For ISIM to send emails, IBM Security Identity Manager (ISIM)
needs to be integrated with SMTP server of your organization. The SMTP server
can be on premise exchange or a cloud based like Office365 and Google Services.
In ISIM virtual appliance and software there are only three options for SMTP
related settings: SMTP Address (The address of SMTP server), Email ID and port
on which ISIM communicates with the SMTP server.
There is no option for password of the service account to be
used by ISIM to send emails. For local exchange, there are workarounds like we
can add an exception like permit all traffic from ISIM machine IP and don’t
bother to ask for password but for cloud based solutions like Office 365, we
cannot add these kind of exceptions.
Luckily, there is a solution to this problem. In windows servers ,
there is an option to setup a relay server which is itself an SMTP server. We can
configure it in such a way that ISIM sends emails to SMTP Relay server and
relay server forward those emails to recipients using our cloud based Office
365 service account. Detailed step by step instructions are mentioned below:
Installation and
Configuration of the SMTP Relay:
- On the Windows Server machine, go to the server
m anager-> features->add features and then select SMTP Server. You may be prompted to install additional components, select them also. Click next and proceed with the installation. The installation of the SMTP Server will also install the IIS 6.0 as shown in the screenshots below:
- Open the IIS 6.0, and go into the properties of the SMTP Virtual Server 1.
- Go into the general tab-> click on advanced and add the IP address of the machine from the drop-down box on which the SMTP Server has been installed i.e. 192.168.10.111 and TCP port as 25. Don’t set the value of the TCP port other than 25 because ISIM only sends a request to the port 25 for the SMTP Server.
- In the general tab, click on enable logging and set the path of the log files by clicking on properties as shown below or go with the default location.
- Go into the Access tab, click on authentication and select anonymous access.
- In the access tab, click on relay and add the IP address of the appliance and application so that they can communicate with the Relay server.
- Go into the delivery tab and click on the Outbound Security. Select Basic authentication and in the user name field, enter the service account email address i.e. testaccount@isimhacks.com and then enter the password. Also select the check box “enable TLS encryption” and click on ok.
- On the delivery tab, click on the outbound connections and for the TCP Port, enter the value “587”. Keep all other default values as it is.
- On the delivery tab, click on the advanced tab and enter “smtp.office365.com” for the fully qualified domain name and smart host options and click on ok.
- Click "Ok", at this point Relay server is configured and ready to use.
- To test the Relay server, follow the steps below:
- Create a text file using Notepad or another text editor. The file should contain the code shown below. Replace the source and destination email addresses with the addresses you will use to relay SMTP.
- Save the text file as Email.txt.
- Copy the Email.txt file into the following folder: C:\InetPub\MailRoot\Pickup.
- After a short time, the file should automatically be moved to the C:\InetPub\MailRoot\Queue folder. When the SMTP server delivers the mail, the file is automatically deleted from the local folder.
- If the SMTP server can’t deliver the message, a non-delivery report (NDR) is created in the C:\InetPub\MailRoot\BadMail folder.
FROM: testaccount@isimhacks.com
TO: anyuser@isimhacks.com
SUBJECT: Test email
This is a test email sent from my SMTP Relay server
- Open the ISIM Appliance console. Go to configure-> mail server properties. Click on configure and enter the values as per the below screen shot.
References:
- Microsoft documentation
- IBM knowledge Center
No comments:
Post a Comment