Previous: Up: Deployment GuideNext:

SMTP Agent XML Configuration

WARNING: XML Configuration has been deprecated

XML configuration for the SMTP protocol consists of an XML file that sets parameters for both the SMTP agent and the security and trust agent. Below is a sample configuration file.

<SmtpAgentConfig>
   <Domains>
      <AnchorStore type="multidomain" storeType="LDAP" ldapURL="ldap://localhost:1024/" ldapUser="" ldapPassword="" ldapConnTimeout="10000" ldapSearchBase="cn=lookupTest" ldapSearchAttr="email" ldapCertAttr="privKeyStore" ldapCertPassphrase="1kingpuff" ldapCertFormat="PKCS12"/>    
      <Domain name="cerner.com" postmaster="postmaster@cerner.com">
         <IncomingTrustAnchors> 
             <Anchor name="microsoft.com"/>   
             <Anchor name="securehealthemail.com"/>              
         </IncomingTrustAnchors>  
         <OutgoingTrustAnchors> 
             <Anchor name="microsoft.com"/>   
             <Anchor name="securehealthemail.com"/>              
         </OutgoingTrustAnchors>           
      </Domain>      
      <Domain name="securehealthemail.com" postmaster="postmaster@securehealthemail.com">    
          <IncomingTrustAnchors> 
             <Anchor name="cerner.com"/>              
         </IncomingTrustAnchors>  
         <OutgoingTrustAnchors> 
             <Anchor name="cerner.com"/>              
         </OutgoingTrustAnchors>
      </Domain>     
   </Domains>
   <PublicCertStore type="DNS"/>
   <PrivateCertStore type="LDAP" ldapURL="ldap://localhost:1024/" ldapUser="" ldapPassword="" ldapConnTimeout="10000" ldapSearchBase="cn=lookupTest" ldapSearchAttr="email" ldapCertAttr="privKeyStore" ldapCertPassphrase="1kingpuff" ldapCertFormat="PKCS12"/>
   <RawMessageSettings saveFolder="RawMsgFolder"/>
   <OutgoingMessagesSettings saveFolder="OutgoingMsgFolder"/>
   <IncomingMessagesSettings saveFolder="IncomingMsgFolder"/>
   <BadMessagesSettings saveFolder="BadMsgFolder"/>
   <MDNSettings autoResponse="true" productName="NHIN Direct Security Agent">
       <Text><![CDATA[Your message was processed successfully.]]></Text>
   </MDNSettings>   
</SmtpAgentConfig>

Domains

The domains element describes the list of domains that will be managed by the agent. Each domain is configured as a child domain element.

AnchorStore

Describes the storage mechanism for trust anchors.

Attributes:

AttributeDescription
typeThe type of the anchor store. Uniform: All domains use the same anchors for all addresses. Multidomain: Each domain defines its own discrete set of trust anchors.
storeTypeThe storage media of the trust anchors. Valid types: LDAP, Keystore
ldapURLThe url to the LDAP server. Consists of the protocol, host, and port. Multiple URLs can be define and are comma delimeted. Example: ldap://somehost:389
ldapUserThe user name credential for connecting to the LDAP store. May be empty if the LDAP server allows anonymous binding.
ldapPasswordThe password credential for connecting to the LDAP store.
ldapConnTimeoutOptional timeout in seconds before the connection is failed.
ldapSearchBaseThe distinguished name used as the base of LDAP searches.
ldapSearchAttributeThe attribute in the LDAP store that is used to match a search query.
ldapCertAttrThe attribute in the search query result that holds the certificate file.
ldapCertPassPhraseFor pkcs12 files, the pass phrase used to encrypt the certificate.
ldapCertFormatThe format of the certificate in the LDAP store. Valid formats: pkcs12, X.509
fileFor keystore store types, the name of the file that contains the certificates. This can be just a file name, a fully qualified path, or a relative path.
filePassFor keystore store types, an optional password used to encrypt the file.
privKeyPassFor keystore store types, an optional password used to encrypt private keys.

Domain

Attributes:

AttributeDescription
nameThe name of the domain
postmasterThe postmaster email address for the domain

Elements:

ElementTypeDescription
IncomingTrustAnchorsList<Anchor>The trust anchors used for outgoing messages
OutgoingTrustAnchorsList<Anchor>The trust anchors used for incoming messages
Anchor

Anchors define the certificates that determine trust between domains.

Attributes:

AttributeDescription
nameThe name has different semantics depending on the AnchorStore type. LDAP: The domain name of the trusted domain. Keystore: The alias name of the trust anchor in the keystore.

PublicCertStore

The PublicCertStore element describes the medium used to store public certificates.

Attributes:

AttributeDescription
typeThe storage media of the public certs. Valid types: DNS, Keystore
fileFor keystore store types, the name of the file that contains the certificates
filePassFor keystore store types, an optional password used to encrypt the file.
privKeyPassFor keystore store types, an optional password used to encrypt private keys.

PrivateCertStore

The PrivateCertStore element describes the medium used to store private certificates.

Attributes:

AttributeDescription
typeThe storage media of the private certs. Valid types: LDAP, Keystore
ldapUserThe user name credential for connecting to the LDAP store. May be empty if the LDAP server allows anonymous binding.
ldapPasswordThe password credential for connecting to the LDAP store.
ldapConnTimeoutOptional timeout in seconds before the connection is failed.
ldapSearchBaseThe distinguished name used as the base of LDAP searches.
ldapSearchAttributeThe attribute in the LDAP store that is used to match a search query.
ldapCertAttrThe attribute in the search query result that holds the certificate file.
ldapCertPassPhraseFor pkcs12 files, the pass phrase used to encrypt the certificate.
ldapCertFormatThe format of the certificate in the LDAP store. Valid formats: pkcs12, X.509
fileFor keystore store types, the name of the file that contains the certificates. This can be just a file name, a fully qualified path, or a relative path.
filePassFor keystore store types, an optional password used to encrypt the file.
privKeyPassFor keystore store types, an optional password used to encrypt private keys.

XXMessageSettings

Describes the location where processed messages should be stored. This is intended for debug purposes only and should not be set in a production environment.

Supported message settings elements:

Attributes:

AttributeDescription
saveFolderThe folder where the messages will be stored. If the folder does not exist, the system will automatically created it as long as the agent's process has permission to do so.

MDN Settings

The agent can automatically produce MDN message in response to MDN requests with a disposition of Processed. MDN is described in RFC3798 and is intended (for the SMTP Agent purposes) to indicate the successful reception and processing of message by the security and trust agent.

Attributes:

AttributeDescription
autoResponseIndicates if the SMTP agent should produce MDN messages for MDN requests. The default setting is false if this attribute is not present.
productNameThe product name used in the user agent header of the MDN message. Defaults to Security Agent if this attribute is not present.

Elements:

ElementTypeDescription
TextString or CDATAHuman readable response text sent back to the sender indicating a successful reception of the senders message. The text may either be a simple string or may be contained in a CDATA section for more sophisticated encoding and formatting.


Previous: Up: Deployment GuideNext: