM. It's not clear what you mean by:

The 192.168.2.1 has a host name of MDSTRUCKING.COM

That's not a valid host name, though it is a valid domain name. What is telling you that it is a "host" name? (That might be irrelevant.)

The CFGTCP option 12 'Host name' for your AS/400 is a simple name that was chosen to represent the AS/400 in the MDSTRUCKING.COM domain. If we assume that the host name is MYAS400, then that's what goes into the 'Host name' field. When the host and domain names get put together, you get the fully-qualified domain name -- the FQDN -- of the AS/400. That would be MYAS400.MDSTRUCKING.COM if we think about the previous assumption. I don't know what the actual host name is.

CFGTCP option 12 has a couple other tricky fields that we'll come back to later.

Before that, CFGTCP option 10 lists a few (or many) IP addresses and host names that might be handy for your system to know. There should be one entry there for IP address 192.168.2.6 and host name MYAS400.MDSTRUCKING.COM.

Those above items are needed for proper fundamental TCP/IP operation.

An interface gets an IP address. A route gets used by TCP/IP for external connections through a router. A FQDN assigns a name to the system. A host table entry associates the FQDN with a single IP address. (The system can have many interfaces, routes, names and addresses. Only one of each can combine to be the single "system host name and address".)

Back to CFGTCP option 12.

You can also tell the system about DNS. The system's host table works as a kind of mini-DNS. It provides a fast, local way for TCP/IP to turn host names into addresses. Generally, you want a DNS server to do that for you so that you don't need to maintain a bunch of host table entries. Nearly all of those entries should go into some remote DNS server so that all of your equipment can get the same addresses for each name.

But a few entries can be best served from the local table. The entry for the FQDN is one that is handy to have locally available. Some TCP/IP applications can actually require a local entry. When you have an address that begins with "192.168", it's often necessary to have an entry since that address range is 'non-routable'.

For CFGTCP option 12, that kind of comes down to saying that you should specify *LOCAL for the 'Host name search priority' field. That tells TCP/IP to look at the local host table to see if any entry matches a name before going outside to ask some remote DNS server. A local search is very fast compared to remote searches.

You can also put "alias" entries into the local table. These might be short names that you'd use for convenience. A couple other uses make *LOCAL a good choice for priority.

Regardless of priority, you should also have at least one authoritative DNS server address listed under the 'Domain name server' field. There should be a DNS server in your network or at least one provided by your ISP. There will likely be two DNS addresses from an ISP.

Before any next steps, verify that everything above makes sense and checks out. Ask for clarification if anything isn't clear. I worded it all in general terms to shorten it and to keep this part simple. That might lead to confusion, so don't hesitate to ask questions (nor to tell me that you already know that stuff.)

Tom
0
 
LVL 2

Expert Comment

by:mkc451
Comment Utility
So much fun trying to diagnose this stuff by email ... <grin> .... BTW - this is a very long message, read it all.

On your IP question if 192.168.2.1 (and it's a bit dangerous putting actual addressing on the internet even internal addressing) ... is the internal Default Gateway  - then your TCP routing is correct.

In option 12 on the CFGTCP menu, name is the 400 name & Domain IE - "MYAS400NAME.MYDOMAIN.XXX"  where the XXX part could be COM, ORG, or in a properly set up windows network "LOCAL" but it really doesn't matter a whole lot for for what you are trying to do here. In the Host name search priority should be *LOCAL and you should DNS servers (at least one) in the Domain Name Server fields.

We still need to know if you are working via a relay server or not .. IE use CHGSMTPA and prompt it, there is a Mail Router key, is it set to *NONE or "[the name of your email server]" ... if it's set to *NONE then when you send email to xxx@mdstrucking.com it will attempt to look up the MX record of mdstrucking.com VIA DNS no matter what you have set up in the host table.  It's got a Mail Router key set to a smart host, then it doesn't matter what you have in the 400 host table, it will attempt to deliver the mail to the smart host by its resolved address via DNS or the host table entry, but it has to be a Fully Qualified Domain Name in the Host Table entry on the 400.

Now as to the sending user ID, it has to have a directory entry .. go to WRKDIRE and next to that name put in a 2 to change it. Then press F19 or SHIFT-F7 to get to the  SMTP Table entry for that user. If there is a message on the bottom " User ID/address does not exist in SMTP table. Press Enter to add, F12 too.." then press enter ... Put in a SMTP USER ID  and SMTP Domain for the user... and hit enter again. If it's already there you are good to go.

Now that you have the user ID with an SMTP Table entry, you should be able to send email ...  Can the 400 resolve and ping an internet email address -- something like CNET.COM or something. If it can't you are also SOL unless you have a local smarthost.

Now as to what the guy at the other end says ... sounds like you are trying to relay mail off a smart host and he is saying you need to have a userid and password to authenticate to that email server in order to relay, if so then you are SOL cause that is not how this works on the 400. Sounds more like he's talking POP3 accounts, which is not what you are doing. But not speaking directly here, I can't say for sure.

If you are trying a smart host, the other end has to be setup to accept your SMTP connection and allow relay by your machine IP or domain. That is just how smart hosting works. It's just like an email coming in from the outside world, except it is is relaying to another address, which why all this pain since relay is how spamming works and you have to tightly control it.

"Now" -- after typing all that, I did a NSLOOKUP on the domain name and MX record you posted. "Assuming" that is the real domain name, they are using a email hosting service so they don't have control of the email server you are sending it to... That means you will really need to set up your 400 to route email outside to the internet. So your MAIL RELAY setting in CHGSMTPA needs to be *NONE and you need to be able to resolve DNS addresses from the 400. Then you don't need any signon on the remote end. It sends the email direct to them.

This might be all clear as mud, but it's how the internet works.  For a final exam here, we need to you tell us the following:

1. Can your 400 resolve CNET.COM(internet address doesn't matter, but I know this one can be pinged),  
from the command line (IE at the command line type in "PING CNET.COM" if you can do that, do a quick "CALL QCMD" and hit F10" you  should see and IP address and that you got pings back. If you can't do that,  you are done right there. You have talk to the internet before you can send email via the internet.

2. Once you can ping CNET.COM (or anywhere else external) then you need to make sure you have SMTP setup to not use a email relay - that is done in CHGSMTPA - "MAILROUTER" keyword. That should be at *NONE and ALLMAILMSF should be *YES" ...  and MSF needs to be started.

Once that is all done, and you used that IBM Tech Doc link I sent earlier -- and you have the sending user profile set up with the right directory entry and SMTP table entry -- you should be able to send and email with SNDDST ....  the following command should work if you put in a real email address:

SNDDST TYPE(*LMSG) TOINTNET((xxx@xxxxxx.com *PRI)) DSTD(TEST) LONGMSG(TEST)                                                                            

Wish I could do more to help....

