Overview

Several of our products generate email. When they do so, they pass the email to IBM i's SMTP stack for delivery using IBM's® QtmmSendMail() API. Some of our customers use service providers to handle delivery (aka. forwarding or relaying) of email. Increasingly, email service providers are requiring SMTP Authentication before delivering email. Before V6R1, IBM i's SMTP stack does not support outbound SMTP Authentication. If you are running V6R1 or later, see our companion article for instructions.

This article describes a method of avoiding the problem by configuring IBM i to deliver email directly to the world at large. The three key elements required are:

  1. Configuring direct delivery by removing mailhub and mail router specifications if present.
  2. Configuring IBM i access to DNS servers.
  3. Configuring DNS to correctly identify the SMTP host name.

1. Direct Delivery

IBM i will deliver email directly if a mailhub and mail router are not configured. To check or remove the mailhub and mail router specifications, prompt the Change SMTP Attributes (CHGSMTPA) command, page down once and change the Mail router (MAILROUTER) parameter to *NONE:

                        Change SMTP Attributes (CHGSMTPA)                       

Type choices, press Enter.

User ID delimiter . . . . . . . '.' *SAME, *DFT, ?, =, ., &, $...

Mail router . . . . . . . . . . *NONE



Coded character set identifier 00819 1-65533, *SAME, *DFT
Outgoing EBCDIC/ASCII table:
Outgoing EBCDIC/ASCII table . *CCSID Name, *SAME, *CCSID, *DFT
Library . . . . . . . . . . Name, *LIBL, *CURLIB
Incoming ASCII/EBCDIC table:
Incoming ASCII/EBCDIC table . *CCSID Name, *SAME, *CCSID, *DFT
Library . . . . . . . . . . Name, *LIBL, *CURLIB
Firewall . . . . . . . . . . . . *YES *SAME, *YES, *NO
Journal . . . . . . . . . . . . *YES *SAME, *YES, *NO
Process all mail through MSF . . *YES *SAME, *YES, *NO
Percent routing character . . . *YES *SAME, *YES, *NO
More...
F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display
F24=More keys

If you are running V5R4M0 skip this step. If you are running V6R1M0 or later, page down three more times and change the Forwarding mailhub server (FWDHUBSVR) parameter to *NONE:

                        Change SMTP Attributes (CHGSMTPA)
                                                                                
Type choices, press Enter.

Override reject connect list . . *NO *SAME, *NO, *YES
Allow bare line feed . . . . . . *YES *SAME, *NO, *YES
Verify identification . . . . . *NO *SAME, *NO, *YES
Allow authentication . . . . . . *NONE *SAME, *RELAY, *LCLRLY, *NONE
Verify MSF messages . . . . . . *NO *SAME, *YES, *NO
Verify from user . . . . . . . . *ALL *SAME, *ALL, *LIST, *NONE
Forwarding mailhub server . . . *NONE









Bottom
F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display
F24=More keys

2. DNS Access

In order to determine how to deliver email for a recipient, IBM i must have access to a DNS server. The IP addresses of the DNS servers you should use are supplied by your internet service provider. If for example your service provider supplies DNS servers 8.8.8.8 and 8.8.4.4, prompt the Change TCP/IP Domain (CHGTCPDMN) command and enter the IP addresses.

                        Change TCP/IP Domain (CHGTCPDMN)                        

Type choices, press Enter.

Host name . . . . . . . . . . . 'mailout'

Domain name . . . . . . . . . . 'ofc.widget.com'



Domain search list . . . . . . . *DFT



Host name search priority . . . *LOCAL *REMOTE, *LOCAL, *SAME

Domain name server:
Internet address . . . . . . . '8.8.8.8'
'8.8.4.4'


Bottom
F3=Exit F4=Prompt F5=Refresh F10=Additional parameters F12=Cancel
F13=How to use this display F24=More keys

To verify that IBM i can resolve external names run ping ibm.com. You may or may not receive responses, but you should not receive Unknown host, ibm.com.

If you do not know the IPs to use, a reasonable guess can be retrieved from a PC attached to the local area network that contains the system:


Host Name . . . . . . . . . . . . : PC001
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ofc.widget.com

Ethernet adapter Widget Net:

Connection-specific DNS Suffix . : ofc.widget.com
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 00-11-22-33-44-55
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.0.2.10
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : 192.0.2.1
DHCP Server . . . . . . . . . . . : 192.0.2.132
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4

Lease Obtained. . . . . . . . . . : Sunday, August 21, 2011 4:30:38 PM
Lease Expires . . . . . . . . . . : Monday, August 22, 2011 4:30:38 PM  

C:\Documents and Settings\Programmer>

3. DNS Identity

When IBM i contacts a recipient's mail server, it introduces itself with the fully qualified SMTP host name configured using the Change TCP/IP Domain (CHGTCPDMN) command. In the example below, the machine introduces itself as mailout.ofc.widget.com.

                        Change TCP/IP Domain (CHGTCPDMN)                        

Type choices, press Enter.

Host name . . . . . . . . . . . 'mailout'

Domain name . . . . . . . . . . 'ofc.widget.com'



Domain search list . . . . . . . *DFT



Host name search priority . . . *LOCAL *REMOTE, *LOCAL, *SAME
Domain name server:
Internet address . . . . . . . '192.0.2.1'
'192.0.2.2'


Bottom
F3=Exit F4=Prompt F5=Refresh F10=Additional parameters F12=Cancel
F13=How to use this display F24=More keys

When a recipient's mail server is contacted by IBM i , the mail server sees the traffic as coming from the publicly visible IP address of your connection. For example, the external IP address of your DSL modem. To determine the IP address seen externally go to network-tools.com. The IP address shown in the search box is the external public IP of your connection. Alternately, go to centralops.net/co/. The IP address shown for user: is the external public IP of your connection.

Increasingly, mail servers are confirming the identity of machines sending email by performing a DNS look up on the fully qualified host name sent during the introduction, mailout.ofc.widget.com in this example. If the IP address returned by DNS is not the same as the visible IP address the traffic is coming from, email is rejected or discarded as spam.

To insure that IBM i passes this test, you must add, or have your domain registrar add, an address record and a PTR record for your system's fully qualified SMTP host name to the DNS records for your domain. In this example:

mailout.ofc.widget.com. IN A nnn.nnn.nnn.nnn
nnn.nnn.nnn.nnn IN PTR mailout.ofc.widget.com.

Are added to the DNS records for the domain widget.com where nnn.nnn.nnn.nnn is the publicly visible IP address determined above.