SMTP and TLS support for SAP applications (Netweaver 7.3 and above)
Last week I had a big trouble to solve: The Workflow guys needs to send emails but the customers smtp is on the cloud (outlook.com).
I looked for any solution for at least 8 weeks without found a light at the end of the tunnel. Last friday i found a solution that I want to share with you.
First, let me show you some detail of the entire enviroment. The is a implementations of SAP Baseline over Sybase ASE. The landscape is a three single servers as DEV, QAS and PRD and to manage the project, a Solution manager. Due the project is over Sybase ASE, the Baseline is over EHP6 (the minimal EHP that supports Sybase is 5)
The first step is make the initial setup, as sets up on RZ11 the parameters and bla,bla. My apologizes if want to see the initial steps here, but it isn´t waht i mean, but a steps beyond. If you need these initial steps, use the Note 455140 – Configuration of e-mail, fax, paging or SMS using SMTP.
I am assuming that you have been done all steps described on this note. Let me share the solution that i found.
The customers SMTP is on the cloud, uses TLS over 587 TCP port and just accepting autenticated connections. Big trouble, isnt it?
First step – Bringing up an standard SMTP server
The entire Landscape is over Microsoft platform (Windows 2008 R2 64bit). On this platform, totally included on Operatinal System license is the IIS + SMTP server. The first thing to do is put the IIS6 + SMTP server up and runnig. Follow this cookbook.
Right click on computer, manage. Find Features, add features and Select SMTP
The Wizard will ask you to install some required components. You must install it, other hand the SMTP will not install.
After that, let me show what to configure. We will use this SMTP as a “Proxy” and be advised that if you try to send emails thought this server directly to others SMTPs, usually your server will be black listed due SMTP actual configurations and security agreements to configure its server. Keep in mind you are working on a trusted enviroment and the main requirement is not put a fully configured SMTP on a Internet but send emails from SAP to the cloud.
The SMTP configuration
Configure you new SMTP server to allow anonimous connections. Go to athentication button, located on access sheet.
Do not worry. We will secure the server on another way. Just for simplify you config on Netweaver (SCOT transaction), keep as showed here.
On the button connection, you can close the connections for you SAP server that needs the send the emails. But is optional. In my case, i kept it opened to all connections.
On the button Relay, configure it to allow just your SAP server or the servers you want to use this SMTP. This is a very import step: If you keep open relay, anyone on you net can use your server. For the project I kept it allowing the Network of the server allowing to relay emails thought it, because I will use it for entire landscape and future servers.
Be carefull on its configuration. observe that is configured it to allow just relay for the LAN!
Go to delivery sheet, Outgoing Security.
Here configure the credentials for the SMTP server that the ISP gave to you. If it uses TLS as criptografy, remenber to check it. For security reasons, i replaced it here.
Go to Oubound connections and configure the right port to your SMTP connects to.
The secret resides here.Click on advanced and configure as bellow:
Configure the Smarthost here with the SMTP provided to you. If you configure this Smart host, all messages will be delivered just for this SMTP and this SMTP will be on charge to delivery to the internet.
Save the configurations, restart the SMTP and configure the SCOT to points to this SMTP server.
Using as showed, you can connect to any SMTP server, using or not using cryptografy, using or not Authentications or any other configurations required for relay messages.
Of course, this solution was build on Microsoft, but you can do the same over the Linux using the millions of SMTP servers available. Just take some hours to configure the minimal but secured.
See you soon!
Stay in tune: Netweaver 7.4 has support for TLS and SMTP authenticated!