| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| emailinput and output how to set it up using SSL |
« View previous topic :: View next topic » |
| Author |
Message
|
| 4lajiemail |
 Posted: Mon Sep 01, 2014 7:16 pm Post subject: emailinput and output how to set it up using SSL |
 |
|
Newbie
Joined: 01 Sep 2014
Posts: 5
|
looks like there is no place for enable ssl for emailinput node.
look through the history of this forum, there is not clear answer for that as well.
it is just a yes/not answer. why no answer. |
|
| Back to top |
|
 |
| 4lajiemail |
| Posted: Tue Sep 02, 2014 8:35 am Post subject: |
|
|
Newbie
Joined: 01 Sep 2014
Posts: 5
|
| Someone every use email input for production? or it is not a good idea to use message broker email in production. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Sep 02, 2014 8:56 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| 4lajiemail wrote: |
| it is not a good idea to use message broker email in production. |
No.
Assuming you can authenticate the email's digital signature with SSL (which I assume is what you're asking - encrypting the traffic between the broker and a mail server which by design accepts inbound data from anywhere in the web would be pointless), the nature of email is free form and therefore very difficult to parse with any broker-based solution. An email with a fixed format is no different to a record in a file, an MQ message or a web service call so why call it an email?
Add to that the problem that emails take a variable amount of time to arrive, and may not arrive at all, then they're not the obvious choice for sending business data.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Sep 02, 2014 9:01 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
To somewhat spoof my own reply, we do use an EmailInput node for 1 prod flow. It listens on the reply address of the emails we send out to customers (the "you have an important message in your secure inbox - please log onto our site to read it" sort of message). The flow listens for replies and interprets (where possible) the reason for non-delivery, flagging the system to send the guy a letter by snail mail.
We estimate a 50% success rate; not all of the replies have the non delivery reason in a parsable format. Other inbox contents are customers asking what the message is, offers by various people to give broker a cut if they can use broker's bank account to move money out of Nigeria/Russia/India and pills for many aliments you'd think a server couldn't suffer from.
These last comminications are another good reason not to try and use this for anything "real"
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| 4lajiemail |
| Posted: Tue Sep 02, 2014 9:38 am Post subject: |
|
|
Newbie
Joined: 01 Sep 2014
Posts: 5
|
Yes Vitor, that is my question. how to authenticate the emailinput node with SSL. I couldn't find answer anywhere.
regarding why use Email? I agree with you there are other better choice. however sometime, that is just business requirement.
| Vitor wrote: |
| 4lajiemail wrote: |
| it is not a good idea to use message broker email in production. |
No.
Assuming you can authenticate the email's digital signature with SSL (which I assume is what you're asking - encrypting the traffic between the broker and a mail server which by design accepts inbound data from anywhere in the web would be pointless), the nature of email is free form and therefore very difficult to parse with any broker-based solution. An email with a fixed format is no different to a record in a file, an MQ message or a web service call so why call it an email?
Add to that the problem that emails take a variable amount of time to arrive, and may not arrive at all, then they're not the obvious choice for sending business data. |
|
|
| Back to top |
|
|
| 4lajiemail |
| Posted: Tue Sep 02, 2014 9:39 am Post subject: |
|
|
Newbie
Joined: 01 Sep 2014
Posts: 5
|
Could I ask did you enable SSL for emailinput node? if you do . could you please let me know how?
Thanks a lot in advance.
| Vitor wrote: |
To somewhat spoof my own reply, we do use an EmailInput node for 1 prod flow. It listens on the reply address of the emails we send out to customers (the "you have an important message in your secure inbox - please log onto our site to read it" sort of message). The flow listens for replies and interprets (where possible) the reason for non-delivery, flagging the system to send the guy a letter by snail mail.
We estimate a 50% success rate; not all of the replies have the non delivery reason in a parsable format. Other inbox contents are customers asking what the message is, offers by various people to give broker a cut if they can use broker's bank account to move money out of Nigeria/Russia/India and pills for many aliments you'd think a server couldn't suffer from.
These last comminications are another good reason not to try and use this for anything "real" |
|
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Sep 02, 2014 11:09 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| 4lajiemail wrote: |
| Yes Vitor, that is my question. how to authenticate the emailinput node with SSL. I couldn't find answer anywhere. |
The EmailInput node doesn't do that; it's simply a link to a POP3 server. If you want to do anything with the payload (like check the signature) it's on you.
| 4lajiemail wrote: |
| sometime, that is just business requirement. |
Which is never a good answer. The example I quoted is a classic example where the business "insisted" they needed this and, given that it has no sensive data or particular impact, it was dedicded to let them have it.
