Securing connectivity between WebSphere Adapter for Email and the mail server

Learn to configure the WebSphere® Adapter for Email for secure connection through SSL and to configure WebSphere Process Server to import those certificates from the mail server. The article also covers the major differences between IMAP and POP3 protocols.

Abhishek Rohira (arohira1@in.ibm.com), Software Engineer, IBM

Photo of Abhishek RohiraAbhishek Rohira is a Software Engineer working on the development and support of WebSphere Adapter at the IBM India Software Lab. He has more than 3 years of experience working with various Java technologies, including JCA. He has a Bachelor's degree in Computer Science and Engineering from the Vellore Institute of Technology, India.



03 October 2012

Introduction

A highly interactive and useful product delivers optimal value when the user experience can be enhanced through personalization. Most users expect that any personal data transmitted between Enterprise Information System (EIS) and WebSphere Adapters must be transmitted through secure means. Critical customer information transformation between EIS and end applications need a secure way of communication. Due to the critical nature of data security, customers need additional logic around this communication. This type of data security can be achieved by configuring cryptographic protocols (SSL/TLS) that provide communication security.


Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and EIS. It ensures that all data passed between the web server and the EIS remain private and integral. SSL is an industry standard and encrypts the segments of network connections at the application layer for the transport layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. This article will help you to configure WebSphere Adapter for Email (inbound and outbound) for secure connection using SSL keys and certificates.

Prerequisites

  • IBM Integration Designer V8.0 (formerly called WebSphere Integration Developer)
  • WebSphere Adapter for Email V7.5.0.2
  • IBM Business Process Manager V7.5.1 or above
  • Private key and certificate files to be used in an SSL operation

This article covers the following topics:


SSL configuration for the mail server

To configure a secure connection between WebSphere Process Server (runtime) and the mail server, you need to install both the certificate and the private key to the mail server as well as to Process Server.

Follow the steps below to install the certificate as well as the private key on the mail server. The mail server is used as an example, but the steps are applicable to most mail servers.

  1. Open your Mail Server window with administrator rights. In the case of the hMail Server, open the hMailServer Administrator.
  2. Under Settings, followed by Advanced, select the SSL certificate, as shown in Figure 1.
    Figure1. Configuring the SSL in the hMail Server Administrator
    Configuring the SSL in the hMail Server Administrator
  3. Click Add. Provide a name for the configuration followed by the path for the certificate-private key pair, as shown in Figure 2.
    Figure 2. Provide the name and path for the certificate and the private key
    Provide the name and path for the certificate and the private key
  4. Save the configuration and restart the hMail server.

Port configuration in the mail server for SSL

The most commonly used protocols by any of the mail servers are:

  • Internet Message Access Protocol (IMAP)
  • Post Office Protocol (POP3)
  • Simple Mail Transfer Protocol (SMTP)

The adapter sends and receives emails to or from different mail servers by using the SMTP email protocol for all outbound communication, and either the IMAP or POP3 email protocol for inbound communication. Depending on what inbound protocol your mail server supports, you can select between IMAP and POP3 for the inbound module.

Note: The default port numbers differ when configuring SSL. Table 1 shows the differences.

Table 1. Default port numbers with and without the SSL configuration
Protocol Default port number without SSL Default port number with SSL
SMTP 25 465
POP3 110 995
IMAP 143 993

SMTP protocol (outbound scenario) with SSL

To configure SMTP protocol for the outbound scenario, follow these steps:

  1. Open the hMailServer Administrator.
  2. Go to Advanced, then followed by the TCP/IP ports.
  3. Select the Add button to add the protocol as well as the port number.
  4. Select the respective protocol from the drop down, and provide a value for the TCP/IP address and port.
  5. Click the check box Use SSL, as shown in Figure 3. It shows the list of certificates installed.
  6. Select the respective certificate.
  7. Save and restart the hMail server.
    Figure 3. Configuring the SMTP protocol under the hMail Server Administrator
    Configuring the SMTP protocol under the hMail Server Administrator

IMAP and POP3 protocols (inbound scenario) with SSL

To configure the SMTP protocol for the inbound scenario:

  1. Open the hMailServer Administrator.
  2. Go to Advanced, then followed by the TCP/IP ports.
  3. Select the Add button to add the protocol as well as the port number.
  4. Select the respective protocol from the drop down, and provide a value for the TCP/IP address and port.
  5. Click the check box Use SSL, as shown in Figure 4. It shows the list of certificates installed.
  6. Select the respective certificate.
  7. Save and restart the hMail server.
    Figure 4. Configuring the IMAP protocol under the hMail Server Administrator
    Configuring the IMAP protocol under the hMail Server Administrator
  8. To configure with POP3, see the fields in Figure 5.
    Figure 5. Configuring the POP3 protocol under the hMail Server Administrator
    Configuring the POP3 protocol under the hMail Server Administrator

Differences between the POP3 and IMAP protocols

Table 2 shows the differences between the POP3 and IMAP protocols.

