Configuring E-Mail on iCOD Systems

E-Mail Requirements

Previous versions of the iCOD software (prior to B.06.x) required e-mail connectivity to HP in order to send asset reports as encrypted e-mail messages. iCOD versions B.06.x requires e-mail connectivity to HP only if the system is using TiCOD (temporary capacity), or if the partition is running HP-UX 11i v1.




	NOTE: E-mail asset reporting is set to “on” by default when the iCOD B.06.x software is installed. It can be turned “off” by using the icod_notify -a off command/option. You can view the current setting of e-mail asset reporting in the `Asset reporting` field, near the beginning of the icod_stat command’s output.

The iCOD e-mail requirements are:

The iCOD system/partition is required to have sendmail installed and configured such that it has the ability to send e-mail to the hp.com domain.
The domain name in the iCOD FROM e-mail address, for the e-mail sent from the iCOD system to HP, must be DNS resolvable by HP. See “Configuring iCOD’s FROM E-mail Address” for details.




	IMPORTANT: The e-mail is bounced/rejected by the mail servers at HP if the domain name in the `FROM` address, for the e-mail sent from the iCOD system to HP, is not DNS resolvable by HP.

Note that the sendmail configuration and routing may vary, but the iCOD system must have the ability to send e-mail to the hp.com domain.

The ability to receive e-mail from HP is optional, but you may find it useful for testing the capability of sending e-mail to HP. For more information see “Configuring Your Server to Send but Not Receive E-Mail”. Refer to the sendmail(1M) manpage for more information on sendmail.

sendmail is part of the HP-UX core and is installed with the HP-UX operating system. However, a sendmail configuration process needs to be followed to complete its installation. For information, refer to the chapter titled Installing and Administering sendmail, in the appropriate documentation:

For HP-UX 11i v1: Installing and Administering Internet Services (B2355-90685)
For HP-UX 11i v2: Installing and Administering Internet Services (B2355-90774)

You can retrieve the above documentation from the HP web site: http://docs.hp.com
Select:
Networking and Communications -> Internet Services
to access either of the documents.

On Partitionable Systems

For partitionable systems, all HP-UX 11i v1 iCOD partitions, and any HP-UX 11i v2 partition utilizing temporary capacity (TiCOD), must be configured to send e-mail to HP. This is because each iCOD partition reports the processor information for itself. It is recommended that the e-mail capability be configured and the iCOD software be installed on the non-iCOD partitions, as well. This makes it easier for you to later redistribute processors across partitions (that is, load balance). See “Load-Balancing Active Processors” for details.

E-Mail Configuration

Before you Start. Your iCOD system must be network accessible to HP mail servers that are outside your company's firewalls. If your iCOD system is on an isolated network, e-mail from the iCOD system does not reach HP. This causes your iCOD system to be out of compliance with your iCOD contract if you are using temporary capacity (TiCOD).

Sendmail. sendmail is the application used by the iCOD software to send encrypted mail messages from your system to HP. The sendmail daemon, if running, can also be used to receive e-mail. For the purposes of this e-mail configuration, only the ability to send e-mail is required.

Mail applications invoke sendmail to send e-mail. The configuration file, /etc/mail/sendmail.cf, offers tremendous flexibility.

Overview of E-mail Routing Across the Internet. When sendmail is invoked by the iCOD software to send e-mail to HP, sendmail determines where it should initially send the e-mail (the first hop). Mail often goes through multiple systems (hops) before it reaches the final destination. To determine the first hop for the e-mail, sendmail uses one of the following:

The e-mail is routed to a mail relay host if it is configured in the /etc/mail/sendmail.cf configuration file. This is the easiest implementation and can be done with just a one line change (DS) to the default /etc/mail/sendmail.cf file.
Note that the relay host must be configured to properly route (forward) the mail to the final destination.
DNS MX records - this method requires that the iCOD system be in an environment (network) where DNS (Domain Name Server) is operating and properly configured. sendmail on the system queries a DNS server for the name of the mail server to forward the e-mail to (for the first hop) in order for the e-mail to reach the final destination (hp.com).

In all cases, the following requirements must be met:

HP’s mail servers receiving mail expect the host (the mail server in the last hop before reaching HP) to be properly registered in DNS. Otherwise the HP mail server rejects or “bounces” the e-mail.
The 'From' field (e-mail address) in the e-mail message must be known by the receiving mail server (that is, the hostname is registered in DNS and advertised on the internet). Otherwise the receiving mail server at HP rejects the mail. This field in the e-mail can be configured with a simple one line modification (DM) to the /etc/mail/sendmail.cf file.
In some DNS environments, no changes to the default /etc/mail/sendmail.cf file may be needed to properly route e-mail from the iCOD system to HP.
In some environments, configuring your iCOD system to properly send e-mail from the system to HP can require as little as a two line edit (or none) to the /etc/mail/sendmail.cf file. Configuring mail, including sendmail and DNS configurations, is usually handled by the IT team in most organizations.

