Security considerations for the sendmail bridge
- With the sendmail bridge command, the updated input mail message is transmitted to the JES spool data set that the Communications Server SMTP (CSSMTP) application processes. For more information about the protection of SYSOUT data sets, see Security for CSSMTP. You can request Transport Layer Security (TLS) for messages sent by the sendmail bridge command through the configuration statement D{tls_version}. If D{tls_version} is specified, a STARTTLS SMTP command is added. When CSSMTP processes the JES spool data set, CSSMTP ensures a secured connection between CSSMTP and its target server is used to forward the mail message. The value that is defined by D{tls_version} is ignored. The secured connection is setup between CSSMTP and the target mail server based on configured AT-TLS policy.
- It is not required that D{tls_version} is set in the configuration file to ensure a secured connection is used. The user can ensure that a secured connection is used between CSSMTP and its target server by setting the Secure parameter to Yes on the CSSMTP TargetServer configuration statement. See Steps for using Transport Layer Security for CSSMTP.
- If you plan to invoke the sendmail bridge command by submitting a batch job that uses BPXBATCH,
the sendmail bridge assumes user IDs are used when running the command, and these user IDs must be
defined to execute sendmail correctly. The commands to define the sendmail user IDs are defined in
SEZAINST(EZARACF). The commands
are:
RDEFINE STARTED SENDMAIL.* STDATA(USER(SENDMAIL)) SETROPTS RACLIST(STARTED) REFRESH SETROPTS GENERIC(STARTED) REFRESH
