Re: AT-TLS and CSSMTP setup

2023-08-01 Thread Phil Smith III
Brian Westerman asked: >so you can use authsmtp.com to send directly from CSSMTP? It's just an SMTP server, so if you can get there from your network, sure. >When you send the email, does it come from where you say it should or >do you have to use a special email that they give you? You tell it

Re: AT-TLS and CSSMTP setup

2023-07-31 Thread Brian Westerman
so you can use authsmtp.com to send directly from CSSMTP? When you send the email, does it come from where you say it should or do you have to use a special email that they give you? That would be great. I assume they have an smtp server that you set up in the targetname field. Do you know

Re: AT-TLS and CSSMTP setup

2023-07-31 Thread Phil Smith III
Brian Westerman asked: >I think there are 3rd party sites that offer the use of SMTP for forwarding >that I might want to give a try. I've used authsmtp.com for ~20 years. Good folks and it Just Works. When I've had weird issues, they do the analysis and get right back to me, even though it's

Re: AT-TLS and CSSMTP setup

2023-07-31 Thread Seymour J Metz
fastmail? From: IBM Mainframe Discussion List on behalf of Brian Westerman Sent: Monday, July 31, 2023 3:20 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS and CSSMTP setup Hi, Peters directions for setting up the trace were very simple and easy

Re: AT-TLS and CSSMTP setup

2023-07-31 Thread Brian Westerman
Hi, Peters directions for setting up the trace were very simple and easy to follow. It was discovered that I was missing a CA cert that was not called out by the host site. (which he sent me). Now I'm at a stopping place because the webhost site is requiring authentication on each email (as

Re: AT-TLS and CSSMTP setup

2023-07-31 Thread Allan Staller
Classification: Confidential Have you updated the TCP/IP policy agent accordingly? -Original Message- From: IBM Mainframe Discussion List On Behalf Of Brian Westerman Sent: Saturday, July 29, 2023 9:12 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: AT-TLS and CSSMTP setup [CAUTION

Re: AT-TLS and CSSMTP setup

2023-07-30 Thread Phil Smith III
Since I know almost nothing about AT-TLS config, this might be dumb, but: Don't forget to try the *AUTH*/* key ring. That's a "virtual key ring" that represents all the trusted certs, and is a great shortcut for saying "Do I have the right cert in there somewhere but the key ring setup isn't

Re: AT-TLS and CSSMTP setup

2023-07-30 Thread Colin Paice
Getting a GSK trace is non trivial. See here for instructions On Sun, 30 Jul 2023 at 05:36, Peter Vels wrote: > That is OK. But I need to see the output from the GSKSRVR trace to get to > the bottom of

Re: AT-TLS and CSSMTP setup

2023-07-29 Thread Peter Vels
That is OK. But I need to see the output from the GSKSRVR trace to get to the bottom of the issue. I suspect that you are missing a CA somewhere, and the trace will tell us WHICH certificate that is. On Sun, 30 Jul 2023 at 14:23, Brian Westerman wrote: > This is what I get from your command:

Re: AT-TLS and CSSMTP setup

2023-07-29 Thread Brian Westerman
This is what I get from your command: racdcert id(CSSMTP) listr(CSSMTPRing) Digital ring information for user CSSMTP: Ring: >CSSMTPRing<

Re: AT-TLS and CSSMTP setup

2023-07-29 Thread Peter Vels
"ADD" adds a certificate (contained in a data set) to RACF, but *not* to a keyring. For that you need "CONNECT". RC 8 means: An error is detected while validating a certificate, so a CA is missing from the keyring (even though you might've ADDed it to RACF). IBM says (edited for brevity): 1.

Re: AT-TLS and CSSMTP setup

2023-07-29 Thread Brian Westerman
I get BPXF024I (TCPIP) Jul 30 01:12:45 TTLS[16777256]: 18:12:45 TCPIP 639 EZD1286I TTLS Error GRPID: 0007 ENVID: 0009 CONNID: 009B LOCAL: 192.168.1.66..1122 REMOTE: 99.198.97.250..587 JOBNAME: CSSMTP USERID: CSSMTP RULE: CSSMTP RC:8 Initial Handshake 00 00

Re: AT-TLS and CSSMTP setup

2023-07-29 Thread Phil Smith III
Gil asked about Hansen's Law. Different Hansen-this is a guy we worked with. We also had Weald's Corollary: Even when it isn't a certificate issue, it's a certificate issue. -- For IBM-MAIN subscribe / signoff / archive access

Re: AT-TLS and CSSMTP setup

2023-07-29 Thread Colin Paice
Please paste the messages you get. You can configure an ATTLS traceI tend to use TRACE(2) This can be configured in TTLSGroupAction TTLSEnvironmentAction and TTLSConnectionAction If syslogd is not running I get messages on the system log EZD1286I TTLS Error GRPID: 0007 ENVID: 0002

Re: AT-TLS and CSSMTP setup

2023-07-28 Thread Paul Gilmartin
On Sat, 29 Jul 2023 00:48:00 -0400, Phil Smith III wrote: >No errors anywhere? Just RC=8? > >"It's a certificate error" -Hansen's Law > Or the firewall. ??? -- gil

Re: AT-TLS and CSSMTP setup

2023-07-28 Thread kekronbekron
Hi Brian, You may find useful bits of info here - https://colinpaice.blog/2023/02/21/sending-an-email-from-z-os/ Either in this post or generally in this blog. - KB --- Original Message --- On Saturday, July 29th, 2023 at 10:18 AM, Phil Smith III wrote: > No errors anywhere? Just

Re: AT-TLS and CSSMTP setup

2023-07-28 Thread Phil Smith III
No errors anywhere? Just RC=8? "It's a certificate error" -Hansen's Law https://bit.listserv.ibm-main.narkive.com/4Iu5ZeUA/setting-up-gmail-as-outbound-mail-server-on-z-os might be a hint, especially the bit about enabling gsktrace, which is your friend.

AT-TLS and CSSMTP setup

2023-07-28 Thread Brian Westerman
Hi, Has anyone got working directions for setting up AT-TLS with the CSSMTP server. I found the IBM manual Steps for using Transport Layer Security for CSSMTP, and went through all of the steps, but I still get stuck when I change secure=Yes in CSSMTP on a RC=8 (initial handshake) error with