Table 2. Differences between the POP3 and IMAP protocols
POP3 IMAP
You can physically download incoming mail from the server to the folders of the email client. The email client will download only a "list" of received emails to your computer, where you can select the ones you want to downloaded.
Emails that will be downloaded to the computer will no longer be on the server. All messages, regardless of whether they have been downloaded to the computer, remain on the server. If you erase mail from the email client, it will also be erased from the server (email client and server synchronization).
The disadvantage of POP3 is that it will download all mail from the mail server. Thus, if you receive a mail with a large attachment, but are expecting an important email sent later, you have to wait until all previously received messages are downloaded. You will only see the "headings" of the received mail. Their opening is very prompt. Compared with downloading a complete email, the process is very quick. Afterwards, you can decide which email should be actually downloaded to the computer, which to download later or not at all.

Generating WebSphere Adapter for Email artifacts using SSL

This section describes how to configure WebSphere Adapter for Email for outbound and inbound scenarios for SSL.

Outbound scenario

WebSphere Adapter for Email supports outbound request processing. When the adapter receives a request in the form of a business object from a service, it processes the request and creates an email message. The adapter then sends the email message to a mail server.

To configure the outbound scenario for WebSphere Adapter for Email:

  1. Import the Email Adapter RAR file (CWYEM_EMail.rar) into the Integration Designer workspace.
  2. Select File > new > module to create and name a new module, such as Sample.
  3. Run the External service wizard and select Email Adapter. Click Next as shown in Figure 6.
    Figure 6. Select Email Adapter under the External Service
    Select Email Adapter under the External Service
  4. Select Outbound under "Select the Processing Direction", as shown in Figure 7.
    Figure 7. Select Outbound under the External Service
    Select Outbound under the External Service
  5. Under Specify the Security and Configuration Properties, provide the Port Number of 465. Click the checkbox Enable transport security (SSL), as shown in Figure 8.
    Figure 8. Check the Enable transport security (SSL)
    Check the Enable transport security (SSL)
  6. Complete the rest of the External service wizard to generate the artifacts.

Note: See the Configuring WebSphere Process Server (runtime) for the SSL connection section to configure the runtime.

Inbound scenario

WebSphere Adapter for Email supports inbound processing of e-mail events. The inbound event processing means that the adapter polls the mail server at specified intervals for new e-mails that are ready for processing. When the adapter detects an event that is ready to be processed, it converts the event data into a business object and sends it to the consuming service.

To configure the inbound scenario for WebSphere Adapter for Email:

  1. Import the Email Adapter RAR file (CWYEM_EMail.rar) into the Integration Designer workspace.
  2. Select File > new > module to create and name a new module, such as Sample.
  3. Run the External service wizard and select Email Adapter. Click Next as shown in Figure 9.
    Figure 9. Select Email under the External Service
    Select Email under the External Service
  4. Select Inbound under "Select the Processing Direction" as shown in Figure 10.
    Figure 10. Select Inbound under the External Service
    Select Inbound under the External Service
  5. Under "Specify the Security and Configuration Properties", provide the Port Number of 995 (POP3) or 993 (IMAP). Click the checkbox Enable transport security (SSL). See Figure 11 for POP3 and Figure 12 for IMAP.
    Figure11. Configuring the Email Adapter with the POP3 protocol
    Configuring the Email Adapter with the POP3 protocol
  6. Complete the rest of the External service wizard to generate the artifacts.

    See the Configuring WebSphere Process Server (runtime) for the SSL connection section to configure the runtime.

    Figure 12. Configuring the Email Adapter with the IMAP protocol
    Configuring the Email Adapter with the IMAP protocol
  7. Complete the rest of the External service wizard to generate the artifacts.

See the Configuring WebSphere Process Server (runtime) for the SSL connection section to configure the runtime.


Configuring WebSphere Process Server (runtime) for the SSL connection

To import the SSL certificate as well as the private key from the mail server (see Figure 13):

  1. Log into the IBM WebSphere Application Server Administration Console.
  2. Select Security followed by SSL certificate and key management.
  3. Select Key stores and certificates > Signer certificates > Retrieve from port.
  4. Enter the host name (where the mail server is running), the SSL port of the hMail Server, and the Alias name.
  5. Click Retrieve Signer Information and then click OK.
  6. Restart WebSphere Process Server so that the root certificate is added to the list of signer certificates in the WebSphere Application Server Certificate trust store.
    Figure 13. Configure WebSphere Process Server for SSL
    Configure WebSphere Process Server for SSL

Conclusion

In this article, you learned how to configure WebSphere Adapter for Email for secure connection through SSL, how to configure WebSphere Process Server to import those certificates from the mail server, and the major differences between the IMAP and POP3 protocols.

Resources

Learn

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into WebSphere on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=WebSphere
ArticleID=838599
ArticleTitle=Securing connectivity between WebSphere Adapter for Email and the mail server
publish-date=10032012