HP Instant Capacity User's Guide for versions 8.x > Appendix A Special Considerations

Configuring E-Mail on Instant Capacity Systems

  Table of Contents

  Index

E-Mail Requirements

Previous versions of the Instant Capacity software required e-mail connectivity to HP in order to send asset reports as encrypted e-mail messages. Starting with version B.07.x, Instant Capacity software does not require e-mail connectivity or asset reporting, however, you may choose to configure it because it can be useful for viewing complex-wide asset information at the HP Utility Pricing Solutions portal (http://www.hp.com/go/icap/portal).

NOTE: E-mail asset reporting is set to “on” by default when the Instant Capacity software is installed. You turn asset reporting on or off with the icapnotify -a command/option. You can view the current setting of e-mail asset reporting in the Asset reporting field, near the beginning of the icapstatus command’s output.

For e-mail connectivity, the requirements are:

  • The Instant Capacity system/partition should have sendmail installed and configured such that it has the ability to send e-mail to the hp.com domain.

  • The domain name in the Instant Capacity FROM e-mail address, for the e-mail sent from the Instant Capacity system to HP, must be DNS resolvable by HP. See “Configuring Instant Capacity’s FROM E-mail Address” for details.

    IMPORTANT: On OpenVMS systems, SMTP mail must be configured for e-mail connectivity. See the documentation for the TCP/IP provider for information on configuring SMTP mail.

IMPORTANT: The e-mail is bounced/rejected by the mail servers at HP if the domain name in the FROM address, for the e-mail sent from the Instant Capacity system to HP, is not DNS resolvable by HP. Also, since asset reports are encrypted and must be decrypted at the HP portal, the decryption process may not work correctly if outgoing e-mail sent from your system is automatically modified in any way, for example, to include a privacy notice.

Note that the sendmail configuration and routing may vary, but the system must have the ability to send e-mail to the hp.com domain.

The ability to receive e-mail from HP is optional, but you may find it useful for testing the capability of sending e-mail to HP. For more information see “Configuring Your Server to Send but Not Receive E-Mail”. Refer to the HP-UX sendmail(1M) manpage for more information on sendmail.

sendmail is part of the HP-UX core and is installed with the HP-UX operating system. However, a sendmail configuration process needs to be followed to complete its installation. For information, refer to the chapter titled Installing and Administering sendmail, in the appropriate documentation:

  • For HP-UX 11i v1: Installing and Administering Internet Services (B2355-90685)

  • For HP-UX 11i v2: Installing and Administering Internet Services (B2355-90774)

You can retrieve the above documentation from the HP web site: http://docs.hp.com
Select:
Networking and Communications -> Internet Services
to access either of the documents.

On Partitionable Systems

If asset reporting is desired, configure e-mail connectivity on each partition. This makes it easier for you to later redistribute cores across partitions (that is, load balance). See “Load-Balancing Active Cores” for details.

E-Mail Configuration

Before you Start. If you decide to enable e-mail connectivity, your Instant Capacity system must be network accessible to HP mail servers that are outside your company's firewalls. If your Instant Capacity system is on an isolated network, e-mail from the system does not reach HP. This causes your system to be out of compliance with your Instant Capacity contract if you are using temporary capacity (TiCAP).

Sendmail. sendmail is the application used by the Instant Capacity software to send encrypted mail messages from your system to HP. The sendmail daemon, if running, can also be used to receive e-mail. For the purposes of this e-mail configuration, only the ability to send e-mail is required.

Mail applications invoke sendmail to send e-mail. The configuration file, /etc/mail/sendmail.cf, offers tremendous flexibility.

Overview of E-mail Routing Across the Internet. When sendmail is invoked by the Instant Capacity software to send e-mail to HP, sendmail determines where it should initially send the e-mail (the first hop). Mail often goes through multiple systems (hops) before it reaches the final destination. To determine the first hop for the e-mail, sendmail uses one of the following:

  • The e-mail is routed to a mail relay host if it is configured in the /etc/mail/sendmail.cf configuration file. This is the easiest implementation and can be done with just a one line change (DS) to the default /etc/mail/sendmail.cf file.

    Note that the relay host must be configured to properly route (forward) the mail to the final destination.

  • DNS MX records - this method requires that the Instant Capacity system be in an environment (network) where DNS (Domain Name Server) is operating and properly configured. sendmail on the system queries a DNS server for the name of the mail server to forward the e-mail to (for the first hop) in order for the e-mail to reach the final destination (hp.com).

In all cases, the following requirements must be met:

  • HP’s mail servers receiving mail expect the host (the mail server in the last hop before reaching HP) to be properly registered in DNS. Otherwise the HP mail server rejects or “bounces” the e-mail.

  • The 'From' field (e-mail address) in the e-mail message must be known by the receiving mail server (that is, the hostname is registered in DNS and advertised on the internet). Otherwise, the receiving mail server at HP rejects the mail. This field in the e-mail can be configured with a simple one line modification (DM) to the /etc/mail/sendmail.cf file.

