By Shivdas Tomar on Apr 17, 2012
Oracle E-Business Suite Workflow Notification Mailer leverages the functionality of SMTP and IMAP services to send and receive notification and alert emails respectively. Until E-Business Suite Release 12.1.3, Workflow Notification Mailer supports authentication for only IMAP server connections. Starting Release 12.1.3, Workflow Notification Mailer supports authentication for SMTP servers.
Main reasons to support authentication for SMTP servers are,
- An attacker could hijack the SMTP connection either pretending the server does not support the Authentication extension or causing all AUTH commands to fail.
- A SMTP server accessible over public domain could be misused by spammers to hide their identify and send spam e-mails.
How to configure
- Go to Workflow Manager Screen and navigate to Workflow Notification Mailer page.
- Edit the Workflow Mailer configuration, update "SMTP user" and "SMTP Password" parameters, SAVE and bounce the Workflow Service Container.
Workflow Mailer supports PLAIN, LOGIN and CRAM-MD5 mechanisms with JavaMail version 1.4.
How to check
On a non-SSL enabled SMTP server, it can be checked easily:
$ - telnet smtp.host.com 25 Trying 10.11.12.13... Connected to smtp.host.com (10.11.12.13). Escape character is '^]'. 220 smtp.host.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 17 Apr 2012 10:11:36 -0400 EHLO smtp.host.com 250-smtp.host.com Hello my.desktop.com [184.108.40.206], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-STARTTLS 250-DELIVERBY 250 HELP