(Native English speakers may be able to determine the sub-text that I was over-ruled on this matter).
It's now being decommissoned because, as I said earlier, we identify no more than 50% of the inbound emails & (because the anticipated content is auto generated emails about non-delivery) the corporate spam filter has had to be immobalized. So as long as the email doesn't actaually have malware embedded it arrives, and some business people of a nervous disposition have been upset by what gets in there.
Asking for WMB to read emails is not a business requirement, it's a technical one. What business purpose does this serve? Why does this business purpose require email and not another transport protocol? Even allowing this ghastly thing into my beautiful system, it was determined the business had a genuine need to know if emails were not arriving and we got sign off that:
- failure messages may not arrive swiftly or at all
- failure messages may not be identified as such by WMB
- Unidentified messages would need manual intervention
- No sensitive or PPI would ever appear in the original email (and consequently not in the reply)
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Sep 02, 2014 11:10 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| 4lajiemail wrote: |
| Could I ask did you enable SSL for emailinput node? if you do . could you please let me know how? |
No. You can't, as I indicate above. The emails we're reading we barely look at the content and certainly don't take "action" on it.
Except flagging a letter to be printed.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| 4lajiemail |
| Posted: Tue Sep 02, 2014 1:13 pm Post subject: |
|
|
Newbie
Joined: 01 Sep 2014
Posts: 5
|
Hi Vitor
First Thanks so much for your information and support, I do get what you mean, however bring this topic to "Native English speaker" and "business genuine ", I believe that is a little bit far.
Second the solution business give cheap solution, that is why, using email. sftp is almost too expensive for them.
As engineer I am with you, I want to build a perfect solution. reality, business doesn't want to pay.
Thank again for you help.
| Vitor wrote: |
| 4lajiemail wrote: |
| Yes Vitor, that is my question. how to authenticate the emailinput node with SSL. I couldn't find answer anywhere. |
The EmailInput node doesn't do that; it's simply a link to a POP3 server. If you want to do anything with the payload (like check the signature) it's on you.
| 4lajiemail wrote: |
| sometime, that is just business requirement. |
Which is never a good answer. The example I quoted is a classic example where the business "insisted" they needed this and, given that it has no sensive data or particular impact, it was dedicded to let them have it.
(Native English speakers may be able to determine the sub-text that I was over-ruled on this matter).
It's now being decommissoned because, as I said earlier, we identify no more than 50% of the inbound emails & (because the anticipated content is auto generated emails about non-delivery) the corporate spam filter has had to be immobalized. So as long as the email doesn't actaually have malware embedded it arrives, and some business people of a nervous disposition have been upset by what gets in there.
Asking for WMB to read emails is not a business requirement, it's a technical one. What business purpose does this serve? Why does this business purpose require email and not another transport protocol? Even allowing this ghastly thing into my beautiful system, it was determined the business had a genuine need to know if emails were not arriving and we got sign off that:
- failure messages may not arrive swiftly or at all
- failure messages may not be identified as such by WMB
- Unidentified messages would need manual intervention
- No sensitive or PPI would ever appear in the original email (and consequently not in the reply) |
|
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Sep 03, 2014 4:22 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| 4lajiemail wrote: |
| however bring this topic to "Native English speaker" and "business genuine ", I believe that is a little bit far. |
I disagree; there's no capability within the written word to indicate intonation or body language, hence sub text (especially the sub text of me being overruled when experience has proved me right) has to be brought into the main text. 
| 4lajiemail wrote: |
| Second the solution business give cheap solution, that is why, using email. sftp is almost too expensive for them. |
As I indicate above, while the solution may be inexpensive in terms of technology there are additional costs in terms of lost messages, failed messages, dealing with spam and dealing with fraud. You need to ensure that these additional costs are accepted by the business, especially if whoever in the business who deals with fraud & risk are not the same people as are paying for this.
| 4lajiemail wrote: |
| As engineer I am with you, I want to build a perfect solution. reality, business doesn't want to pay. |
You never build a perfect solution, you only ever build something which meets the true business need within the time & budget available and as I indicate above, this doesn't always work out even for me. But the blame for the failure of my 1 email flow doesn't sit with me, and the decommissioning costs don't sit with me, and the cost of building the replacement doesn't sit with me because I highlighted these issues 12 months ago when the design was proposed & again 6 months ago when it went live.
You need to ensure you're in the same position when this crashes and burns.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
