Secure SMTP (Simple Mail Transfer Protocol) is an enhanced version of the standard SMTP protocol used for sending emails. It incorporates encryption and authentication mechanisms to ensure that email communications are protected from interception, tampering, and unauthorized access.

Why Is Secure SMTP Required?

• Data Protection: Prevents sensitive information (e.g., passwords, personal data) from being intercepted.
• Compliance: Meets regulatory requirements like GDPR, HIPAA, etc.
• Spam and Abuse Prevention: Authenticated and encrypted email reduces the risk of spoofing and phishing.
• Reputation Management: Ensures your domain/IP isn’t blacklisted due to misuse of unsecured email services.

Secure SMTP in IBM DOORS

• Recently, IBM introduced Secure SMTP (STARTTLS based) functionality in IBM DOORS version 9.7.2.10. This enhancement enables secure email transmission for various features, including password reset, authentication failure notification, and the change proposal system.

Configure Secure SMTP Client

Import server certificate for secure communication

• For Secure SMTP communication, the client needs the server certificate to verify the server’s identity and establish an encrypted, trusted connection.
• Import a certificate using ‘certmgr.msc’

• • Open Certificate manager

• • • • Press Win + R to open Run dialog.
      • Type` certmgr.msc` and press Enter.
      • This opens the Certificate Manager.

• • Choose the certificate store

• • • • In the left pane, select ‘Trusted Root Certification Authorities’.

• • Start the Import wizard

• • • • Right-click on the Certificates folder under the selected store.
      • Select All Tasks > Import to launch the Certificate Import Wizard.

• • Select the Certificate file

• • • • Click Next, then Browse to locate your certificate file (.cer, .crt, .pfx, etc.).
      • Select the file and click Open, then Next.

• • Enter Password (if applicable)

• • • • If you're importing a .pfx file, you’ll be prompted to enter the password.
      • Optionally, check:
        • Mark this key as exportable
        •  Include all extended properties

• • Choose Certificate store

• • • • Select ‘Place all certificates in the following store’
      • Select ‘Intermediate certificates authorities’, then click `Next`
      • Click `Finish`
      • A confirmation message should appear: "The import was successful." 

Configure secure SMTP properties in DOORS

• To configure SMTP properties, navigate to Doors Database > Properties > Database… > General tab

• In General tab, update following properties.
  • SMTP Mail Server
  • Mail Account
  • STARTTLS: 'True' for secure communication, 'False' for non-secure communication
  • Port
  • Minimum client version: should be ‘9.7.2.10’ to configure secure communication
• Setting ‘Minimum client version’ to <9.7.2.10 would disable ‘STARTTLS’ and ‘Port’ properties and SMTP would be configured for non-secure on hard-code port number ‘25’.

Configure SMTP Server

• For implementation and testing, we have installed and configured SMTP server in Windows Server 2019 Data center.
• In domain name, add ibm.com , which allows to send mails to ibm.com domain only.
• Under the General tab > Advanced, you can specify the IP address and TCP port to enable communication using the defined configuration parameters.

• Under the Access tab, ‘Require TLS encryption’ field kept unchecked, so server does support both secure and non-secure communication. Marking ‘Require TLS encryption’ to TRUE, only supports secure communication and block non-secure communication attempt.

• Under the Delivery tab > Outbound security, mark `TLS encryption` as TRUE, this ensures secure email transmission by encrypting the connection between the SMTP server and the recipient's mail server.

Verify SMTP Communication

• In DOORS, there are three features namely Password Reset, User Authentication Failure and Change Proposal System do use email functionality. For DOORS version 9.7.2.10 or later, all these features support secure SMTP communication.
• From the above three features, Password reset feature exposes sensitive user verification code if email communication is kept non-secure. Below scenario depict the same.
• To receive the verification code, navigate to the login screen, enter your username, and click the 'Reset Password' button.

• Using Wireshark, we can monitor packets sent between server and client to verify secure and non-secure communication.

                                                           'Verification code' exposed in non-secure mode

                                                                      Encrypted data in secure mode

Conclusion

The implementation of the Secure SMTP (Simple Mail Transfer Protocol) feature in IBM Engineering Requirements Managment DOORS significantly enhances the platform’s communication security and compliance posture. By enabling encrypted email transmission via TLS, this feature ensures that sensitive project notifications and user communications are protected against interception and unauthorized access.

This upgrade aligns with cybersecurity standards and organizational policies, reducing the risk of data breaches and improving trust in automated email workflows. Overall, Secure SMTP integration in DOORS not only strengthens data protection but also supports regulatory compliance and fosters a more secure engineering lifecycle.

Useful Resource

• IBM DOORS product documentation – Setting up email

This blog benefited significantly from the thoughtful review and feedback provided by @SARAT Devineni and @Tim Feeney. Thank you !