Updating the secure mail server host table

Note:You need to complete this step only if you DO NOT have an internal DNS.
If you do not have a domain name services (DNS) server in the secure network, you must update the host table of the secure mail server. You must add the firewall, home AS/400 system, and public domain to the secure mail server host table . You then must update the firewall configuration to handle the mail relay function. See the topic Adding the secure mail server to the firewall domain name server for more information.

You must add the fully qualified firewall host name with the Internet Protocol (IP) address assigned to the *INTERNAL port. This enables the AS/400 simple mail transfer protocol (SMTP) server to send outgoing mail to the firewall across the internal LAN connection. This assumes that your secure mail server is in the firewall home AS/400 system.

The mail relay function in the firewall adds SMTP records in the protocol portion of the mail. These records change the SMTP domain name of inbound mail from the public SMTP domain to the fully qualified name of the secure mail server. The SMTP domain name is the portion of the mail address that follows the @ symbol. For example, the address user@mycompany.com changes to user@home400.private.mycompany.com.

The SMTP server receives the mail and determines if the system should stop the mail or forwarded the mail to another system. To determine this, the server checks to see if the SMTP domain is on this system. The server looks up the SMTP domain name. It uses the name resolver to check if an address returned matches a TCP/IP address assigned to an interface on this system. If there is a match, then the server looks at the local system distribution directory to find the user. If there is no match, the server forwards the mail based on the SMTP attributes. When there is no internal DNS server, the SMTP server uses a host table for these lookups.

You must add two entries to the host table. You must add an entry for the SMTP domain name that you use for mail on the internal network with a local IP address. Also, you must add an entry for the public SMTP domain name with a local IP address. This prevents the server from forwarding mail addresses with the public SMTP domain name to the firewall. Forwarding this mail would pass it back to the firewall home AS/400 system.

If you have mail working already, you must determine what other entries that you need in the host table to support your configuration.

Note:You can use different names for the secure (internal) and public (external) domains. If you do, you must configure your secure (internal) domain so that the public name is an alias for the secure (internal) domain name.

To update the home AS/400 host table, follow these steps:

  1. From an AS/400 command line, type 
    CFGTCP

    and press Enter to view the Configure TCP menu.

  2. Select menu option 10 (Work with TCP/IP host table entries) and press Enter.
  3. Select option 1 (Add) to view the Add TCP/IP Interface display.
  4. Add the following information to the firewall home AS/400 host table:

Attention: If your secure mail server is an SMTP server is not on the firewall home AS/400 system, you must update that server's host table. You must add the fully qualified firewall host name and secure port IP address to the secure mail server's host table. Also, you must point the secure mail server to the firewall for mail routing. This ensures that the mail server can forward mail to the firewall. For example, you would add a pointer to 10.5.69.129 firewall.private.mycompany.com.

After you update the internal mail server host table, you must change server attributes so that the server routes outbound mail to the firewall.

[ Information Center Home Page | Feedback ] [ Legal | AS/400 Glossary ]