All, I'm looking for some feedback from shops that are already doing this. We converted to the newer CSSMTP a year or so ago. Up until now, the only email generated from our mainframe systems has been internal email only. It's mostly simple reports from batch jobs, etc. Any attempt to send email externally has been rejected. We have had quite a few requests to allow for external email, and have been reviewing the controls that are available. So, there are at least 3 challenges we can think of:
1) Who is allowed to send external email? We are able to control *who* can successfully deposit mail in the spool by securing the writer name that CSSMTP looks at, and only allow authorized users to send external email. 2) Validating the FROM on the email content? Audit & Risk are concerned with rogue email claiming to be from CEO, etc. We are mostly mitigating this by item #1, and only allowing a "from" of [email protected]<mailto:[email protected]> with a custom EZATCPIPCSSMTPV3 exit. This issue should be solved with z/OS V2.3 with the added email support in RACF and JES. 3) Validating at least at the domain level, the TO: recipients. Not sure how to handle this. Don't really want to hard code a whitelist of allowed domains. Any ideas on how to handle #3 above? dave _________________________________________________________________ Dave Jousma Manager Mainframe Engineering, Assistant Vice President [email protected] 1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717 This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
