IBM Support

Preventing the spoofing of the from: statement in SMTP

Question & Answer


Question

In SMTP, any user ID XXXX can submit a job that writes to the internal reader and can spoof the FROM: field. You might want to do the following actions: 1) Restrict XXXX from being able to use SMTP going outbound 2) Override the FROM: statement to disable spoofing

Cause


Answer

There is no facility within SMTP that allows you to do the following actions:

  • Restrict XXXX from being able to use SMTP going outbound
  • Override the FROM: statement to disable spoofing

However, you can make use of the SMTP exit facility to code an exit that provides these functions. For an overview of this facility, see the IP Configuration Guide topic Step 10: Design SMTP exit to inspect and filter unwanted mail (optional). The topic points out that "The SMTP server can be allowed to call the SMTP exit program to interrogate data coming from the JES spool as well as the inbound TCP/IP connections." The topic also points out that "The message contents cannot be changed in any way by the exit."

To lock down who uses SMTP via RACF:

  • In the SMTP user exit, code a RACROUTE REQUEST=AUTH,UTOKEN=saftoken. The pointer to the SAF token is in EZBPTOKP. The ICHRUTKN macro maps this token.
  • In the SMTP configuration data set (SMTPCONF), code this EXITDIRECTION statement to control whether this SMTP calls the SMTP exit program. The SMTP exit program is provided by the customer to interrogate data that is sent to SMTP from the JES spool:

    EXITDIRECTION BOTH SAFYES

    • BOTH indicates that the SMTP exit is called for inbound data from a TCP/IP connection and for outbound data from the JES spool.

    SAFYES indicates that for data that comes only from the JES spool, SMTP requests SAF information from the JES interface.


To override the FROM: statement to disable spoofing, code the user exit to:
  • Scan the MAIL for FROM:<mail.address> string.
  • Look for the @ in the string and verify that the domain name is on a list of authorized values.

CSSMTP also provides a user exit facility that can be used to implement these functions. The USEREXIT statement in the CSSMTP configuration, with the MODIFY CSSMTP,USEREXIT command, defines which user exit is called by CSSMTP. For compatibility with the SMTP server, Version 2 is provided. Version 3 is provided to take advantage of the additional features that are provided by CSSMTP. For CSSMTP, the user exit itself is coded in the same way as it is for SMTP. See the topic "You can write a CSSMTP user exit or use the existing SMTPD user exit to inspect mail before it is sent to a target server" in the IP Configuration Guide's section entitled "Security for CSSMTP".

Unlike SMTP, CSSMTP already provides a RACF resource, so it is not necessary for the CSSMTP user exit to have a RACF test. CSSMTP defines a RACF resource for checking whether a user is authorized to send to CSSMTP a spool file. For more information, see the topic "You can control whether CSSMTP reads and processes the spool files created by specific users by creating one or more resource profiles in the SERVAUTH class.", in the IP Configuration Guide's section entitled "Security for CSSMTP".



For more information about how you can use an SMTP or CSSMTP server exit to check and accept or reject mail outbound from the JES spool, see the topic Steps for using the SMTP server exits in the IP Configuration Reference. In addition, for CSSMTP server exits, see the topic CSSMTP user exit version 3 in the IP Configuration Reference.

[{"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"--","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"1.12;1.13;2.1;2.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
15 June 2018

UID

swg21665859

Page Feedback