Michael Cody
0
 

Author Comment

by:pipster1
Comment Utility
The 192.168.2.1 has a host name of MDSTRUCKING.COM

That's not a valid host name, though it is a valid domain name. What is telling you that it is a "host" name? (That might be irrelevant.)


This is showing up in option 10 of CFGTCP.
 
Does it need to be there?

I'll report as I find differences.

Thanks,

Phil
0
 

Author Comment

by:pipster1
Comment Utility
I'll get back as soon as I can guys. It's a lot to digest.

Phil

BTW, I am able to ping The router and interface and CNET.COM.
0
 

Author Comment

by:pipster1
Comment Utility
Tom,

I believe I have everything straight. I removed the 192.168.2.1 with the host name of MDSTRUCKING.COM.

                      Work with TCP/IP Host Table Entries  
                                                           
 Type options, press Enter.                                
   1=Add   2=Change   4=Remove   5=Display   7=Rename      
                                                           
      Internet         Host                                
 Opt  Address          Name                                
                                                           
      127.0.0.1        LOOPBACK                            
                       LOCALHOST                            
      192.168.2.6      S10458XM.MDSTRUCKING.COM            
____________________________________________________________________________

                        Change TCP/IP Domain (CHGTCPDMN)                        
                                                                               
 Type choices, press Enter.                                                    
                                                                               
 Host name  . . . . . . . . . . .   'S10458XM'                                  
                                                                               
 Domain name  . . . . . . . . . .   'MDSTRUCKING.COM'                          
                                                                               
                                                                               
                                                                               
 Domain search list . . . . . . .   *DFT                                        
                                                                               
                                                                               
                                                                               
 Host name search priority  . . .   *LOCAL        *REMOTE, *LOCAL, *SAME        
 Domain name server:                                                            
   Internet address . . . . . . .   '192.168.2.2'                              
                                                                               
  The guy told me this is their internal DNS server. I can ping external addresses ok.

Let me know.

Phil                                                                              
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
This is showing up in option 10 of CFGTCP.
Does it need to be there?


If that or any address has MDSTRUCKING.COM listed as a host name, it should not be there. I've never seen an unqualified domain name in a host table entry, so I'd need to experiment to see what effect it might have on SMTP.

Tom
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
Let me know.

Those look okay.

As noted by mkc451, some configuration possibly needs to be done in DNS and/or at the e-mail server to make your AS/400 be an acceptable source for e-mails. Some SMTP configuration also needs to be done on your AS/400 to get it to interact with a remote e-mail server.

Further, SNDDST isn't intended to be a SMTP client, so some additional configuration will allow SNDDST to bridge over into the SMTP protocol. I assume that you need to get SNDDST working with SMTP because no one knows how to make SMTP work by itself...?

Tom
0
 

Author Comment

by:pipster1
Comment Utility
Tom,

Yes, I guess that's it. I've always used snddst from programs to send e-mails. It's really all I know.

I'm ready to config DNS for the e-mail server, and/or make additional config to allow snddst to bridge over into SMTP.

Thank you so much for helping.

Phil
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
The IP address of the mail server is 72.4.117.9 and is called SMTP.EMAILSRVR.COM

I'm not directly familiar with EMAILSRVR.COM usage. Is it directly associated with the ISP for the AS/400's network? Or is it simply what is used by MDSTRUCKING.COM because their is no local e-mail server?

The guy told me this is their internal DNS server.

Do you have someone who can add the appropriate DNS entries?

Tom
0
 

Author Comment

by:pipster1
Comment Utility
Tom,

Yes, I can. The guy said he could get the outside DNS numbers.
We'll resume this tomorrow when I can have him send them to me.

Thanks dude.

Phil
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
It'll be late tomorrow for me. I had some time today because of Labor Day, but back in the office tomorrow. There's bound to be one or two others who will comment on various details. Gary's likely to check in, and he'll give excellent help if any time is available.

One question that might need some clarification:

I only need to send e-mail within the internal network.

If it's all internal, how does EMAILSRVR.COM fit into it? That might be irrelevant, but anybody coming into this should have a lot of info.

Tom
0
 
LVL 2

Accepted Solution

by:
mkc451 earned 300 total points
Comment Utility
Interesting - EE was down most of the evening for me, got to be in early this morning so I went to bed.... but here is some good info and at the bottom a way to test if you can connect to the SMTP server at EmailSrvr.Com to verify you can actually get out.

EMAILSRVR.COM is an email hosting outfit... and the MX record for MDSTrucking points to that so I assume it's a hosted email service. If you can ping to everything, then set up stuff like I put in the email I sent at the bottom of that long message...

IE: for SMTP Attributes, MailRouter should be *NONE and ALLMAILMSF should be *YES.

CHGSMTPA MAILROUTER(*NONE) ALLMAILMSF(*YES)

I highlighted the important stuff so if you look at CHGSMTPA and hit F4 to prompt you should see something like this:
====================================================================
Autostart server . . . . . . . .   *YES          *SAME, *YES, *NO            
Retries by minute:                                                            
  Number of retries  . . . . . .   3             0-99, *SAME, *DFT            
  Time interval  . . . . . . . .   60            0-99, *SAME, *DFT            
Retries by day:                                                              
  Number of retries  . . . . . .   0             0-9, *SAME, *DFT            
  Time interval  . . . . . . . .   0             0-9, *SAME, *DFT            
Retries by hour:                                                              
  Number of retries  . . . . . .   0             0-99, *SAME, *DFT            
  Time interval  . . . . . . . .   0             0-99, *SAME, *DFT            
Retry remote name server . . . .   *NO           *SAME, *YES, *NO            
Automatic registration . . . . .   *NO           *SAME, *NO, *YES            
  User ID prefix . . . . . . . .   QSM           Name, *SAME, *DFT            
  Address  . . . . . . . . . . .   QSMRMTAD      Name, *SAME, *DFT            
  System name  . . . . . . . . .   TCPIP         Character value, *SAME, *DFT
  Alias table type . . . . . . .   *SYSTEM       *SAME, *SYSTEM, *PERSONAL    
 User ID delimiter  . . . . . . .   '?'           *SAME, *DFT, ?, =, ., &, $...
 Mail router  . . . . . . . . . . > *NONE                                      
 Coded character set identifier     00819         1-65533, *SAME, *DFT          
 Outgoing EBCDIC/ASCII table:                                                  
   Outgoing EBCDIC/ASCII table  .   *CCSID        Name, *SAME, *CCSID, *DFT    
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
 Incoming ASCII/EBCDIC table:                                                  
   Incoming ASCII/EBCDIC table  .   *CCSID        Name, *SAME, *CCSID, *DFT    
     Library  . . . . . . . . . .                 Name, *LIBL, *CURLIB          
Firewall . . . . . . . . . . . .   *NO           *SAME, *YES, *NO              
 Journal  . . . . . . . . . . . .   *NO           *SAME, *YES, *NO              
Process all mail through MSF . . > *YES          *SAME, *YES, *NO              
 Percent routing character  . . .   *YES          *SAME, *YES, *NO        
     
