The API that sends e-mail from iSeries requires you to write the sender's e-mail address. Using this API, anyone can send mail using another's address. Is there any log on the iSeries that shows who sent the e-mail?
To determine who used a particular API or file or user profile or any object on OS/400, you can turn on auditing for that particular object. Use the Change Object Audit (CHGOBJAUD), command and specify that you want to log all accesses of this particular API. When the API is called, the audit entry will list the job as well as the user calling the program.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: Tips, tutorials and more.
Search400.com's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Secure your iSeries
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
The UPPWEI field corresponds to the password expiration interval field, and its values "0" and "-1" represent the *SYSVAL and *NOXMAX commands. Continue Reading