Hello Connections,

Need your help in resolving the below issue in IBMi system.

Our requirement - The user in AS400 has to authenticate the external SMTP server and post successful authentication, then only it will deliver the email to recipients.

We have already configured user (QSECOFR) Through I Navigator using the below path, Network -> Server -> TCP/IP Servers -> SMTP -> SMTP properties -> Authentication, added QSECOFR profile authentication details with the SMTP (SMTP hostname, User ID and Password).

Using QSECOFR, we are able to send emails successfully from AS400 with SNDDST and SNDSMTPEMM and it delivers to recipients as well.

Now, we want similar functionality for other users in AS400 for the same SMTP hostname to execute, but since same hostname (duplicate entry is not allowed) cannot be added into authentication method from I-Navigator - we have followed the remote login entry method 

We have added an additional user (i.e., HAADMIN) into remote login entry (using ADDSMTPRLE) with authentication to the external SMTP host server, so that it can authorize at SMTP server level and send emails to recipients.

When email sent from HAADMIN user, its not getting delivered to recipients.

But when we send it from QSECOFR, the emails are getting delivered.

Upon checking the external SMTP server logs, We see the Authorization Account and Mail Account are different.

Ex:- In As400, Emails sent from HAADMIN profile. But in the SMTP server logs, below are the details.

Authorization Account : QSECOFR.CNJDEPR@bp365test.bp.com.cn (Even though we sent email from HAADMIN profile, not sure how QSECOFR.CNJDEPR@bp365test.bp.com.cn profile is getting authrorized here instead of HAADMIN.CNJDEPR@bp365test.bp.com.cn - please let us know where to change this?).

Mail Account : haadmin.cnjdepr@bp365test.bp.com.cn

Scenario1:- If mail sent from user QSECOFR then both Authorization Account and Mail account should be qsecofr.cnjdepr@bp365test.bp.com.cn

Scenario2:- If mail sent from user HAADMIN then both Authorization Account and Mail account should be haadmin.cnjdepr@bp365test.bp.com.cn

Upon checking with SMTP server Team, they have informed us that when a email is sent from HAADMIN profile then both the Authorization Account and Mail account should be same haadmin.cnjdepr@bp365test.bp.com.cn in order to deliver the emails to end users.

In the above case, both are different, that's why the email delivery is not happening..

When sent from QSECOFR, we don't have any issue at all as both Authorization and Mail account are qsecofr.cnjdepr@bp365test.bp.com.cn

So could you please check and advise...

Thank in advance..

------------------------------
Manoj Nahak
------------------------------

Dear Manoj

Have you run ADDDIRE for HAADMIN yet? 

Using QSECOFR for SMTP authentication appers to be an overkill.  It is generally advisable to use QSECOFR only when it is really needed.  I do not see it is needed for SMTP authentication. 

Whenever you change SMTP authentication configuration, you need to restart IBM i SMTP server.  Did you do this ?

Please also make use of IBM i SMTP Client trace as instructed in the very last instruction in this Technote:  https://www.ibm.com/support/pages/how-configure-smtp-client-use-smtp-authentication-smtp-relay

[QUOTE]
If you still experience email delivery issues with the IBM i SMTP Client after the above configuration has been completed successfully, an IBM i SMTP Client trace can be gathered using the instructions in the URL, http://www.ibm.com/support/docview.wss?uid=nas8N1012636, to help determine the cause of your email delivery failures. Locate the QTMSSTRC spool file with the largest amount of pages. The spool file should be for the SMTP Client Pre Start Job or SMTP Client Daemon. These spool files will indicate why the SMTP relay connection, authentication, or delivery of email was unsuccessful.
[UNQUOTE]

------------------------------
Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
------------------------------
Satid S.

Original Message:
Sent: Sat February 25, 2023 05:11 AM
From: Manoj Nahak
Subject: Email Delivery failure with Authentication Method from AS400

Hello Connections,

Need your help in resolving the below issue in IBMi system.

Our requirement - The user in AS400 has to authenticate the external SMTP server and post successful authentication, then only it will deliver the email to recipients.

We have already configured user (QSECOFR) Through I Navigator using the below path, Network -> Server -> TCP/IP Servers -> SMTP -> SMTP properties -> Authentication, added QSECOFR profile authentication details with the SMTP (SMTP hostname, User ID and Password).

Using QSECOFR, we are able to send emails successfully from AS400 with SNDDST and SNDSMTPEMM and it delivers to recipients as well.

Now, we want similar functionality for other users in AS400 for the same SMTP hostname to execute, but since same hostname (duplicate entry is not allowed) cannot be added into authentication method from I-Navigator - we have followed the remote login entry method 

We have added an additional user (i.e., HAADMIN) into remote login entry (using ADDSMTPRLE) with authentication to the external SMTP host server, so that it can authorize at SMTP server level and send emails to recipients.

When email sent from HAADMIN user, its not getting delivered to recipients.

But when we send it from QSECOFR, the emails are getting delivered.

Upon checking the external SMTP server logs, We see the Authorization Account and Mail Account are different.

Ex:- In As400, Emails sent from HAADMIN profile. But in the SMTP server logs, below are the details.

Authorization Account : QSECOFR.CNJDEPR@bp365test.bp.com.cn (Even though we sent email from HAADMIN profile, not sure how QSECOFR.CNJDEPR@bp365test.bp.com.cn profile is getting authrorized here instead of HAADMIN.CNJDEPR@bp365test.bp.com.cn - please let us know where to change this?).