 Dial-up scheduler:                                                            
   Start with SMTP server . . . .   *NO           *NO, *SAME, *YES              
   Configuration profile  . . . .                 Name, *SAME                  
   Connection time interval . . .                 1-1440 minutes, *SAME, *NONE  
 Support ETRN for server  . . . .   *NO           *SAME, *NO, *YES              
 Support ETRN for client:                                                      
   Enable client ETRN . . . . . .   *NO           *NO, *SAME, *YES              
   Incoming mail server address                                                
   Mail domain name . . . . . . .                                              
 Support 8-bit MIME . . . . . . .   *NO           *SAME, *NO, *YES              
Delivery status notification:                                                  
  Responsible person . . . . . .   *NONE                                      
Subsystem description  . . . . .   QSYSWRK       Name, *SAME, *DFT            
  Library  . . . . . . . . . . .     QSYS        Name                          
Realtime Blackhole List  . . . .   *NONE                                      
Allow relayed mail . . . . . . .   *NONE         *SAME, *NONE, *ALL, *BOTH...  
               + for more values                                              
POP send mail window . . . . . .   *NONE         15-65535 minutes, *NONE      
Interface/domain association . .   *NONE         *SAME, *NONE, *LIST          
Filter mail for virus  . . . . .   *NONE         *SAME, *NONE, *KEEP, *DISCARD
==============================================================

In WRKDIRE you should have "Internet SMTPRTE"  or something like that.

Then do a CHGDSTA and prompt it:

Keep recipients  . . . . . . . .   *BCC          *SAME, *BCC, *ALL, *NONE    
Use MSF for local  . . . . . . .   *NO           *SAME, *NO, *YES            
Route to SMTP gateway:                                                        
  User ID  . . . . . . . . . . .   INTERNET      Character value, *SAME, *NONE
  Address  . . . . . . . . . . .   SMTPRTE       Character value              

It should look like the above.... (in some of the instructions on the net, they use GATEWAY instead of SMTPTRE -- as long as the WRKDIRE and CHGDSTA match, it will work.

If you have the directory entries set with SMTP table entries for the sending user, then make sure SMTP is started. Make sure QSNADS is running ... and then at the command line:

endmsf
endtcpsvr *SMTP
strtcpsvr *SMTP
strmsf msgopt(*clear)

That should start up everything with the new parameters. Then you should be able to send with SNDDST command line I gave you earlier. Tom has his stuff right in the previous messages,all this should work. I assume you want to be able to send email via CL & RPG pgms, we do it all the time. I support dozens of customers doing just what you are doing. We have dozens of custom apps that send email just like this. As long as you can resolve DNS and the set up looks like above, the only possible reason you can't send would be a block at the firewall not letting port 25 out ..

Actually at the 400 command line you could test this:

TELNET RMTSYS(MX1.EMAILSRVR.COM) PORT(25)

That should give you the following:

220 mx1.emailsrvr.com ESMTP - VA Code Section 18.2-152.3:1 forbids sending spam

In your message said you were using SMTP.Emailsrvr.com that is not where you email should be going... If you set MAILROUTER(*NONE),  it won't be sending it there anway. If you are sending by DNS to XXX@MDSTRUCKING.COM your 400 will resolve the MX Record of MDSTRUCKING.COM which is:

set type=MX
mdstrucking.com                                        
>  Server:           216.165.129.157                
> Address:        216.165.129.157#53                    
                                                       
Non-authoritative answer:                              
mdstrucking.com mail exchanger = 10 mx1.emailsrvr.com.
mdstrucking.com mail exchanger = 20 mx2.emailsrvr.com.

So your mail will be going to MX1.EMAILSRVR.COM ...

That is really all the info you should need to get this working .... hope this all helps.

Michael Cody
0
 

Author Comment

by:pipster1
Comment Utility
Thanks michael, I'll check it tonight after work. really appreciate everyone! Phil
0
 

Author Comment

by:pipster1
Comment Utility
If it's all internal, how does EMAILSRVR.COM fit into it? That might be irrelevant, but anybody coming into this should have a lot of info.

Tom


I just put that out there. I'm not sure it's relevant at all.

Phil
0
 

Expert Comment

by:ASmith_SBS
Comment Utility
and now you've got it working, you can break it again by trying out Scott Klements SNDEMAIL .
http://systeminetwork.com/article/common-questions-about-sending-email-ibm-i-programs or
http://www.code400.com/forum/showthread.php/2047-send-email-QtmmSendMail
I've used this several times and it's great for sending emails , with attachments (PDF reports etc) out from the i-series.

Adrian
0
 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
I hate to jump in so late, but maybe I can offer a little high-level overview that will help.

Mail configuration can be confusing because there are just SO MANY different ways mail can be configured in a domain.

I'm going to focus only on OUTGOING mail from the AS/400, and in this particular case that you've described to us.  

If you are dealing with an established email domain where end-user mail is already flowing, it is almost ALWAYS best to piggyback on top of that mail configuration than to do anything else.

In Michael's instructions above, he has you configuring the AS/400 as a DIRECT INTERNET-CONNECTED MAIL HOST.  Based on what I've read of this client's configuration, I don't recommend this particular configuration (sorry, Michael!)

I'll explain why in a minute.

It looks like this company uses a third party mail provider (emailsrvr.com) to handle inbound mail.  We don't have enough information to know if they are using them for outbound mail.  For outbound mail, there are a few likely possibilities:

1) Same outside provider is used for outbound mail as inbound.  Mail users at mdstrucking.com client programs (Outlook, maybe?) are all configured to connect directly to servers owned by emailsrvr.com via POP, IMAP, or possible a webmail client.  Michael's suggested config will work to some extent in this case, but anti-spam measures discussed below may cause a portion of outbound mail to go missing.

2) ISP mail server used for outbound mail.  Some ISP's block outbound connections to other mail servers as an anti-spam measure.  Instead you must route outbound mail through the ISP connection, where they can scan outbound mail to limit spam originating from their network.  Michael's suggested config won't work with a blocking ISP.

