I think that everyone agrees that the IBM i can send mail directly, and
in your case everything is working fine. But there are lots of good
reasons to use a relayhost.
Okay, but we're not talking about PC email clients (i.e. Outlook),
we're talking
about sending email from IBM i.
In my mind, a client is a client. Whether I'm sending an email based on
a job on the IBM i, or typing it in my email client, I want the message
to get to its destination without any issues.
I don't understand your point regarding reverse DNS, but I do
understand
that you "won't get into why".
Spam is still a major issue that all incoming email hosts have to deal
with. The vast majority of spam is generated by bot farms. These are
personal pc's that have malware on them that allow spammers to use the
pc to send mail. The malware send the spam email directly and bypasses
the ISP's relayhost. The easiest way to block this type of spam is to
require that ip address that you are receiving the email from has a
proper MX record, and a proper reverse DNS entry. I haven't parsed the
incoming email logs in a while, but early in 2016 we were rejecting
almost 50% of the incoming email connections based on those two rules.
That said, if you are running your IBM i as an outgoing email server,
it's just as easy to configure DNS properly as it is for any other email
server. The benefit of running this through your ISP's relay or some
other is that you don't have to worry about this or mess with it.
https://mxtoolbox.com is a good place to check your setup and see any
issues that may be causing your emails to be blocked.
In regard to port 25 being used for non-secure communications, SMTP is
not
a secure protocol. My understanding is that some server along the
chain will
eventually connect to the SMTP server on port 25 at the final endpoint
to
deliver the message.
If the connection is direct and via SSL or TLS, there is no reason it
will ever drop back to port 25. For incoming we listen on 25 and 567. On
both we will do SSL/TLS. If you connect on 567 however we require
SSL/TLS. If you come in on 567 port 25 never gets involved.
On our IBM i we actually do both methods. In CHGSTMPA you will see a
relay host. This is mostly used by a home grown spool file routing
system that monitors outq's and can do various things including emailing
the spool file. Files are converted to PDF's and emailed. We deal with
medical billing and clinical records. Several of the hospitals we deal
with will only accept email via a TLS encrypted conversation. I don't
remember if we were on V5R4 or V6R1 when I started working on this
system, but I wasn't able to force the IBM i to only send via SSL or TLS
at the time, so by relaying through our exchange server everything just
works, and I haven't had to fool with it since.
I also have jobs that monitor for various things and send text messages
to the relevant person who can fix the issue. The various carriers email
to SMS gateways don't have a problem with us direct sending, so I just
use Scott Klements SMTP wrapper to send the messages.
Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550
midrange.com
