Technical Articles
Sendgrid SMTP Relay Configuration Using Postfix in SAP S/4HANA
Overview
In this blog post I have explained about how to use / configure Sendgrid as SMTP relay in SAP S/4HANA using postfix mail package in Redhat linux.
Environment Details :
Linux Version : Red Hat Enterprise Linux Server 7.6
SAP S/4HANA 1909 FPS 00
HANA 2.0 SP04
Install Postfix in Redhat Linux
Check Postfix is installed
# rpm -qa | grep postfix
Install Postfix
# yum install -y postfix
# systemctl start postfix
# systemctl enable postfix
# systemctl status postfix
Postfix status should be active (running)
Steps to be carried in Linux server:
Take backup of below files from /etc/postfix
- main.cf
- sasl_passwd (If already available)
# cd etc/postfix
# cp main.cf main_bkp.cf
# cp sasl_passwd sasl_passwd_bkp
Add below lines in main.cf file
# cd etc/postfix
# vi main.cf
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587
— Save —
Edit sasl_passwd
Note: You should have sendgrid account details to proceed further.
# vi sasl_passwd
[smtp.sendgrid.net]:587 sendgridUsername:SendgridPassword
Note: Sendgrid login account details is username & password.
# sudo chmod 600 /etc/postfix/sasl_passwd
# sudo postmap /etc/postfix/sasl_passwd
# sudo systemctl restart postfix
Check postfix status,
# sudo systemctl status postfix
Test Using Unix Command:
Create file
# vi /tmp/test.txt
— Type any content in the text file —
Example :
SMTP Mail Configuration Using Sendgrid Completed Successfully !
— Save —
mail -s “Sendgrid Configuration Mail” example@gmail.com < /tmp/test.txt
You should receive mail as below,
You can also test send mail using telnet command.
SMTP Configuration in SAP:
- Create SMTP_USER (Service User) in all working clients with
Profiles: SAP_ALL & S_A.SCON
2. Create JOBUSER (Service User) in all working clients with (optional step)
Profile : SAP_ALL
SCOT Configurations: (In all working clients)
1.SCOT
Setting -> Default Domain
Note :
If the default domain is SAP.COM and the user name TESTUSER, the mail address would be TESTUSER@SAP.COM. Accordingly decide what is your default domain.
2. Create SMTP Node
Click on “Node in use” -> Save
3. Click on Settings “SMTP Configuration”
Type Sendgrid Login details: (Username & Password)
Save
4.Click on Set “Internet”
Save
Once Saved, we should see SCOT screen as below,
5. Click on Settings on left pane, modify as below screenshot
Save
6. Click on Settings “Inbound Messages”, modify as below
7. To Create Background Job to Trigger mail once in 10 Minutes (All Clients)
JobName : Z_SAPCONNECT_<Client> (Any job name)
Background User : JOBUSER
Release the job.
8. T-Code : SICF
Double click on SAPCONNECT
11. Activate the SAPCONNECT Service from SICF T-Code, right click on the service & activate.
How to Test?
T-Code : SCOT
Check in SOST (After 10 Minutes), Once the Z_SAP_CONNECT_100 job completes status should turn from waiting to sent
I hope above blog post is useful and I have described best to my knowledge on how to configure Sendgrid as SMTP relay service in SAP S/4HANA.
Comments & Suggestions are always welcome 🙂
Keep Supporting !
Regards,
Ragav
hi Ragav,
Great post, thanks for sharing! On question about part "SMTP Configuration in SAP" point 2 "Create SMTP Node".
Shouldn't we put "localhost" on port 25 instead of "smtp.sendgrid.com" on port 587, to force SAP to use the local postfix config you've described in the first part ?
Thanks Ragav and Baptiste Vandaele for your help on this.
Thanks for the detailed. blog. A few comments...
Hello,
Regarding Marc's comment on the SAP_ALL point, is there a lesser profile that can be assigned rather than SAP_ALL ?. Our security tool ( SecurityBridge ) will flag this as a security & compliance event.
I'm using this blog as the foundation for one of our Linux VM systems running SAP NW 750 ABAP on MS Azure Cloud. The SAP_ALL assignment has been challenged by our security team so I'm looking for an alternative way to get the SCOT/SMTP part of the config completed not using SAP_ALL.
Does the "Mandatory TLS" usage alter the blog procedure that should be followed for a secure config ?.
Hello,
I think the SMTP_USER & SICF SAPConnect parts of the process detailed are specific for the "inbound" emails and not needed for just an "outbound" only setup.
https://launchpad.support.sap.com/#/notes/2148070
https://launchpad.support.sap.com/#/notes/2203325