3) A internal (or, rarely external) mail server (Exchange, Lotus, etc) is accessed by user's mail clients, and this mail server either delivers mail directly to recipient servers, or forwards mail to a third party or ISP mail server for direct delivery to recipients (either way the outbound config is the same, so it doesn't really matter for this discussion).  This is a VERY COMMON configuration in all but the smallest companies.

For a number of reasons, it is best for you to use a mail forwarder to handle outbound AS/400 mail.  Mail delivery issues due to blocking ISPs, One key reason is that some of your mail is very likely to get "blackholed" or rejected if you attempt to configure the AS/400 to directly deliver mail.

Why?

Because some mail recipients use a spam-control mechanism called "forward confirmed reverse DNS (FCrDNS) lookup.  Basically, when a mail message comes in, the recipient mail server compares the IP address of the server that actually connected in to deliver mail with the MX addresses on file for the SENDERs domain.  If they match, the mail goes through.  If they don't, the mail is rejected as possible spam.

Also, if your client's ISP connection is via a dynamically-assigned IP address, it is possible that a spammer (or a spammer zombie) computer was previously assigned that address, and the public IP address is blacklisted with one of numerous spammer-tracking services.  Recipients that subscribe to these services will reject mail as coming from a known spammer address.  IT can be a pain to get an address off of these blackhole lists.

I've dealt with both of these problems multiple times in the past, so it is not just theoretical.  It happens all the time.

In the existing config, we already know that mx1 and mx2.emailsrvr.com (98.129.185.3 and 72.4.117.8) are associated with the mdstrucking.com domain.  It looks like the AS/400 is privately-addressed (192.168.2.6).  Assuming that a route to the internet from the AS/400 exists, if the AS/400 mail client were to connect to a recipient server, the recipient server would see the a NATted public IP address (static or dynamic) that the ISP assigned to this client network.  That address is definitely not one of the two "good" addresses above.  The recipient server would, as a result, decide that the AS/400 was "spoofing" the mdstrucking.com domain, and would reject or delete emails originating on the AS/400.

So, the trick here is to find out the address of the "most local" outbound mail server for the domain that the AS/400 can reach, and configure the AS/400 to forward mail to that server

CHGSMTPA MAILROUTER(mail.server.address.goes.here)
Depending on the location and configuration of that mail server, you may need credentials, you may need intermediate firewall changes, and you may need mail server permission changes.

Ask to see the "typical configuration" of an in-house mail user.  This will give you a huge clue as to how mail is handled within the domain.

Note that Klement's SNDEMAIL, MMAIL, and similar utilities can all suffer from the problems and limitations that I describe here, as well.

- Gary Patterson
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
One other suggestion:  have a client mail users send you an email.  By looking at the headers, you will be able to see each server that processed the mail message, and that can also provide a huge clue on the best way to configure that AS/400.  Instructions for viewing headers in various applications can be found here:

http://kb.mediatemple.net/questions/893/How+to+view+email+headers

Feel free to post the headers here - we can provide much more specific advice the more we know about the client config.

- Gary Patterson
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
Looks like most, if not all, final details have been supplied. Great details from mkc451 on the underlying stuff.

Be aware that "v4r5 and or v5r1" might throw a snag or two into it all. I don't recall any specific details that are different for CHGSMTPA, but a tweak or two might be involved.

Tom
0
 

Author Comment

by:pipster1
Comment Utility
Gary,

Here is an e-mail source from the guy I deal with.

Received: (qmail 5436 invoked from network); 6 Sep 2011 15:37:58 -0000
Received: from unknown (HELO m1pismtp01-003.prod.mesa1.secureserver.net) ([10.8.12.3])
         (envelope-sender <jchance@mdstrucking.com>)
         by smtp04-01.prod.mesa1.secureserver.net (qmail-1.03) with SMTP
         for <pdknox@pdkassoc.com>; 6 Sep 2011 15:37:58 -0000
X-IronPort-Anti-Spam-Result: AjEAAMQ9Zk7PYfWlkWdsb2JhbABCmFmBbY07FAEBAQEJCwsHFAQigUYBAQUIIAIQSwEDAgkPAgQBASgHGS0JCAEBBBMLwTWGagSkVw
Received: from smtp165.iad.emailsrvr.com ([207.97.245.165])
 by m1pismtp01-003.prod.mesa1.secureserver.net with ESMTP; 06 Sep 2011 08:37:34 -0700
Received: from localhost (localhost.localdomain [127.0.0.1])
  by smtp56.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 5D7173D86EA
  for <pdknox@pdkassoc.com>; Tue,  6 Sep 2011 11:37:33 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp56.relay.iad1a.emailsrvr.com (Authenticated sender: jchance-AT-mdstrucking.com) with ESMTPA id CFFE43D875C
  for <pdknox@pdkassoc.com>; Tue,  6 Sep 2011 11:37:31 -0400 (EDT)
Reply-To: <jchance@mdstrucking.com>
From: "Johnny Chance" <jchance@mdstrucking.com>
To: "'Phil's Email'" <pdknox@pdkassoc.com>
References: <AA0BA103-9B5D-4A9E-A3A0-0CA89F6350C5@pdkassoc.com>
In-Reply-To: <AA0BA103-9B5D-4A9E-A3A0-0CA89F6350C5@pdkassoc.com>
Subject: RE: Material extract procedure
Date: Tue, 6 Sep 2011 11:37:30 -0400
Organization: MDS
Message-ID: <009601cc6caa$e4fcbab0$aef63010$@com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcxsnUT9d0g+U4D5Sda2h2qzxTf0tgADY2Qg
Content-Language: en-us
X-Nonspam: Whitelist

I understand.  I was sent to the shop early this morning and just now got to
check my voicemail.


-----Original Message-----
From: Phil's Email [mailto:pdknox@pdkassoc.com]
Sent: Tuesday, September 06, 2011 10:00 AM
To: Johnny Chance
Subject: Material extract procedure

Just wanted to make sure you understood instructions to help chris till I
can get e-mail going to him. I'd run that query, or let chris run it
himself, then after contacting Lora Cox, pulling down the new material
extract file.
Like I said, this really is Flower's fault, but let's help Chris as much as
possible,


Phil=
0
 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
Very nice.  This makes JChance's config clear:

X-Mailer: Microsoft Office Outlook 12.0 = Means that the sender is using Outlook 2007 as their mail client.
Received: by smtp56.relay.iad1a.emailsrvr.com (Authenticated sender: jchance-AT-mdstrucking.com) ... = This is the "oldest" mail server header, and indicates that user jchance@mdstrucking.com logged on (probably an automated login from credentials stored in Outlook) to mail server smtp56.relay.iad1a.emailsrvr.com.  This means that the client computers are probably configured to directly connect to emailsrvr.com and it is handling their outbound mail forwarding.

