AT-TLS provide TLS connection to applications, without changing the application. The IP calls are intercepted and the TLS work is done under the covers.
I was trying to debug a mail server from z/OS to Linux, and could not see any error messages.
In my Policy agent configuration I had
TTLSRule CSSMTPRule
{
RemotePortRange 25
Direction Outbound
TTLSGroupActionRef CSSMTPGroup
TTLSEnvironmentActionRef CSSMTPEnvironment
}
TTLSGroupAction CSSMTPGroup
{
TTLSEnabled On
}
TTLSEnvironmentAction CSSMTPEnvironment
{
HandshakeRole Client
TTLSKeyRingParms
{
Keyring START1/MQRING
}
}
TTLSEnvironmentAdvancedParms
{
ApplicationControlled On
}
}
I changed only the Keyring, and left the remainder unchanged. You can specify a TRACE statement, but it looks like it defaults to 2 (Errors are traced to syslogd. The messages are issued with syslogd priority code err).
When I started CSSMTP I got messages
EZD1819I CSSMTP UNABLE TO ESTABLISH A TLS CONNECTION TO TARGET SERVER 10.1.0.2 EZD1820E CSSMTP NO TARGET SERVER IS CAPABLE OF RECEIVING MAIL AT THIS TIME
Which were not very helpful.
I had the syslogd daemon running, and it put its output in /var/log. In several TCPIP.* files I had an error message
EZD1286I TTLS Error GRPID: 00000007 ENVID: 00000002 CONNID: 00000036
LOCAL: 10.1.1.2..1032 REMOTE: 10.1.0.2..25 JOBNAME: CSSMTP USERID:
START1 RULE: CSSMTPRule RC: 417 Initial Handshake 0000000000000000
0000005011421D10 0000000000000000
Where the RC is described (0 to 4999) here and 5000 and over described here
If the syslogd daemon is not running, the messages come out on syslog.
ColinPaice 