Len Sasso wrote: >We are using CSSMTP to send email from the Mainframe. >All our messages must implement TLS 1.2 or higher for >transport level encryption. >What you using?
CSSMTP. No problem. IBM explains how to set up TLS with CSSMTP here (current z/OS 2.4 documentation link, subject to change): https://www.ibm.com/support/knowledgecenter/SSLTBW_2.4.0/com.ibm.zos.v2r4.halz002/cssmtp_tls.htm It's possible to require TLS 1.2+, exactly as you wish. (Good idea.) Tony Thigpen wrote: >We found it easier to set up a small SMTP relay box on an >Intel platform and let it do all the TLS heavy lifting. That's possible, but it means that your e-mail traffic is leaving your z/OS machine in cleartext. This class of security risks is easily avoidable if you simply enable TLS on z/OS. (N.B. TLS is not "heavy lifting," or at least it hasn't been for a very, very long time.) There may also be some unnecessary server complexity in what you've done, adding some inherent fragility. To be clear (pun intended), there are still one or more e-mail servers in the transmission path, of course. This is about encrypting the traffic, preferably with TLS certificate authentication, as early as possible in the path. Allan Staller wrote: >We send everything plain text to the corporate email server >and let them handle it! I offer the same suggestion as above. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