As a result, my suggestion is to have the mail administrator configure a mail account at emailsrvr.com for the AS/400 to use.

Look up the outbound mail server configuration in  jChance's Outlook config, or obtain configuration instructions from the mail provider.

Use the Outbound Mail Server from JChance's Outlook mail config as the CHGSMTPA's MAILROUTER parameter.  Other parameters:
FIREWALL(*YES) to force the mail system to route mail through the MAILROUTER.
ALLMAILMSF(*YES)
ALWRLY(*NONE) to prohibit other systems from relaying mail through the AS/400.

You'll also need to follow Michael's instructions for configuring the new userid ID and password in WRKDIRE and CHGDSTA.

- Gary Patterson
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
...as the CHGSMTPA's MAILROUTER parameter.

Yeah, this is where some concern over "internal" e-mail and EMAILSRVR.COM came in for me. Gary's direction is more likely the way to go for that piece. Glad to see he could comment on this even before my last post. You're in good hands either way the requirements went.

Tom
0
 

Author Comment

by:pipster1
Comment Utility
The guy there already set me up with an email address for qpgmr. do I put the SMTP (F19)name entry on the QPGMR  ID in the WRKDIRE or do I put it on the 'INTERNET' userid ?

Phil
0
 
LVL 2

Expert Comment

by:mkc451
Comment Utility
Gary a question, if the outgoing SMTP Server requires authentication - how do you get the 400 the supply the user ID & password for outgoing connection so it can forward? That is my normal hangup w/3rd party hosts. They want a id/challenge setup. If they will just accept you as a relay source locked to an ip address or you are doing an internal server where you can allow/control relay, then I prefer a smarthost too.

You are right about the domain origination though. I have run into that problem, usually the trick is to the get the receiver to whitelist the sending domain, but "it is" a PIA sometimes.  In most cases though this no different than sending an email to anyone, it just goes on and then comes back in via the internet, just like it was sent from the outside.

Phil:
We are a Notes provider of customer MFG Flow apps and often have Domino/Notes in as a solution for someone still using Exchange as an email system -- so the whole relay thing is something we do on  a regular basis, it will work well if you can get it going. Since a 3rd party email solution usually has easier logging to work with than the 400, it's easier to track problems too. A lot depends on how supportive the 3rd party email host is to work with.  

Setup is a very small difference here...  since their external email host is there, if they will let you forward through them, then that is the way to go. Let us know how it goes, I am curious what the problem is, as I can usually set up what we are talking about in less that 10 minutes on 90% of the 400's I work on -- it's our standard config for all boxes since Infor XA we support emails out reports & pdf from their gui client via iSeries SMTP.  As long as the internet DNS piece works this seems to be pretty reliable.

Michael Cody
0
 
LVL 2

Expert Comment

by:mkc451
Comment Utility
QPGMR
0
 

Author Comment

by:pipster1
Comment Utility
OK, Is this userid setup ok?

Thanks, Phil


                            Change Directory Entry                            
                                                                               
 User ID/Address . . . . :   QPGMR     S10458XM                                
                                                                               
 Type changes, press Enter.                                                    
                                                                               
   Indirect user . . . . .   N                      Y=Yes, N=No                
     For choice Y=Yes:                                                          
       Print private mail    N                      Y=Yes, N=No                
                                                                               
   Print cover page  . . .   Y                      Y=Yes, N=No                
   Mail notification . . .   1                      1=Specific types of mail    
                                                            2=All mail                  
                                                            3=No mail                  
     For choice 1=Specific types of mail:                                      
       Priority, private,                                                      
        important mail      Y                      Y=Yes, N=No                
       Messages  . . . . .   Y                      Y=Yes, N=No                
                                                                               
   Text  . . . . . . . . .                                                      

   Mail service level  . .   1             1=User index                
                                                    2=System message store      
                                                    4=Lotus Domino              
                                                    9=Other mail service        
     For choice 9=Other mail service:                                          
       Field name  . . . .                          F4 for list                
                                                                               
   Preferred address . . .   1         1=User ID/Address          
                                                    2=O/R name                  
                                                    3=SMTP name                
                                                    9=Other preferred address  
     Address type  . . . .                          F4 for list                
     For choice 9=Other preferred address:                                      
       Field name  . . . .                          F4 for list                

 Type changes, press Enter.                                                    
                                                                               
   cc:Mail (trademark of Lotus Development Corporation):                        
     cc:Mail address . . .                                                      
                                                                               
                                                                               
                                                                               
     cc:Mail comment . . .                                                      
                                                                               
                                                                               
   Allow synchronization     Y                      Y=Yes, N=No                
                                                                               
   DLO owner . . . . . . .   0                      0=User profile              
                                                             1=Group profile            
                                                                               
                                       
               
                                                                                                                             
                   
                                                                               
0
 

Author Comment

by:pipster1
Comment Utility
Michael,

Agreed, the smtp server requires authentication. That was the first question I had after seeing Gary's solution.

I've set up the system with QPGMR's directory entry SMTP name or QPGMR@MDSTRUCKING.COM.

I've tried the setup this way and it's a no go. Nothings going out.

Please someone just give me simple instructions step by step to check.

I really appreciate everyone's input but I really am getting confused.

Thanks,

Phil

 
0
 

Author Comment

by:pipster1
Comment Utility
Do i need to have the guy tell the email admin to open an outbound permission for the ip address on the 400? just outbound, nothing else.

Phil
0
 

Author Comment

by:pipster1
Comment Utility
I still don't have external DNS addresses in the CHGTCPDMN yet. Is that a problem?
Phil
0
 
LVL 34

Assisted Solution

by:Gary Patterson
Gary Patterson earned 100 total points
Comment Utility
@Michael:

Gary a question, if the outgoing SMTP Server requires authentication - how do you get the 400 the supply the user ID & password for outgoing connection so it can forward? That is my normal hangup w/3rd party hosts. They want a id/challenge setup. If they will just accept you as a relay source locked to an ip address or you are doing an internal server where you can allow/control relay, then I prefer a smarthost too.


Sorry, looking back, I didn't cover this very well.  I don't think I've ever actually tried to set up that particular configuration.  If authentication is required, you have to get creative.  As far as I know, there is no native mechanism for outbound SMTP authentication to a third-party smarthost (the SMTP server at emailsrvr.com in this case).

Options:

1) Contact the mail hosting provider and request unauthenticated access for mail originating from the public address(es) associated with the AS/400.  This is by far the simplest option, provided the client site has static IP addresses.  Some mail providers will, some won't.  

