Skip to Content

External communications – learning the importance of SMTP and open relays

It is truly amazing how it is the little things that trip you – for example on my last data centre migration it was a change in the ECC Message server port by the installation team that resulted in a mad panic on the Sunday morning to reconfigure the SAPGui’s for 3000 users. This time it was a request to set up SMTP mail to blueprint and demonstrate CRM mailing lists.

Now in a standard on-premise scenario this is as the french say , petite petite gateaux (wee buns), you send a request to the exchange team to allow SMTP mail to be sent from the SAP servers without authentication. They moan a little and then you explain the reasons and promise not to use the now open relay for spamming the world 🙂

In the AWS cloud things are a little more trickey because you lack the following (probably not all, but most)

  1. Access to an Exchange server
  2. An MX record (A Mail Exchanger record)
  3. A Public IP address
  4. A DNS record

The crux of the issue is this – SAP SMTP configuration does not allow the configuration of SMTP authentication. This rules out all methods of using anything other than Open SMTP relays, which are few and far between thanks to Viagra spammers.

In order to resolve this issue, you need to use a Mail gateway – something I have become quite familiar with when setting up my HP MediaSmart server.

Using the mail gateway, we can configure a local address to collate the mail, then use the gateway to forward the mail through a known SMTP server. This works as the gateway can be configured to supply credentials.

I spent a considerable amount of time looking for SMTP providers which would allow some sort of unauthenticated connection, but there were none that provided a quick and easy solution. It might be possible to get someone to provide it based on IP or Hostname, but these are quite easy to spoof, so it is unlikely.

There are a number of Mail providers setting up in the Cloud, which will allow you to bill your usage directly through your Amazon account.

AuthSMTP – gets good reviews

Critsend – looks to be a startup and seeks to differentiate against AuthSMTP

(This is not an endorsement of either company)

My original intention was to use a Google mail address, but the configuration of this using things like SSL was too much hassle. Which is exactly why Google have set it up that way – good job Google your non-standard setup does work.

Since this is a blueprint system and only going to be live for a couple of months, I elected to allow the mail to be routed via my Domain registrar. I have a couple of spare mailboxes, and the mail volume will be light so for the sake of expediency I set up a mailbox for the SAP mail routing.

Next step was to find a product that would allow me to setup a local Mail collection point and then route that to the SMTP mailbox I had configured. There are many, many products out there, but I settled on a product VPop3 (again not an endorsement.)

It currently has a 30day trial and is the right price, about $50 for a home license, which we can use as we only need limited functionality.

So at this point I have the following

  1. A Mail application to create an SMTP node – VPOP3
  2. An SMTP server with an MX record to actually send the mail – My domain registrar
  3. A live mail address for authentication with the real SMTP server, along with the required settings for accessing the SMTP service

The next step is to create an SMTP Relay node within VPOP3 to allow the SAP Application to send SMTP mail via the VPOP3 application.

SAP Help has, as usual, the best documentation on setting up SAP Technical Infrastructure – link here

The screenshots below show the required settings in order to configure the VPOP3 as an SMTP Relay

Enter the SMTP account information in order to open the relay’s connection to the SMTP server

Configure the relay to accept unauthenticated mail, and use the IP Address restrictions to only accept traffic from specific IP addresses.

This is vitally important as it stops your SMTP relay becoming a haven for spammers, which would be bad 🙁

Now you have an SMTP relay that allows SAP to send mail using SMTP.

Hopefully this will help you to understand and set up an SMTP relay for unathenticated SAP communications

1 Comment
You must be Logged on to comment or reply to a post.
  • wow , very tricky.

    my SAP systems on AWS are currently using local SMTP (sendmail) without additional software or configurations.