Kisco Systems

Kisco U

SMTP relay controls

Home : Kisco U : SMTP relay controls

Many IBM i shops keep the SMTP server active on their system to support host-based applications that format and send e-mail messages such as alerts and notifications. With the SMTP server active your system could be open to spammers who could take over the SMTP server to relay their spam messages.

Check to see if SMTP is active:

WRKACTJOB SBS(QSYSWRK) JOB(QTSM*)

If there are any tasks displayed then the SMTP server is active.

Or check SMTP status in Nav: Network > Servers > TCP/IP Servers

Controlling SMTP mail relay involves two processes:

  • Set the ALWRLY parameter in the SMTP Attributes. Use CHGSMTPA (Change SMTP Attributes) command. Your user profile must have the *IOSYSCFG special authority to be able to use the CHGSMTPA command. When you first prompt the command, press the F9 key to show all of the parameters.

    *ALL - open access, a very risky configuration
    *NONE - deny all mail relays. Ff you are sending mail using SNDDST, SNDSMTPEMM or other program-controlled methods, you cannot leave this setting at *NONE as it will block mail being sent from your system
    *LIST - only IP addresses that match an *ACCEPT SMTP list entry will be allowed or denied
    *NEAR - only IP addresses that match a *NEAR SMTP list entry will be allowed
    *BOTH - the system will look at both the *LIST and *NEAR entries

  • Update the SMTP list to indicate who can relay mail. Use ADDMSTPLE (Add SMTP List Entry) command. There are a lot of options for this command, but as a simple example let's set up an entry that will permit mail to be relayed from your IBM i. If you system has an IP address of 10.100.2.1, then you would add a relay accept transaction that looks like the following:
    ADDSMTPLE TYPE(*ACCEPT) INTNETADR('10.100.1.2')
    SUBNETMASK('255.255.255.255')

    This entry will accept all SMTP mail that is sent from the specific IP address indicated in the INTNETADR parameter. The subnet mask used here is coded so that only the specific IP address will be processed. You can also use this command to post a *REJECT or *NEAR entry to the SMTP list to indicate specific IP addresses to be rejected or to define a system to be considered as a *NEAR system. Varying the subnet mask lets you define ranges of IP addresses. Using RMVSMTPLE (Remove SMTP List Entry) command to delete entries.

    If you have been using SMTP list entries for a while, you may need to know what entries are already established. Examine the various members in the file named QATMADRLST in library QUSRSYS. Each member, which you will find appropriately named, contains the list entries for that type.