This document discusses how to configure the IBM i SMTP Client to use SMTP Authentication and SSL/TLS when connecting to a SMTP Relay.
IBM i OS
Resolving The Problem
General SMTP authentication & TLS configuration instructions for the IBM i SMTP Client.
If you would like to configure SSL/TLS between the IBM i and a remote mail relay WITHOUT providing authentication credentials, refer to the following documentation.
Configuring SSL Between IBM i and Remote Mail Router WITHOUT Authentication
|1)||Obtain the certificate authority (CA) certificates used by the SMTP Relay server you are connecting to.
Since SMTP Authentication on the IBM i OS requires a SSL/TLS encrypted connection, you will need to obtain the certificate authority (CA) certificates used by your SMTP Relay Server for SSL/TLS connections. You can either obtain these manually from your SMTP Relay Server administrator or use the QMGTOOLS GETSSL utility if you know the TCP/IP hostname or IP address of the SMTP Relay Server and the SSL/TLS port it listens on. For instructions on how to use the QMGTOOLS GETSSL utility, please refer to the following document.
QMGTOOLS GETSSL Utility
QMGTOOLS/GETSSL IP(MYDOMAIN.OUTLOOK.COM) PORT(587) STRTLS(Y) SERVICE(SMTP)
The SSL/TLS certificates will be placed in the /tmp directory with the nomenclature, <user>_sslchainXX.cer, where XX is the order number of the certificate. This is important since it helps you identify which CA certificate should be imported first, second, etc. into DCM.
|2)||Import your SMTP Relay CA certificates into DCM.
|3)||Configure the IBM i SMTP Client to trust the newly imported CA certificates.
|4)||Assign a SSL/TLS certificate to the IBM i SMTP Client application in DCM.
|5)||Set the SMTP Relay hostname for the "Forwarding Mailhub Server" SMTP Attribute.
|6)||Customize the Remote Port Value connected to by the IBM i SMTP Client when delivering emails.
Refer to the following IBM Technical document on how to configure the SMTP Client to deliver mail to a Mail Router/Fowarding Hub Server on a Port other than port 25.
How to Configure SMTP to Send Mail to a Mail Router that Listens on a Port Other Than Port 25
ADDENVVAR ENVVAR(QIBM_SMTP_SERVER_PORT) VALUE('587') LEVEL(*SYS)
|7)||Configure the User name and User password values used to authenticate to your Forwarding Mailhub Server or SMTP Relay.
IBM Navigator for i web application
IBM i Access for Windows (System i Navigator)
1. Open i5/OS Navigator and go to Network>Servers>TCP/IP. Right click SMTP and select Properties:
2. From the General tab, add the name of the mail hub that the i5 will authenticate to. The command line equivalent is as follows:
3. In the Logon information for relay server, click the Add button and add the hostname for the mailhub, user name, and password that is used to authenticate to that mailhub. The command line equivalent is as follows:
ADDSMTPLE TYPE(*HOSTAUTH) HOSTNAME(MAILHUB) USERNAME(kswan) PASSWORD()
4. Once this is all completed, restart the SMTP server either from the Navigator screen or with the following commands:
|8)||Congratulations! You have successfully configured your IBM i SMTP Client to relay all email to the SMTP relay host specified on the "Fowarding Mailhub Server" SMTP Attribute using the SSL certificates and authentication credentials configured.
If you still experience email delivery issues with the IBM i SMTP Client after the above configuration has been completed successfully, an IBM i SMTP Client trace can be gathered using the instructions in the URL, http://www.ibm.com/support/docview.wss?uid=nas8N1012636, to help determine the cause of your email delivery failures. Locate the QTMSSTRC spool file with the largest amount of pages. The spool file should be for the SMTP Client Pre Start Job or SMTP Client Daemon. These spool files will indicate why the SMTP relay connection, authentication, or delivery of email was unsuccessful.
Was this topic helpful?
07 June 2021