using AS400 SMTP server

[Dave Wise]

I'm trying to use the SMTP server from our AS400, which has outbound access to the internet but is blocked from inbound ports.

The purpose is to have our custom AS400 software email customer invoices, statements, and ocasional reports.

I've added an SFP TXT record to the DNS and that seems to be accepted as a "pass" by many servers. However certain servers like aol.com and rcn.com will not accept email from us. The reason given is usually some kind of timeout that doesn't give the reason that the server won't accept email from us:

NOT ABLE TO DELIVER MAIL TO SOME/ALL RECIPIENTS.
REPLY CODES WITH FIRST DIGIT = '4' OR '5' ARE ERROR REPLIES.
ERRORS THAT DO NOT HAVE ERROR REPLY CODES MAY EXIST.

HOST PNNK00 NOT ABLE TO DELIVER MAIL TO FOLLOWING RECIPIENT(S):
<xxx...@yyyyyyy.NET>
RETRIES EXHAUSTED WHILE ATTEMPTING TO CONNECT TO REMOTE HOST yyyyyyyy.

In looking into this more, I see that while we now have an SPF that seems OK, we don't have domain keys, DKIM or sender id

Does anyone know the best way to get an AS400 internal SMTP server to be trusted where the AS400 is being used for Send Only and not open to public internet pings on any port?

Thanks

[Richard Schoen]

Can't you bounce/relay it off a real internal SMTP server rather than
trying to let the AS/400 do the sending ?

The mail server framework has always been fraught with issues and it may
be better to bounce off another mail server rather than let the AS/400
deliver the mail.

Food for thought.

Regards,
Richard Schoen
RJS Software Systems Inc.
Where Information Meets Innovation
Document Management, Workflow, Report Delivery, Forms and Business
Intelligence
Email: ric...@rjssoftware.com
Web Site: http://www.rjssoftware.com
Tel: (952) 736-5800
Fax: (952) 736-5801
Toll Free: (888) RJSSOFT

[Dave Wise]

On Sunday, August 12, 2012 10:42:55 AM UTC-4, Richard Schoen wrote:
> Can't you bounce/relay it off a real internal SMTP server rather than trying to let the AS/400 do the sending ? The mail server framework has always been fraught with issues and it may be better to bounce off another mail server rather than let the AS/400 deliver the mail. Food for thought. Regards, Richard Schoen RJS Software Systems Inc. Where Information Meets Innovation Document Management, Workflow, Report Delivery, Forms and Business Intelligence Email: ric...@rjssoftware.com Web Site: http://www.rjssoftware.com Tel: (952) 736-5800 Fax: (952) 736-5801 Toll Free: (888) RJSSOFT On 8/6/12 9:23 AM, Dave Wise wrote: > I'm trying to use the SMTP server from our AS400, which has outbound access to the internet but is blocked from inbound ports. > > The purpose is to have our custom AS400 software email customer invoices, statements, and ocasional reports. > > I've added an SFP TXT record to the DNS and that seems to be accepted as a "pass" by many servers. However certain servers like aol.com and rcn.com will not accept email from us. The reason given is usually some kind of timeout that doesn't give the reason that the server won't accept email from us: > > NOT ABLE TO DELIVER MAIL TO SOME/ALL RECIPIENTS. > REPLY CODES WITH FIRST DIGIT = '4' OR '5' ARE ERROR REPLIES. > ERRORS THAT DO NOT HAVE ERROR REPLY CODES MAY EXIST. > > HOST PNNK00 NOT ABLE TO DELIVER MAIL TO FOLLOWING RECIPIENT(S): > <xxx...@yyyyyyy.NET> > RETRIES EXHAUSTED WHILE ATTEMPTING TO CONNECT TO REMOTE HOST yyyyyyyy. > > In looking into this more, I see that while we now have an SPF that seems OK, we don't have domain keys, DKIM or sender id > > Does anyone know the best way to get an AS400 internal SMTP server to be trusted where the AS400 is being used for Send Only and not open to public internet pings on any port? > > Thanks > > > > > >

good idea - in fact that's what we do now. Except we're eliminating our in house exchange server and going to google.

[Dave Wise]

good idea - in fact that's what we do now. Except we're eliminating our in house exchange server and going to google.

We've actually come a long way since my first post. We've added reverse DNS (a PTR record at our ISP). That seems to have helped our sending using AS400 SMTP server and for the most part eliminated the undeliverable errors I first reported.

We've tried authenticaing to google using TLS/SSL. Actually we've successfully done this using SSL via our AS400 SMTP server, but since we don't want to use SNDDST that doesn't help us.

We've also downloaded a trial version of MAILTOOL which does do TLS/SSL authentication using it's own mail sending command. The problem with that is while authenticating with google, we can only send "from" the user that's authenticated. Our desire is not to store google passwords for all our users that would be sending from the AS400. So while that's better, it really doesn't satisfy our requirement. The developer for that software is experimenting to see if there is a work around for that.

We're still exploring this.

[trans am kid]

I send hundreds of thousands of emails a year from our ibm i. I use mailtool (actually mailtool plus (bypass the ibm smtp server), BUT I route them over to a "real" email server that sits on the lan.

I use "mailenable" (the standard version is free and will run just fine on an XP pc). As long as you have a rev dns pointer, and you have the spf txt record updated, you should be pretty much set to go.

The reason I do this is simple. The chances of the ibmi not being able to "reach" an internal (on the lan mail server) versus a remote one out on the internet is far less. And that "internal" email server could forward to another but it will send them just fine also.

I use mailenable professional for our email at work, we have hundreds of email accounts and it works just fine for the thousands and thousands of emails we get and send every day. We have hosted our own email for nearly 10 years with mailenable. I would not know why anyone would use "exchange".

Of course the "real email server" is on a different ip than our lan ip, and we could forward those emails from the lan email server or send them direct (we send them direct).

I use mailenable standard for our email promo server, another pc we have set up that we do weekly communication with our customers (opt in of course) and we send maybe 5 million a year with it, and again without problems.

So it is a simple way to do it, the emails from the i are routed to the lan email server which sends them. I use and love mailtool and mailtool plus.

chris

[Dave Wise]

We've been looking at that and could set up a local mail server if absolutely necessary. But the whole point is to offload that to cloud based services. So we have successfully used mailtool plus to send mail via google's servers (smtp.gmail.com). The only problem is we will have 120+ mail users at google. We need to authenticate to smtp.gmail.com before it will send and don't mind paying for a single account to do that. But once authenticated we'd like to be able to send mail using any of our 120+ from email addresses so the addressee would know who it's coming from and be able to properly respond, add the address to contacts, and all that good stuff. So what google does is make is looks like all this email is coming not from the address we (actually Mailtool) built into the from address, but rather the replaces that with the authenticating account. We can't have that. We also don't want to maintain a separate list of passwords so every one of our valid email users can send email from the AS400.

[dcu...@grlabel.com]

Dave, I know these posts were from over a year ago, but I was wondering if you ever came up with a solution? We are in same situation right now and would like to send our AS400 emails using the google smtp servers.