2) See if the ISP (or find another third party who) offers a mail server that can be accessed without authentication.  Some ISPs offer unauthenticated relays to systems that are directly connected to the ISP network.  (Who is the ISP?).  Second easiest option.

3) Write an MSF Exit Point program that performs the authentication step.  If the target mail host uses "POP before SMTP", this could be a pretty easy solution, since it is fairly easy to script a  POP login session that could be performed before the SMTP session is initiated.  If "SMTP AUTH" is used by the smarthost, this probably isn't an option, since that happens "in-stream" in the SMTP conversation.  This option is a bit more complex, and frankly, I wouldn't fool with it if I didn't absolutely have to.   Skip to option 4 or 5 if possible.

4) Install a utility or write code to send email that bypasses the AS/400 mail stack completely and that can authenticate properly to the smarthost.  The JavaMail API (http://www.oracle.com/technetwork/java/faq-135477.html) provides a very easy way to do this.  The JavaDoc for the API includes sample code that demonstrates different authentication methods.  This option would work with smarthosts using either "POP before SMTP" or "SMTP AUTH" mechanisms.  In the commercial AS/400 software arena, Brad Stone's excellent MAILTOOL is a good inexpensive ($500) option that handles SMTP Authentication, SSL/TLS encryption, and other common AS/400 mail problems:  http://www.bvstools.com/mailtool.html

5) Set up another internal system running a smarthost, mail agent, or proxy that will relay messages for the AS/400 to the client's outside smarthost.  There a lots of these types of utilities that run on Windows or Linux.

@Phil,

If your host absolutely requires authentication then you are out of luck.  You will not be able to use the MAILROUTER(*YES) option (again, unless you can get the mail provider to whitelist your IP address).  You may be able to use Michael's method of configuring SMTP [MAILROUTER(*NO)] directly, but you may experience the limitations I described earlier.

Please someone just give me simple instructions step by step to check.

Unfortunately, there is not simple "one size fits all" checklist for configuring email.  There is a manual, but it doesn't cover this case  (relaying off a smarthost that requires authentication), because that configuration is not directly supported.  Here is the manual, however.  (You didn't mention your OS version, so here is V5R4:  http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/rzair/rzair.pdf).

Do i need to have the guy tell the email admin to open an outbound permission for the ip address on the 400? just outbound, nothing else.

Some companies do block outbound SMTP traffic as a spam control or security measure.  Most do not.  You'll need to talk to the firewall administrator or review the firewall rules to determine if this type of traffic is prohibited.  You can easily test it by logging into a green-screen session and using the AS/400 TELNET utility to attempt to connect to the smarthost:

TELNET RMTSYS(hostname) ASCOPRMOD(*VT100) PORT(25)

See this article for more info on testing SMTP with Telnet:  http://www.netadmintools.com/art276.html

If you can get any response from the mail server (usually a 250 message after you issue a HELO command), then you probably don't need any firewall changes.

I still don't have external DNS addresses in the CHGTCPDMN yet. Is that a problem?

If you are going to configure using MAILROUTER(*NO), then whatever DNS server you connect to, internal or external, needs to be able to perform MX lookups on your target addresses.  You can test this from the AS/400 using the NSLOOKUP command.  Try doing this NSLOOKUP:

--->NSLOOKUP
> set type-mx
> quorumresources.com

If you are able to see our MX records in the response, then your DNS configuration is adequate.  Most "internal" DNS servers are configured to forward external address lookups to an external server, so most of the time you just need one good DNS server (internal or external) to make it all work.

Sorry this is all so confusing, but, well, AS/400 SMTP email support is sorely lacking compared to other platforms, and it was built on top of a very complex mail framework that makes it confusing to configure and troubleshoot.

Hope I haven't muddied the waters for you!

Finally, if you have enabled logging for email, you can look at the mail frame work journal receivers to see if you are connecting to the smart host at emailsrvr.com and see if any messages are being returned.  The Email PDF that I linked to above explains this in the Troubleshooting session.

- Gary Patterson

 
0
 
LVL 2

Expert Comment

by:mkc451
Comment Utility
Phil - go back to my original instructions then.. if you can resolve addresses, then set MailRouter to *NONE, Firewall to *NO and restart SMTP & MSF per the first long message I sent. This will let you send directly out to the internet. It's not rocket science here, SMTP has been around for 30+ years. The 400 ain't the best at it, but it does work.

Sending directly might not be optimum but it works all over the place for me ...

Gary has it right, you can test your DNS setup using the NSLOOKUP command. You don't need an external DNS server, the internal DNS server you listed should be configured to forward requests for things it can't find out an external DNS and report them back to you. That is how DNS works.

That is how I got the original info I posted about your sending domains email service.

At the 400 command line:

NSLOOKUP
 You should get a response back with your DNS Server listed ... Then put in:

set type=mx   and hit enter...

Then type in the domain -- put in MKAASOC.COM , should come back with 1 MX record.

Nonauthoritative answer:                                            
mkassoc.com     preference = 10, mail exchanger = mkamail.mkassoc.com

 If that works then sending directly to the internet should work. Send yourself an email with the SNDDST command  and you should get it from your user ID on the 400...

Michael Cody
0
 

Author Comment

by:pipster1
Comment Utility
Thank you all.

 I'm going to try to 1) Contact the mail hosting provider and request unauthenticated access for mail originating from the public address(es) associated with the AS/400.  This is by far the simplest option, provided the client site has static IP addresses.  Some mail providers will, some won't.  
I think this is by far the simplest solution.
I'm also going to get the email service provider to see why my outgoing e-mails are being rejected. Maybe they can set up a relay for the email adddress assigned to the 400. We'll see.

Everyone do me a favor. Please discuss this amongst yourselves and come up with an accept multiple solutions you feel is acceptable. Tom, Michael, and Gary are the three I'd think would be the ones to get the points.  Whatever y'all decide is ok by me.

Phil Knox
0
 

Author Comment

by:pipster1
Comment Utility
Is there any way to find out if the SNDDST requests I send are even getting out of the 400? I'm not getting anything at the email address the guy set up for me at mdstrucking.com.

With all the great help I can't believe I can't get this D**M thing working.

Totally pissed off.

Phil
0
 

Author Comment

by:pipster1
Comment Utility
Also, in the work with TCP Routes, besides the:

Route                  Subnet           Next                 Preferred    
Destination         Mask               Hop                 Interface    
                                                               
*DFTROUTE        *NONE            192.168.2.1     192.168.2.6

Do I need to have the 192.168.2.1 (gateway or firewall as the guy calls it) listed
in the TCP routes in some fashion?

