The iSeries continues to hold bragging rights to the "never had a virus" claim. Its robust design -- with computer security as a core requirement -- goes a long way to explain this unique capability. OS/400, however, can still be hiding and even proliferating computer viruses within the confines of the Integrated File System (IFS). Your best defense is still to maintain the virus updates from a reliable vendor and make sure that all of the users on your network are properly protected. Also, checking to make sure that e-mail clients are configured so that they do not automatically open attachments is very helpful.
But if a virus gets into your network, it is often relayed and passed along quickly via e-mail forwarding. This is where your iSeries can come in handy. It can utilize a new feature in the Mail Server Framework (MSF) that was first introduced as an APAR PTF in V4R5 but is now an integral part of the SMTP server starting in V5R1.
Mail filtering is NOT virus protection, but it will allow you to filter e-mail that passes through your system and to check for a variety of parameters before letting the mail go on to its destination. By using the OS/400 SMTP server as your outbound mail server, you can implement mail filtering and cut down or even stop virus proliferation and other non-productive mail proliferation.
As mentioned above, mail filtering was first introduced in OS/400 V4R5. But with the newer implementation that arrived with V5R1, administration of filtering was vastly improved. This article covers the V5 implementation, but if you're on V4R5 and want to know how to set it up, just let me know and I can send you the details or you can just search at the IBM Support Website for APAR SA90552 and find the details there. For V4R5, a PTF SF63889 is also required.
OS/400 mail filtering lets you filter e-mail for the following conditions:
Subject comparison
Filename/Extension comparison
Type/Subtype in Content-Type comparison
Originator's address
To set up OS/400 mail filtering, do the following:
- Use the Change SMTP Attributes (CHGSMTPA) command and change the following parameters:
ALLMAILMSF - set to *YES to route all mail through the Mail Server Framework
FTRACN - set to either *KEEP or *DISCARD to either keep or discard the filtered messages. (If you choose to *KEEP filtered messages, OS/400 will place them in the IFS directory /QTCPTMM/FTRFILES)
- If you have never used SMTP on your system before, you will also have to update the MAILROUTER parameter so that it points to your company's mail server.
- To implement these changes, you'll need to recycle the SMTP server by ending (ENDTCPSVR *SMTP) it and then restarting it (STRTCPSVR *SMTP). You will also need to recycle the Mail Server Framework on your system by ending it (ENDMSF) and the restarting it (STRMSF).
To implement the various controls that you want to use, you will need to run the Add SMTP List Entry (ADDSMTPLE) command. The TYPE parameter has many values, but the four used for message filtering are as follows:
*FTRSUBJECT - filtering by subject
*FTRFILNAME - filtering by filename/extension
*FTRTYPE - filtering by type/subtype
*FTRORIGIN - filtering by originator's address
The FTRDATA parameter on the ADDSMTPLE command lets you enter the specific filter information you want to implement. For example, to filter out a specific file attachment, post a *FTRFILNAME entry with a FTRDATA value of 'MiMail.J2' (to use a popular virus that is going around these days).
The last step is to change the outbound mail server setting in your e-mail client to point to your iSeries system. When you send mail, it will then route through your system via SMTP and MSF. The mail filtering that you've specified will be checked and then it will be handed off to the system you have specified as your mail server.
If you have specific questions about how to set this up and get it fully configured, feel free to contact me directly at rich@kisco.com.
About the author: Rich Loeber is president of Kisco Information Systems Inc., in Saranac Lake, N.Y. The company is a provider of various security products for the AS/400 market.
==================================
MORE INFORMATION ON THIS TOPIC
==================================
- E-mail to an external address
"Fdbarker" writes, "Our e-mail server is on Exchange. I have
configured my iSeries to send e-mail to the internal e-mail server.
However, I just haven't had any luck sending to an external e-mail
server. Where can I find the necessary steps to make this happen?"
Site expert Tim Granatir offers a few suggestions.
- Recommended firewall security solution
One user asks, "What firewall security solution for the iSeries do you considered the best?" Search400.com security expert Carol Woodbury explains that there is no "one size fits all" firewall solution.
- iSeries used to relay spam
"Oldgrayprogrammer" has been running the SMTP server on his iSeries
for some time -- sending e-mail via the SNDDST command. He recently
got hit by a spammer who used his iSeries to relay SPAM. He was
looking for some good, concise information to help manage e-mail on
iSeries. "ShalomC," who has been working with the iSeries since 1988,
shares what works best for him regarding e-mail.
- Who sent the e-mail?
The API that sends e-mail from iSeries requires you to write the sender's e-mail address. Using this API, anyone can send mail using another's address. Is there any log on the iSeries that shows who sent the e-mail?
