On Thu, Mar 9, 2017 at 10:32 PM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:
In no way should a client sending mail need a client side certificate.
But send me a link to the docs that state that if you find it.
Okay, here's a link:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1018618
Yes, that shows how to assign a cert to a application. I was hoping for
docs from google that showed that you require a client side SSL certificate.
I've run a number of test while sending mail through the
smtp-relay.gmail.com host, and can positively assert that when TLS
encryption is configured as "required" at the Gmail host, the SMTP Client
must present the certificate, and present account+password credentials.
No, it doesn't need to present a certificate. That would be absurd for
everyone that needed to use this relay to have to generate a client
certificate or figure out how to make something like a printer or scanner
present a certificate.
When you set up the gmail relay to use TLS, that means the client should
expect to use a TLS connection and trust the certificate presented by the
server. It's there as an option because not all devices support TLS and/or
user/pw credentials.
BTW, how are you sending user/pw to this relay? I bet you're not.
Gmail relay is a workaround? A quick bandaid? Why would Google recommend it
over their other options?
https://support.google.com/a/answer/176600?hl=en
It shows 3 options. The relay is for recommended for devices because most
can't present credentials (as in user/pw) and/or can't use TLS.
I guess the IBM SMTP client fits right in there as far as presenting
credentials. That's why it's a quick fix/bandaid in this case. It's just
there for devices/apps that don't have the proper specs. :) Maybe that's
your point. I don't use IBM SMTP. Haven't for over 15 years.
What is a "proper mail router"?
First you need a proper mail client that can handle credentials, SSL, TLS,
etc.
Then, if Google is your mail provider, smtp.gmail.com should be the is your
mail router. That's for GMail addresses as well as GMail for business.
It's listed on the google page you provided in the middle column.
http://lifehacker.com/111166/how-to-use-gmail-as-your-smtp-server
https://www.digitalocean.com/community/tutorials/how-to-use-google-s-smtp-server
etc...
If an organization chooses to use GMail for their email provider (like I do
and many others), I can guarantee they are not going to set up all the
email clients (ie, outlook, thunderbird, etc) in the company to use the
gmail relay over the smtp server. Well, unless that particular client is
incapable of using the proper method. :)
The proper server may also be an internal exchange machine. Or Office 365
in the cloud. Etc..etc.. Through the years when in house SMTP routers
were used, as long as they didn't require credentials and/or SSL/TLS the
IBM i worked fine. But the technology of the cloud moved much faster than
that of the base SMTP client.
But if you're stuck using the stock IBM mail client or anything that
interfaces with it, I guess you're stuck with the gmail relay for sending
from google accounts. And that choice is yours because there are
alternatives.
midrange.com