Thanks,

Phil
0
 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
Phil,

There are LOTS of things you can do to troubleshoot this.  As mentioned in the "Troubleshooting Email" section of the email manual that I linked to above (http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/rzair/rzair.pdf starting on p39):

Run a TCP Application Trace using TRCTCPAPP (http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Fcl%2Ftrctcpapp.htm)
Check the component journals (described starting on p40 of the Email manual above)

If you know how to use your router/switch/firewall diagnostic and monitoring tools, you may be able to log the appropriate traffic there, or if you are familiar with packet capture tools like WireShark, you could do packet captures at various points along the path out of your facility to determine if packets are flowing.

I've also given you some specific troubleshooting steps to tr first, including using Telnet to verify that you can make a manual connection to the outside email server.  Did you try that, and how did it go?

Anyway, happy to continue to try to help you, but I do need you to follow the normal troubleshooting steps and post the results.

- Gary Patterson
0
 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
Phil,

Your default route looks fine, assuming 192.168.2.1 is the address of your internet gateway.

Simple way to test routing: Can you PING 72.167.212.12 from the AS/400?

Simple way to test DNS: Can you PING ftp.nexsource.com from the AS/400?

Simple way to verify that you can hit the outside mail server and that there is not a firewall or blocking ISP problem: Follow the instructions above for testing SMTP with Telnet.

Please do those things (5 minutes or mess), and post your results.  That will eliminate a lost of possible issues and help us narrow down what to focus on.

- Gary Patterson
0
 

Author Comment

by:pipster1
Comment Utility
Thanks Gary. I apologize for being such a thick head and really have appreciated everyone's help.

I CAN ping outside IP addresses and ip's and names lile CNET.COM and several others I've tried.

I actually did get some journal data last night but it was so late I had to hit the hay. I did not try the
TRCTCPAPP though. I used the journal *yes on the CHGSMTPA.

Is it possible for anyone to take 10 minutes tonite and log on to my PC somehow and just look at this config real quick.
I understand it's asking a lot. I you can't, i understand.

The two things i'm not sure about are:

in the WRKDIRE for QPGMR,  
what is this setting:

                             Change Directory Entry                        
                                                                           
 User ID/Address . . . . :   QUSER     QUSER                                
                                                                           
 Type changes, press Enter.                                                
                                                                           
   Indirect user . . . . .   N                      Y=Yes, N=No            
     For choice Y=Yes:                                                      
       Print private mail    N                      Y=Yes, N=No            
                                                                           
   Print cover page  . . .   Y                      Y=Yes, N=No            
   Mail notification . . .   1                      1=Specific types of mail
                                                    2=All mail              
                                                    3=No mail              
     For choice 1=Specific types of mail:                                  
       Priority, private,                                                  
         important mail      Y                      Y=Yes, N=No            
       Messages  . . . . .   Y                      Y=Yes, N=No            
                                                                           
and this setting:

                             Change Directory Entry                          
                                                                             
 User ID/Address . . . . :   QUSER     QUSER                                  
                                                                             
 Type changes, press Enter.                                                  
                                                                             
   Mail service level  . .   1                      1=User index              
                                                    2=System message store    
                                                    4=Lotus Domino            
                                                    9=Other mail service      
     For choice 9=Other mail service:                                        
       Field name  . . . .                          F4 for list              
                                                                             
   Preferred address . . .   1                      1=User ID/Address        
                                                    2=O/R name                
                                                    3=SMTP name              
                                                    9=Other preferred address
     Address type  . . . .                          F4 for list              
     For choice 9=Other preferred address:                                    
       Field name  . . . .                          F4 for list              

supposed to be?

Number 2.

in the CHGSMTPA, do I use the email server name in 'mail router' or none?

Do I Use firewall *yes or *no
process all through MSF *yes or *no
allow relayed mail? *all or *none?

I feel like I've tried every rendition and nada.

Then you get confused about what combos of elements go with what. By the time you're done
you're completely confused. Does anybody remember getting this confused about this?
I know I'm making it harder that it should be.

Thank you all again for your help..

Phil
0
 

Author Comment

by:pipster1
Comment Utility
Sorry, used QUSER as the example above.

Phil
0
 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
Phil,

Forst of all, here is the correct link to the V5R1 Email Manual:

http://publib.boulder.ibm.com/iseries/v5r1/ic2924/info/rzair/rzair.pdf

There are two basic configurations:  With a mail router, and without a mail router.  

In a recent post, you indicated that you were going to ask the email provider to set up and open relay for emails from your AS/400.  Did you do that, and what did they say?

In my opinion, using a mail router (smarthost) is by far the best solution, and I explained why in detail above.  The problem with that is, it appears that the client's mail provider requires some sort of SMTP authentication (though you've never actually confirmed that here), and the AS/400 doesn't directly support SMTP authentication that at present.  

I outlined some options for you above if this turns out to be the case: Get the provider to make an exception, Use a different outbound provider that doesn't require authentication, use a tool that gets around the restriction, or configure the AS/400 to directly send mail without going through a mail router.

So the question that YOU need to answer is, can you use a mail router, or not?  If not, then you can explore the MAILROUTER(*NONE) option - just be aware that you may run into future problems with mail delivery with this configuration, and that I don't recommend it in most cases.

Do yourself a favor, and read the "Setting Up" section of the manual, and make sure that you have all of the required prerequisites (one thing we havent looked at, I think is the Domain Name associated with the TCP/IP interface, for example).  

CHGDSTA and WRKDIRE

These setting have nothing to do with using a mailrouter or not.  They just need to be set up properly for the SNDDST command to work, and I don't think yours are.

1) Just EXACTLY follow the VERY SHORT instructions on page 23 (Supporting Internet Addressing for the SNDDST command) of the Email manual and it will be perfect.
2) Also follow the instructions for Automatic Registration (to the System Alias Table).

You will also need at least one AS/400 profile that that is configured with a SMTP mail address.  Enroll new or existing users using the instructions under "Enrolling Users" section.

CHGSMTPA

The MAILROUTER parameter depends on the answer to the question, "Will you be using a mail router?"

If the mail provider can give you a way to relay without authenticating, then yes, you plug in the name of the SMTP server that they tell you to use into the MAILROUTER parameter.  This is the best alternative.

If not, then you will need to choose another option.  If you want to try to skip using a smarthost/mail router altogether, and just initiate mail right off the AS/400 directly to recipient systems, then you configure MAILROUTER(*NONE).

If you read the help text for the CHGSMTPA command, you'll see that if you use a mailrouter, and there is a firewall between the AS/400 and the mail router, then you need to configure FIREWALL(*YES).  If you configure MAILROUTER(*NONE), then the FIREWALL() setting is ignored.  You can set it to anything you like.  So, if you just set it to FIREWALL(*YES), that should be fine in either configuration, since we have established that the AS/400 is behind a firewall.  You would only configure FIREWALL(*NO) if you were using a mailrouter that was on the same private network with the AS/400 (like an in-house Exchange server, for example).