    In some DNS environments, no changes to the default /etc/mail/sendmail.cf file may be needed to properly route e-mail from the Instant Capacity system to HP.

  • In some environments, configuring your system to properly send e-mail from the system to HP can require as little as a two line edit (or none) to the /etc/mail/sendmail.cf file. Configuring mail, including sendmail and DNS configurations, is usually handled by the IT team in most organizations.

Example A-3 Example Edit to Sendmail Configuration (/etc/mail/sendmail.cf)

DMmy_company.com
DSmailhub.my_company.com

This example assumes the following:

  • The Instant Capacity system’s hostname is: myICAPsystem.my_site.my_company.com

  • The From field of the e-mail is set to my_company.com rather than the exact hostname of the Instant Capacity system. This is because most organizations do not advertise the names of their internal servers to the internet; however, they do advertise a few (select) high level domain names to the internet.

  • The Instant Capacity system is not advertised to the internet but hostname mycompany.com is advertised and reachable from the internet

  • E-mail is forwarded from the system to a mail relay host called mailhub. The mail server called mailhub may either be directly connected to the internet and send the e-mail directly to HP, or it may forward the e-mail to another mail server on its way to HP.

NOTE: Any bounced Instant Capacity e-mail messages are sent to the adm mailbox.

Steps to Confirm or Diagnose E-mail Configuration

After you have configured your Instant Capacity system to send e-mail over the internet you can use the following steps to confirm the e-mail configuration or to aid in debugging the configuration:

  1. Send an e-mail message from your system to an e-mail address in the same domain (intranet) and confirm receipt of the e-mail message.

  2. Send an e-mail message from your system to an e-mail address outside of your domain (to the internet, for example, to a yahoo or hotmail e-mail address) and confirm receipt of the e-mail message.

  3. Send an e-mail message from your system to someone at HP (for example, a HP representative in a local account team) and confirm the person at HP received the e-mail message.

  4. As root, execute the command:
    /usr/sbin/icapnotify <reply_address>

  5. If the previous steps are all successful, but asset reports are still not visible at the HP portal, examine your e-mail configuration to determine if outgoing messages are automatically being modified or appended, for example, to include something like a privacy notice. Additions or modifications to encrypted asset reports may cause them to be rejected by the portal.

The command in Step 4 sends an e-mail message to HP’s audit application. HP sends a confirmation e-mail message to the reply_address. Receipt of the confirmation e-mail message confirms successful e-mail configuration.

Configuring Instant Capacity’s FROM E-mail Address

One of the e-mail requirements of the Instant Capacity program is that the FROM e-mail address, on e-mail messages sent by the Instant Capacity software from your system, must be DNS resolvable.

The Instant Capacity software uses adm@localhost.domain as the default FROM e-mail address (where localhost is the hostname of your system and domain is its DNS domain). If the default FROM e-mail address is undesirable, you can configure the Instant Capacity software to use a FROM address you specify.

Configuring a Specified FROM Address

To configure your specified Instant Capacity FROM e-mail address, execute the following command:
/usr/sbin/icapmodify -f from_address

You can verify the configured Instant Capacity FROM e-mail address by using the /usr/sbin/icapstatus command.

After you have configured a specified FROM e-mail address, the Instant Capacity software uses it on all subsequent e-mail messages sent from your system.

Reverting to the Default FROM Address

If you have specified an Instant Capacity FROM e-mail address and you want to revert to the default FROM e-mail address (adm@localhost.domain), execute the following command:
/usr/sbin/icapmodify -f ““

Configuring Your Server to Send but Not Receive E-Mail

For security reasons, some organizations do not wish to allow incoming mail. If you want your Instant Capacity system to be capable of only sending e-mail, and not receiving e-mail, complete the following configuration procedure:

  1. To prevent the sendmail daemon from starting up again when your system reboots, edit the /etc/rc.config.d/mailservs file, changing the value of SENDMAIL_SERVER to 0:

    vi /etc/rc.config.d/mailservs
    #########################################
    # Mail configuration. See sendmail(1m) #
    #########################################
    #
    # BSD’s popular message handling system
    #
    # SENDMAIL_SERVER:      Set to 1 if this is a mail server
    #                       and should run the sendmail deamon.
    # SENDMAIL_SERVER_NAME: If this is not a mail server, but a
    #                       client being served by another
    #                       system, then set this variable to
    #                       the name of the mail server system
    #                       name so that site hiding can be
    #                       performed.
    #
    export SENDMAIL_SERVER=0
    export SENDMAIL_SERVER_NAME=
  2. To immediately stop the server from receiving e-mail, kill the active sendmail daemon by executing the following command:

    /sbin/init.d/sendmail stop

Testing E-Mail Transmission of the Asset Report

NOTE: The following procedure assumes your Instant Capacity system is capable of sending internet e-mail.

Execute the following command to send your asset report, by e-mail, to HP:

/usr/sbin/icapnotify <reply_address>

The specified reply_address should receive an acknowledgment e-mail message from HP confirming the receipt of your asset report. Use an e-mail client to verify the acknowledgement e-mail message from HP to the reply_address.