Example A-2 Example Edit to Sendmail Configuration (/etc/mail/sendmail.cf)

DMmy_company.com
DSmailhub.my_company.com

This example assumes the following:

The iCOD systems hostname is: myICODsystem.my_site.my_company.com
The From field of the e-mail is set to my_company.com rather than the exact hostname of the iCOD system. This is because most organizations do not advertise the names of their internal servers to the internet; however, they do advertise a few (select) high level domain names to the internet.
The iCOD system is not advertised to the internet but hostname mycompany.com is advertised and reachable from the internet
E-mail is forwarded from the iCOD system to a mail relay host called mailhub. The mail server called mailhub may either be directly connected to the internet and send the e-mail directly to HP, or it may forward the e-mail to another mail server on its way to HP.




	NOTE: Any bounced iCOD e-mail messages are sent to the `adm` mailbox.

Steps to Confirm or Diagnose E-mail Configuration

After you have configured your iCOD system to send e-mail over the internet you can use the following steps to confirm the e-mail configuration or to aid in debugging the configuration:

Send an e-mail message from your iCOD system to an e-mail address in the same domain (intranet) and confirm receipt of the e-mail message.
Send an e-mail message from your iCOD system to an e-mail address outside of your domain (to the internet, for example, to a yahoo or hotmail e-mail address) and confirm receipt of the e-mail message.
Send an e-mail message from your iCOD system to someone at HP (for example, a HP representative in a local account team) and confirm the person at HP received the e-mail message.
As root, execute the command:
/usr/sbin/icod_notify <reply_address>

The command in Step 4 sends an e-mail message to HP’s audit application. HP sends a confirmation e-mail message to the reply_address. Receipt of the confirmation e-mail message confirms successful iCOD e-mail configuration

Configuring iCOD’s FROM E-mail Address

One of the e-mail requirements of the iCOD program is that the FROM e-mail address, on e-mail messages sent by the iCOD software from your iCOD system, must be DNS resolvable.

The iCOD software uses adm@localhost.domain as the default FROM e-mail address (where localhost is the hostname of your iCOD system and domain is its DNS domain). If the default FROM e-mail address is undesirable, you can configure the iCOD B.06.x software to use a FROM address you specify.

Configuring a Specified FROM Address

To configure your specified iCOD FROM e-mail address, execute the following command:
/usr/sbin/icod_modify -f from_address

You can verify the configured iCOD FROM e-mail address by using the /usr/sbin/icod_stat command.

After you have configured a specified FROM e-mail address, the iCOD software uses it on all subsequent e-mail messages sent from your iCOD system.

Reverting to the Default FROM Address

If you have specified an iCOD FROM e-mail address and you want to revert to the default iCOD FROM e-mail address (adm@localhost.domain), execute the following command:
/usr/sbin/icod_modify -f ““

Configuring Your Server to Send but Not Receive E-Mail

For security reasons, some organizations do not wish to allow incoming mail. If you want your iCOD system to be capable of only sending e-mail, and not receiving e-mail, complete the following configuration procedure:

To prevent the sendmail daemon from starting up again when your system reboots, edit the /etc/rc.config.d/mailservs file, changing the value of SENDMAIL_SERVER to 0:

vi /etc/rc.config.d/mailservs

#########################################
# Mail configuration.  See sendmail(1m) #
#########################################
#
#  BSD’s popular message handling system 
#
# SENDMAIL_SERVER:      Set to 1 if this is a mail server
#                       and should run the sendmail deamon.
# SENDMAIL_SERVER_NAME: If this is not a mail server, but a
#                       client being served by another
#                       system, then set this variable to 
#                       the name of the mail server system
#                       name so that site hiding can be
#                       performed.
#
export SENDMAIL_SERVER=0
export SENDMAIL_SERVER_NAME=

To immediately stop the server from receiving e-mail, kill the active sendmail daemon by executing the following command:
/sbin/init.d/sendmail stop

Testing E-Mail Transmission of the Asset Report




	NOTE: The following procedure assumes your iCOD system is capable of sending internet e-mail.

Execute the following command to send your asset report, by e-mail, to HP:

/usr/sbin/icod_notify <reply_address>

The specified reply_address should receive an acknowledgment e-mail message from HP confirming the receipt of your asset report. Use an e-mail client to verify the acknowledgement e-mail message from HP to the reply_address.