SAG:  Mail Servers

Post Office Protocol 3 [POP3] implements a simple “mailbox” paradigm for receipt of mail in a computer-to-computer exchange (as opposed to the complex hierarchy-of-folders basis with undesired sharing between multiple groups and/or individuals which are the basis of alternate mail server protocols like IMAP or IMAP4) and is used for Secure EDI [SEDI] communications.  Access to the POP3 mail server is restricted by the use of a “user name” and “password” security mechanism.  The required SEDI settings for POP3 are:

• An “Export-It Email Address to Check for Inbound emails” (e.g. “exportit@domain.com.au”) associated with an email account on a POP3 mail server.  This account is dedicated to, and is used solely by, SEDI for Export-It.  This email address must not be defined in any other application or mailer like Outlook, Notes or Thunderbird.
   
• The “POP3 Server” name, like “mail.domain.com.au”, resolvable by Dynamic Name Service [DNS] (or an IP address, like “160.10.73.142”) and the “POP3 Port” (normal is 110) used to access the POP3 mail server which provides the “mailbox” for that SEDI mail account.
   
• A “User Name” and “User Password” required for “login” to the POP3 server to retrieve mail sent to the dedicated EDI email account.

Be aware that the nature of SEDI transfers makes external email “security scanners” not only unnecessary, but also undesirable.  External mail security does not reduce email threats—compared to the SEDI protocol itself—it can only interfere with legitimate EDI exchanges.  In addition, since email is inherently unsecure (and cannot be made secure) session security prtocols like SSL or TLS are not supported by SEDI on POP3 sessions.

Simple Mail Transfer Protocol [SMTP] is the complementary mail server protocol used to send SEDI messages (again, due to its suitability for machine-to-machine, versus structured organization, mail).  Most outbound SMTP servers do not implement a “login” mechanism, but the growth of SPAM has resulted in the almost universal practice that most ISPs implement which restricts Internet SMTP server access to only the ISP's own mail servers.  The required SEDI settings are:

• An “SMTP Server” name, like “mail.domain.com.au”, resolvable by Dynamic Name Service [DNS] (or an IP address, like “160.10.73.142”) and the “SMTP Port” (normal is 25) of an SMTP mail server which which will “relay” messages for the SEDI email account.
   
• In the rare case where an SMTP mail server implements a “login” mechanism SEDI provides for the four standard “eSMTP Mode” authorization variants (“PLAIN,” “NTLM” [NT LAN Manager], “LOGIN” and “CRAM-MD5”) for “enhanced SMTP” [eSMTP] access.
   
• When an eSMTP mode is selected the settings for “eSMTP Name,” “eSMTP Password” and “eSMTP Domain” allow specifying the parameters that the selected mode may require to “login” to the server before it will send mail for the SEDI email account.
   
• However, in most cases “eSMTP Mode” will be empty (indicating “NO AUTHENTICATION”), as will the other three “enhanced SMTP” [eSMTP] settings.

In the POP3/SMTP environment used by SEDI privacy and security are the responsibility of the endpoints—not the mail transport mechanisms!  Privacy and authentication is provided by encryption and signing with Digital Certificates (ICS only) and security is provided by the client mail handlers (e.g. the Export-It SEDI subsystem), not the mail transport mechanism.  In fact, as explained in the next topic, any mail scanning of the dedicated EDI email account can only result in problems; not in increased security from Internet threats.