IBM Software Technical Document
       Document Number: 519611543  
____________________________________________________________

Functional Area:                   AS/400 Mail                        
Subfunctional Area:              SMTP
Sub-Subfunctional Area:       General

___________________________________________________________

       

Product:

I5/OS (5761SS1TC)
IBM TCP/IP CONNECTIVITY UTILIT (5770TC100)

OS/400 Release:

6.1; 6.1.1; 7.1; V6R1M0; V6R1M1; V7R1M0

Product Release:

N/A

Classification:

Entitled/Advanced

Status:

Available

Date First Made Available

06/04/2009

Keywords:

SMTP

Tasks:

Use

Document Topics:

Documentation-191




 
____________________________________________________________

Document Title:  Configuring SMTP Authentication

Abstract


This document explains how to configure native SMTP client authentication.



Document Description:
 Before starting with configuring SMTP for authentication, a digital certificate must be installed in DCM.  For an overview of DCM and digital certificates, refer to:  

o  Rochester Support Center knowledgebase document 416096345, Digital Certificate Manager, Getting Started:  Link  
o  Redbooks iSeries Wired Network Security at the following URL:  http://www.redbooks.ibm.com/redbooks/SG246168.html

Part 1:  Assigning a Digital Certificate to the SMTP Client

1.  From the main IBM Systems Director Navigator for i5, click on the i5/OS tasks page and select Digital Certificate Manager:

Screen of i5 tasks page

2.  Sign into the *SYSTEM Store and click Fast Path from the left panel; then select Work with client applications:

Fast path


3.  Select i5/OS TCP/IP SMTP Client and click the Work with Application button:

Work with Client Applications

4.  Click the Update Certificate Assignment button:

Update Certificate assignment


5.  Select a valid certificate from the list and click the Assign New Certificate.  Note:  If you do not see a certificate in the list, refer to the documents above on how to create a new certificate:

Update Certificate assignment

6. Make sure that you have trusted the CA that signed the SMTP server side certificate.

Certificate Authority (CA) certificates in the application trust list:

LOCAL_CERTIFICATE_AUTHORITY_10B233A2(3)

LOCAL_CERTIFICATE_AUTHORITY_10B233A2(2)

LOCAL_CERTIFICATE_AUTHORITY_10B233A2(1)

GeoTrust Global CA

GeoTrust True Credentials CA 2

Equifax Secure Certificate Authority

Equifax Secure eBusiness CA-1

Equifax Secure eBusiness CA-2

Equifax Secure Global eBusiness CA-1

Microsoft Root Authority

Thawte Personal Premium CA

Thawte Personal Freemail CA

Thawte Personal Basic CA

Thawte Premium Server CA

VeriSign Class 3 CA Individual Subscriber-Persona Not Validated

Verisign Class 1 Public Primary Certification Authority

Verisign Class 2 Public Primary Certification Authority

 





Part 2:  Authentication

1.  Open i5/OS Navigator and go to Network>Servers>TCP/IP.  Right click on SMTP and select Properties:

i5 Navigator

2.  From the General tab, add the name of the mail hub that the i5 will authenticate to. The command line equivalent is as follows:

CHGSMTPA FWDHUBSVR(MAILHUB)


SMTP Properties mailhub
3.  From the Authentication tab, select Require TLS/SSL and authenticate only the relay radial button:

This is not required for client authentication; this is for Server authentication.


SMTP Properties Authentication
4.  In the Logon information for relay server, click the Add button and add the host name for the mailhub, user name, and password that is used to authenticate to that mailhub. The command line equivalent is as follows:  

ADDSMTPLE TYPE(*HOSTAUTH) HOSTNAME(MAILHUB) USERNAME(kswan) PASSWORD()

Add host logon information

5.  Once this is all completed, restart the SMTP server either from the Navigator screen or with the following commands:

ENDTCPSVR *SMTP, STRTCPSVR *SMTP