Process all through MSF: This is only used for mailthat is INBOUND to the AS/400, so it doesn't matter in your configuration.  The default is *NO - that is fine.
Allow Relayed Mail: *NO (This setting doesn't matter for your application, but you should never allow relays unless you specifically need them.  Otherwise malicious programs might be able to use the AS/400 to send spam or other undesirable email for them.)

Phil, I feel your frustration.  This is the place where I usually suggest bringing in an expert to assist in configuration and problem determination.

- Gary Patterson






0
 
LVL 2

Expert Comment

by:mkc451
Comment Utility
I know this sounds like we are arguing amongst ourselves, Gary knows his stuff but in this case I disagree with him ... SMTP is not that hard, I do it every day. Hit my profile view and you can email me if you wish, I am sure I can help you resolve this directly or find out why it's not working- no cost.  I have access to email server I watch the log of so I can test just about everything. I am working after 5pm for all night tonight doing an drive upgrade/reload so I will be available while I am watching a tape drive spin. This is not worth duelling recommendations with someone I respect the opinion of.

Michael Cody
0
 
LVL 27

Expert Comment

by:tliotta
Comment Utility
All I was doing was helping make sure some fundamentals were in place and also listed under the question.

Tom
0
 
LVL 34

Expert Comment

by:Gary Patterson
Comment Utility
@Michael:

Thanks.  Don't mean to imply any disrespect of your opinion, either.  I've just dealt with so many mail delivery issues (on the AS/400, on Unix, on Linux, and on Windows) where the problem ended up being due to one of the issues that I listed above, for example:

http://www.experts-exchange.com/OS/AS_-_400/Q_24980447.html

As a result, I always try to encourage people, especially those who clearly aren't mail configuration and troubleshooting experts to go for a smarthost solution, since that is typically the best and most stable solution.

My suggestion to Phil that he bring in an expert is based on my observation that he seems frustrated and hasn't had time to do anything but the most basic troubleshooting on this.  That's usually a good indication of a need for an extra pair of hands.

Anyway, sorry if I jumped in and confused the issue.

- Gary Patterson

0
 
LVL 27

Assisted Solution

by:tliotta
tliotta earned 100 total points
Comment Utility
Phil,

Maybe back to basics for a little clearing of confusion...

I have a number of e-mail accounts with various providers. Most of them have servers that require authentication when a client connects.

But you are attempting to configure a SMTP server on your AS/400. You aren't simply setting some parameters in an Outlook or Thunderbird client to get it to communicate with a server that's already been configured.

In a very real sense, you are wanting to configure a server in order to get it to work like a client. You want it to be like a client that hands e-mails off to the server at emailsrvr.com (or wherever).

Further, you want SNDDST to be the originator. And SNDDST is a SNA command, not SMTP. IBM provided a bridge function that allows messages to cross between SNA and SMTP, but it requires additional configuration.

Now, if you have a client (e.g., Thunderbird) and you type up a message that you want to go to me, you address it to my service's SMTP server, or more accurately, to the domain. But you don't authenticate yourself to that server. It's close to certain that you don't even have an account there, so you can't authenticate to it. You just hit <Send> and it arrives for me to read.

There is a big difference between configuring and maintaining servers and clients. Once basic servers are configured, it's pretty easy to get them to exchance e-mails -- no authentication is needed between servers. There would be no rational way for all SMTP servers to demand that all other servers authenticate to them. But again, you're thinking about getting your server to pretend to be a client; and therefore, "client" authentication gets dragged into the conversation.

Rather than authentication, servers tend to rely on a couple other things to decide whether or not to allowing connections from other servers.

Just about any sockets programmer can write a program that talks to SMTP servers. It's really a very simple protocol. (I wrote a SMTP client in CL, as well as a POP client.) The target server doesn't know what's connecting to it. All it knows is what bytes come through the socket. Socket programmers can send whatever bytes they want.

In order to believe that the connection is really from another server, the target server can do a couple kinds of DNS lookups to see if reliable DNS servers have info about whatever is on the other end of the connection. The primary piece of info that comes from attributes of the connection is the originating IP address. The target server can do a 'reverse DNS lookup' on the connection IP address to see if a rDNS pointer record exists. The result should return a valid domain name. If a rDNS entry doesn't exist, the target server can simply reject the connection, believing that fake servers are not going to register any rDNS entries.

Another lookup type would be to see if MX (mail exchanger) entries exist. A MX entry should provide the FQDN of the host that accepts e-mail on behalf of a domain. Michael showed an example where e-mail addressed to the MKAASOC.COM domain would be handled by the host named mkamail.mkassoc.com. If a MX entry isn't found for the rDNS entry, the target server is within its rights to reject the connection from a server in the MKAASOC.COM domain.

Another thing a target server might do is to see if 'relay' is allowed by the originating server. If relaying is allowed (usually "open" relay is the problem), then the target server cannot be certain if a piece of e-mail was really from a client on the originating server or if the e-mail was simply handed to it for relaying to a different server.  This has been a historical spamming method, to find a server that allows "open" relay and to pass thousands of e-mails through it for relaying to other servers.

Many servers don't actually test for relays. They simply use "blacklists" and/or "whitelists". The lists are usually prepared and maintained by external services. If your server gets onto one or more blacklists, it can take some effort to get services to remove your server's name.

Regardless, authentication doesn't come into the question for common server-to-server exchanges. (Various secure servers are out of this question.) It's more closely tied to client-server exchanges.

What it comes down to is a few parts:

1. You are configuring a server.
2. You are configuring bridge services between SNA and SMTP.
3. You need to decide whether you want to have your server act as a client.

For that last part, it might affect what needs to be done for bits like rDNS and MX entries. If you have a mail router available, e.g., a company Exchange server that is already configured and successfully exchanging e-mail with external servers, then you might choose one direction. If not, you might choose another.

Just don't lose sight of the first of those three items. It's not unheard of for companies to have a position that does nothing but administer an e-mail server.

Tom
0
 

Author Closing Comment

by:pipster1
Comment Utility
Thanks to everyone who came to my aid. I finally figured out (along with the customer) their DNS server was giving different results pinging inside/outside the firewall. Waiting to hear back from him. I sincerely appreciate all the great tips and suggestions. I've definitely learned quite a bit about the complexity in setting up SMTP on the iSeries. Not wanting to hold up the points, based on info given I've tried to be fair, I'm ending this question but I may need some help again.

Phil
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

#Citrix #POC #XenDesktop #vCenter #VMware #ESX
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now