Mail Account : haadmin.cnjdepr@bp365test.bp.com.cn

Scenario1:- If mail sent from user QSECOFR then both Authorization Account and Mail account should be qsecofr.cnjdepr@bp365test.bp.com.cn

Scenario2:- If mail sent from user HAADMIN then both Authorization Account and Mail account should be haadmin.cnjdepr@bp365test.bp.com.cn

Upon checking with SMTP server Team, they have informed us that when a email is sent from HAADMIN profile then both the Authorization Account and Mail account should be same haadmin.cnjdepr@bp365test.bp.com.cn in order to deliver the emails to end users.

In the above case, both are different, that's why the email delivery is not happening..

When sent from QSECOFR, we don't have any issue at all as both Authorization and Mail account are qsecofr.cnjdepr@bp365test.bp.com.cn

So could you please check and advise...

Thank in advance..

------------------------------
Manoj Nahak
------------------------------

Dear Satid,

Thanks for your response. Please find below my update.

Have you run ADDDIRE for HAADMIN yet? 
- Yes, the entry is available in WRKDIRE

Whenever you change SMTP authentication configuration, you need to restart IBM i SMTP server.  Did you do this ?
- Yes, this has been done each time i update the authentication configuration information.

- I have gone though the URL for "Configure the SMTP Client To Use SMTP Authentication with a SMTP Relay" but we haven't configured the SSL for the SMTP client since the SMTP server team unable to provide us the SSL certificate due to some issues. Instead they advised to use the non-ssl port for Email testing which we are doing so.
- Currently we are testing with the non-ssl port (8080) for SMTP email delivery along with authentication. 
- Without SSL, is it not possible to do authentication based on ID and password with SMTP hostname?
- Is SSL certificate mandatory to import and assign it to SMTP client in this case?

Kindly advise.

Regards,
Manoj.

------------------------------
Manoj Nahak

Original Message:
Sent: Mon February 27, 2023 07:30 PM
From: Satid Singkorapoom
Subject: Email Delivery failure with Authentication Method from AS400

Dear Manoj

Have you run ADDDIRE for HAADMIN yet? 

Using QSECOFR for SMTP authentication appers to be an overkill.  It is generally advisable to use QSECOFR only when it is really needed.  I do not see it is needed for SMTP authentication. 

Whenever you change SMTP authentication configuration, you need to restart IBM i SMTP server.  Did you do this ?

Please also make use of IBM i SMTP Client trace as instructed in the very last instruction in this Technote:  https://www.ibm.com/support/pages/how-configure-smtp-client-use-smtp-authentication-smtp-relay

[QUOTE]
If you still experience email delivery issues with the IBM i SMTP Client after the above configuration has been completed successfully, an IBM i SMTP Client trace can be gathered using the instructions in the URL, http://www.ibm.com/support/docview.wss?uid=nas8N1012636, to help determine the cause of your email delivery failures. Locate the QTMSSTRC spool file with the largest amount of pages. The spool file should be for the SMTP Client Pre Start Job or SMTP Client Daemon. These spool files will indicate why the SMTP relay connection, authentication, or delivery of email was unsuccessful.
[UNQUOTE]

------------------------------
Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
------------------------------
Satid S.

Original Message:
Sent: Sat February 25, 2023 05:11 AM
From: Manoj Nahak
Subject: Email Delivery failure with Authentication Method from AS400

Hello Connections,

Need your help in resolving the below issue in IBMi system.

Our requirement - The user in AS400 has to authenticate the external SMTP server and post successful authentication, then only it will deliver the email to recipients.

We have already configured user (QSECOFR) Through I Navigator using the below path, Network -> Server -> TCP/IP Servers -> SMTP -> SMTP properties -> Authentication, added QSECOFR profile authentication details with the SMTP (SMTP hostname, User ID and Password).

Using QSECOFR, we are able to send emails successfully from AS400 with SNDDST and SNDSMTPEMM and it delivers to recipients as well.

Now, we want similar functionality for other users in AS400 for the same SMTP hostname to execute, but since same hostname (duplicate entry is not allowed) cannot be added into authentication method from I-Navigator - we have followed the remote login entry method 

We have added an additional user (i.e., HAADMIN) into remote login entry (using ADDSMTPRLE) with authentication to the external SMTP host server, so that it can authorize at SMTP server level and send emails to recipients.

When email sent from HAADMIN user, its not getting delivered to recipients.

But when we send it from QSECOFR, the emails are getting delivered.

Upon checking the external SMTP server logs, We see the Authorization Account and Mail Account are different.

Ex:- In As400, Emails sent from HAADMIN profile. But in the SMTP server logs, below are the details.

Authorization Account : QSECOFR.CNJDEPR@bp365test.bp.com.cn (Even though we sent email from HAADMIN profile, not sure how QSECOFR.CNJDEPR@bp365test.bp.com.cn profile is getting authrorized here instead of HAADMIN.CNJDEPR@bp365test.bp.com.cn - please let us know where to change this?).

Mail Account : haadmin.cnjdepr@bp365test.bp.com.cn

Scenario1:- If mail sent from user QSECOFR then both Authorization Account and Mail account should be qsecofr.cnjdepr@bp365test.bp.com.cn

Scenario2:- If mail sent from user HAADMIN then both Authorization Account and Mail account should be haadmin.cnjdepr@bp365test.bp.com.cn

Upon checking with SMTP server Team, they have informed us that when a email is sent from HAADMIN profile then both the Authorization Account and Mail account should be same haadmin.cnjdepr@bp365test.bp.com.cn in order to deliver the emails to end users.

In the above case, both are different, that's why the email delivery is not happening..

When sent from QSECOFR, we don't have any issue at all as both Authorization and Mail account are qsecofr.cnjdepr@bp365test.bp.com.cn

So could you please check and advise...

Thank in advance..

------------------------------
Manoj Nahak
------------------------------