SAG:  SEDI Configuration

Configuration of the POP3 and SMTP email settings are made here.  These settings are:

• “Communication Type” must be “Y” (“Yes - Only Email for all messages”) to use POP3/SMTP email for Secure EDI [SEDI] communications.  Other options are no longer available due to changes by Customs, DofA and Telstra.
• “Export-It Email Address to Check for Inbound emails” is the dedicated EDI email address Export-It SEDI uses.  EDI interchanges will be sent “From” this address and the EDI replies will be sent “To” this address which is registered with the EDI agencies.
• The “Inbound (POP3) Email Details” group specifies the POP3 [receive] protocol settings:
  • “POP3 Server” may be either the POP3 mail server name, resolvable via DNS (e.g. mail.bigpond.com.au), or its IP address (e.g. 61.9.168.249).  When on an ActiveDirectory™ domain this is often the domain mail server, rather than the ISP mail server.
  • “POP3 Port” is the TCP/IP port number used for POP3 access to this server.  It is virtually always “110”.
  • “User Name” is the login name for the email account associated with the dedicated EDI email address used by Export-It SEDI.  This login is only used to receive email.
  • “User Password” is the login password for receiving emails sent to the dedicated EDI email address.
• Outbound (SMTP) Email Details” group specifies the SMTP [send] protocol settings:
  • “SMTP Server” is the SMTP mail server name or its IP address.  Most ISPs require that this be their SMTP mail server (i.e. the ISP won't allow connection to other SMTP servers as an anti-SPAM measure).  Even for an ActiveDirectory™ domain this is virtually always the ISP, not domain, mail server, but there may be an inhouse mail server (e.g. Microsoft Exchange) as an intermediary.
  • “SMTP Port” is the TCP/IP port number used for SMTP access to this server.  It is virtually always “25”.
  • “eSMTP Mode” specifies the “enhanced SMTP” [login] which may be needed to connect to the SMTP mail server.  Very few SMTP servers require “enhanced SMTP” [eSMTP] today so this setting is almost always empty.  But it has the following possible values:
    • “- NO AUTHENTICATION” [empty] means eSMTP login is not used by the mail server.
    • “C - CRAM-MD5” [Challenge Response Authorization Mode] is used.
    • “L - LOGIN” [SMTP-AUTH extension defined in RFC 4954] is used.
    • “N - NTLM” [NT LAN Manager, an old Microsoft mechanism] is used.
    • “P - PLAIN” [Simple Authentication and Security Layer (SASL), RFC 4422, cleartext password mechanism that obsoleted LOGIN] is used.
    Only when the “eSMTP Mode” setting is not empty (i.e. when eSMTP login is required) will the following settings have any effect:
    • “eSMTP Name” the login user name, if required, for the mail server.
    • “eSMTP Password” the login password, if required, for the mail server.
    • “eSMTP Domain” the login domain, if required, for the mail server.
    Note that each eSMTP mechanism has its own requirements as to whether a name, password or domain is needed for eSMTP login.  Enter the values that the “eSMTP Mode” needs—the others will have no effect (and may be left empty).

WARNING – If the “TEST Send Email Now” or “TEST Receive Emails Now” buttons are to be used to test the email settings above then be aware that the “OK” button must be pressed to save any settings changes before they take effect (i.e. you must exit and re-enter the Secure Email Configuration window to test after any changes have been made).

All of the Digital Certificate file settings on this tab are simply meant as an aide mémoire.  Because Digital Certificates only change at roughly two-year intervals it is easy to forget where the certificate files are saved.  Use the “Our Digital Certificates File Locator” file name entries to annotate where the Type 3 (or Type 2) and AO certificate files exist, if you wish.  The “Australian Customs Service (CCF) and Certificate Authority (CA)…” file names can also be used when the Customs “public” certificate files are not kept in the Syscob recommended locations.

Only the upper “Password” field on this tab is significant to operation of the system.  This is the configuration password that must be entered to change SEDI settings.  Enter a password value in the top “Password” field to restrict access to SEDI configuration settings.  This top “Password” field must have a value before the “CLICK HERE to access DC store” button is enabled.

The “CLICK HERE to access DC store” button will run the Export-It Certificate Manager utility to manage the certificates used for SEDI communications.  See the Importing Certificates topic for details on how to use this utility.

The “Check Crypto Services on this PC” button will run a utility to verify that this platform meets the SEDI cryptographic requirements.  In order to be capable of acting in the SEDI role a platform [computer] must meet the following conditions:

• It must  have a “Microsoft Enhanced Cryptographic Provider” available.
• It must  have “SHA-1 (160 bit)” hashing support.
• It must  have “3DES (168 bit)” encryption support.

However, all Windows® versions since Windows 2000 (except “Home” editions) will qualify.

The interval setting on this tab controls “MANUAL” versus “AUTO” [automatic] mode of operation (i.e. what causes a SEDI communications cycle):

• “Polling Interval in seconds” must be less than 60 seconds for “MANUAL” mode.  A value that is greater than 60 seconds results in “AUTO” mode with SEDI cycles being initiated at the interval specified.  An interval of 3 to 5 minutes (180 to 300 seconds) is a good match for typical EDI response times.
• “Logging Type” is no longer used.  It will normally show “DEBUG” logging, the default, but changing it has no effect.

Syscob recommends a value of zero [“0”] for “standalone” [single user on single PC] topology or a value of “180” [3 minutes] when there are multiple application users.

Users need to be aware that when SEDI is configured for “AUTO” [automatic] mode, with a “Polling Interval in seconds” value greater than 60 seconds, then the SEDI_exp module must be run by the “SEDI user”, the information dialog showing the mode answered and then the “Start” button pressed before SEDI communications can occur.  After the SEDI cycles have started the SEDI_exp window may be minimized into the Taskbar, but it must remain executing.