SMTP Auth configuration
I'm looking for anyone that has successfully configured email connectivity using SMTP Auth. We are using v8.4. I'd like to understand how this was implemented.
Pegasystems Inc.
US
@Tanay Kumar Bal we are sending SMTP mail from Pega platform 8.4.4 to GE Healthcare SMTP server trying to use OOTB email integration rule. yesterday we got this configured and tested but only works with port 25. When we try to use port 587 with the SMTPS parameter checked for encrypted traffic the test fails. We are not sure yet if this issue lies inside the GE demarc or if it something in the platform. We are waiting to hear back from GEHC mail admin/security engineers for an analysis on their end. This is a new solution architecture for them and we are the lucky(?) first one to test this.
moj.gov.sa
GB
check how email use SSL/TLS
STARTTLS support can be disabled within PRPC. Store True value in a dynamic system setting record with keys given below: Owning Ruleset: Pega-IntSvcs Setting Purpose: Email/DisableSecuritySTARTTLS
Pegasystems Inc.
US
@GeorgeJ6156 . Hi, I was released from the project before this implementation was complete. GE had some internal configurations they needed to make to get the encryption working per the earlier messages in this thread. I don't know if this was picked up by anyone to complete, but I doubt it since I was working directly with the GE technical resource.
Pegasystems Inc.
US
@GeorgeJ6156 Great question. I am actually a project delivery leader, not a technical resource. I have a background in networking and such, so I tend to take these infrastructure things on to free my LSA up. However when it comes to loggers etc I am afraid I can't help you there. If it were me, I'd open up a ticket with Pega GCS and ask them. Probably your best bet
USU GmbH
DE
@kangb Hi, we face the same issue in Pega 8.5.4 and 8.6.
SMTP is working but as soon we enable to establish a secure connection is is failing with "Exception caught connecting to email server; Could not connect to SMTP host Disconnect not attempted."
We are already in contact for weeks with pega cloud expert and SMA to find the issue but without any progress.
I did now a test on my Pega 8.7 pepersonal edition with the same configuration and it worked.
Consider, in Pega 8.7 there has been made some changes and it is now easier to choose plain SMTPS or with STARTTLS.
Maybe there is really a bug in the prior version to 8.7?
If anyone has an update how to fix this, it would be nice. Otherwise we might need to upgrade asap to 8.7
Maybe this also works for you @kangb
ReageRegards
Wilhelm
USU GmbH
DE
@disag I do not have a solution yet. We have raised a ticket and still in investigation with the pega cloud team and SMA.
As soon we get a solution, I can post this here.
USU GmbH
DE
Do you try to connect to an microsoft exchange server? Can you please confirm this?
I could send an email successfully from pega using an email account configured with SMTPS and connected to my private yahoo account.
So it seems that pega can generally send emails via smtps. I guess that yhaoo is not using a microsoft exchange server. My assumtion would be now, that pega might have an compativilty issue with this microsoft product?
Also we are checking still the configuration whether we have missed a configuration on the exchange server site.
Regards
Wilhelm
USU GmbH
DE
We have found out that exchange server 2016 which we are using is not supporting SMTPS.
-> Exchange Queue & A: Secure E-Mail Protocols, Mysterious Spam, and More | Microsoft Docs
So its supports only STARTLS.
STARTTLS is working in Pega 8.5 version. We have tested this today succesffully with our infrastructure guys by tracing the firewall and we found out, if we set the dynamic system setting Email/DisableSecuritySTARTTLS to false, a secure TLS communcation will be established.
So, if it fits for you or your client to use just STARTTLS, this will definitely work for your.
In our email account rule you have to specify just the propert port for secure connection, mostly 586 or 465 and you might also need to set user credentials for the secured conenction, but I guess this depends on our configration on exchange server site.
Your maby also need to import root ca into server truststore (JVM level).
We haven't tested whether this is also working with the new plattform truststore but the plattform truststore didn't work for secure IMAPS communication so we use now only the truststore from JVM level.
You can try to upload your root ca in a JKS keystore and uploade this to the lattform truststore by using the activity pxAddCertificatesToPlatformTruststore
We have found out that exchange server 2016 which we are using is not supporting SMTPS.
-> Exchange Queue & A: Secure E-Mail Protocols, Mysterious Spam, and More | Microsoft Docs
So its supports only STARTLS.
STARTTLS is working in Pega 8.5 version. We have tested this today succesffully with our infrastructure guys by tracing the firewall and we found out, if we set the dynamic system setting Email/DisableSecuritySTARTTLS to false, a secure TLS communcation will be established.
So, if it fits for you or your client to use just STARTTLS, this will definitely work for your.
In our email account rule you have to specify just the propert port for secure connection, mostly 586 or 465 and you might also need to set user credentials for the secured conenction, but I guess this depends on our configration on exchange server site.
Your maby also need to import root ca into server truststore (JVM level).
We haven't tested whether this is also working with the new plattform truststore but the plattform truststore didn't work for secure IMAPS communication so we use now only the truststore from JVM level.
You can try to upload your root ca in a JKS keystore and uploade this to the lattform truststore by using the activity pxAddCertificatesToPlatformTruststore
Further, our exchange server guys had to setup or configure an SMTP Server. This was missing at the beginning on the client site. This is what you maybe also can check back.
Not sure, which exchange server version you are using and whether your version supports STMPS. You can doublecheck.
I hope this helps you out.
Regards
Wilhelm