Welcome to the new Schneider Electric Community

It's your place to connect with experts and peers, get continuous support, and share knowledge.

  • Explore the new navigation for even easier access to your community.
  • Bookmark and use our new, easy-to-remember address (community.se.com).
  • Get ready for more content and an improved experience.

Contact SchneiderCommunity.Support@se.com if you have any questions.

Close
Invite a Co-worker
Send a co-worker an invite to the Exchange portal.Just enter their email address and we’ll connect them to register. After joining, they will belong to the same company.
Send Invite Cancel
84571members
353844posts

DCO Secure SMTP communication

EcoStruxure IT forum

A support forum for Data Center Operation, Data Center Expert, and EcoStruxure IT product users to share knowledge on installation, configuration, and general product use.

Solved
DCIM_Support
Picard
Picard
0 Likes
5
365

DCO Secure SMTP communication

This question was originally posted on DCIM Support by Jim Davis on 2016-11-21


Hi team

 

During a DCO 8.0.1 installation project, the customer has stated that they would be requiring to us secure SMTP communications. I can see the "Secure SMTP" checkbox, but what does the "Requires STARTTLS extension" involve to enable this functionality?

Regards

 

Jim Davis - NIE Melbourne/AU

 

(CID:110006039)


Accepted Solutions
DCIM_Support
Picard
Picard
0 Likes
0
365

Re: DCO Secure SMTP communication

This answer was originally posted on DCIM Support by Jim Davis on 2016-12-08


Answer provided by Sean Macey

Although port 587 doesn't mandate requiring STARTTLS, the use of port 587 became popular around the same time as the realisation that SSL/TLS encryption of communications between clients and servers was an important security and privacy issue and encryption extensions were being defined for sMTP. So shortly after port 465 was defined, it was revoked with the expectation that clients would move to using STARTTLS over port 587

The result is that in most cases, systems that offer message submission over port 587 require clients to use STARTTLS to upgrade the connection and also require a username and password to authenticate.

In short, when using STARTTLS use port 587.

(CID:110007854)

See Answer In Context

5 Replies 5
DCIM_Support
Picard
Picard
0 Likes
2
365

Re: DCO Secure SMTP communication

This answer was originally posted on DCIM Support by Balaraman Jagadeesan on 2016-11-21


Dear Jim,

It all depends upon the SMTP Server. 

To protect SMTP communications, servers can use transport-layer security (TLS), more commonly known as SSL encryption, to provide privacy and authentication.

Some servers support SSL for SMTP communications by sending and receiving SMTP traffic through the SSL port (port 465 by default) only. However, because this requires that both the sending and receiving servers support SMTP over SSL, this solution isn't always practical.

To provide SSL security for SMTP transfers over TCP/IP, IBM® Lotus® Domino® supports the use of negotiated SSL. In a negotiated SSL scheme, the sending and receiving hosts each use the SMTP STARTTLS extension, defined in RFC 2487, to signal their readiness to negotiate an SSL connection. The receiving server displays the STARTTLS keyword in response to the sending server's EHLO command. The sending server issues the STARTTLS command to request the creation of a secure connection. After the initial TLS handshake completes successfully, the two parties proceed to set up an SSL channel between them. Both the sending and receiving server must possess SSL certificates.

For More info, please refer: https://www.ibm.com/support/knowledgecenter/SSKTMJ_8.0.1/com.ibm.help.domino.admin.doc/DOC/H_SUPPORT...

If the SMTP Server requires STARTTLS extension, then you can check the option while configuring the SMTP Server for email settings. 

Please do ask the Customer's SMTP Server team to provide the following details for successful email configuration in DCO. 

  • SMTP Server IP Address
  • SMTP server Port Number
  • Valid From email address
  • White list the DCO IP Address and From email address in the SMTP Server for successful email communication
  • If the SMTP Server requires an authentication to send an email, then please ask the server admin to provide those details at the time of configuration. 

I hope this helps. 

Regards,

Bala

(CID:110006046)

DCIM_Support
Picard
Picard
0 Likes
0
366

Re: DCO Secure SMTP communication

This comment was originally posted on DCIM Support by s.d.macey on 2016-12-01


Hi, I'm the client Jim is supporting. we are still having a issues with smtp connection. the server we are connecting to belongs to an ISp (Spark XTRA) via send.xtra.co.nz port 465, this server requires authentication using SSL. FYI I have tested the network and firewall correctness by configuring thunderbird email and proving that app worked, however so far I am not able to get the DCO 8.0.1 to send.

(CID:110007186)

DCIM_Support
Picard
Picard
0 Likes
0
366

Re: DCO Secure SMTP communication

This comment was originally posted on DCIM Support by s.d.macey on 2016-12-01


would you be able to confirm correct actuions required in DCO and Centos in order to configure?

(CID:110007187)

DCIM_Support
Picard
Picard
0 Likes
0
366

Re: DCO Secure SMTP communication

This answer was originally posted on DCIM Support by Jim Davis on 2016-12-08


Answer provided by Sean Macey

Although port 587 doesn't mandate requiring STARTTLS, the use of port 587 became popular around the same time as the realisation that SSL/TLS encryption of communications between clients and servers was an important security and privacy issue and encryption extensions were being defined for sMTP. So shortly after port 465 was defined, it was revoked with the expectation that clients would move to using STARTTLS over port 587

The result is that in most cases, systems that offer message submission over port 587 require clients to use STARTTLS to upgrade the connection and also require a username and password to authenticate.

In short, when using STARTTLS use port 587.

(CID:110007854)

DCIM_Support
Picard
Picard
0 Likes
0
366

🔒 Closed

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.