SMTP Authentication
| Situation | Admin is trying to set up a SMTP credential, where he can send emails using SMTP Auth credentials. |
|---|---|
| Solution |
See bellow steps to create a SMTP Authentication. How to troubleshot Issues when the new SMTP authentication doesn't work |
Overview
Credential Creation
SMTP Authentication (SMTP AUTH) improves the trust between a customer's mail server and Essentials to eliminate the risk of spoofing. This feature simply creates an SMTP AUTH username and password pair in Essentials that customers can enter on their email exchange server to authenticate with Essentials.
To enable SMTP authentication:
- Navigate to Administration > Account Management > Domains.
- Under the SMTP Authentication section, click New Credential.
- Enter a label for the credential.
- Click Generate Password.
| Copy and save Username and Password information. This will be needed later when you enter these credentials in your email exchange and you will not be able to access this screen again after saving. |
|---|
- Click Save.
| Note: Please wait 30 minutes to start the next step as it may take up to 30 minutes for the credentials to propagate. |
|---|
SMTP server Requirements
Please make sure you use the appropriate smarthost when configuring the outbound:
US customers: outbound-us1.ppe-hosted.com
EU customers: outbound-eu1.ppe-hosted.com
SMTP Authentication port: 587
StartTLS is required to use SMTP Authentication.
The SMTP Credential is not the same as the SENDER address. The SENDER address must be a registered email account.
- If you use the SMTP Credential as the SENDER address, it must be listed in the User Management.
SMTP configuration
Follow the instructions provided by your email service provider to configure the SMTP AUTH. For O365 customers, please reference the following link: How to set up a multifunction device or application to send email using Office 365
Troubleshooting
- If you cannot remember your SMTP AUTH credentials, simply create a New Credential by repeating the steps above. You may delete unused Credential pairs.
Common Issue
Reviewing SMTP error connection. Customer receiving NDR messages.
Solution
Connection issues for SMTP, whether inbound or outbound, will reference Proofpoint Essentails servers with the domain ppe-hosted.com. If a server name is not listed, the SMTP transaction from the 'sending' server needs to be reviewed to show the specific hand off. We will require those log details in order to troubleshoot further. If the error message does not contain our domain, the problem is that the sending server is not handing off to the Proofpoint server yet.
Frequently Asked Questions
The following are some common questions asked about the SMTP Authentication feature:
Do customers require the use of a sending server when using SMTP AUTH credentials?
No
If you set the force SMTP AUTH, is sending servers still required?
If SMTP AUTH is all you use as a customer, you can ignore the Sending Servers section and leave them empty.
How does SMTP AUTH eliminate the risk of spoofing?
If you use SMTP AUTH ONLY (i.e., no other Sending Servers configured), it eliminates the spoofing ability originating either NATTED behind the same IP address as the Outbound mail server, or within the same shared IP space of an email service provider. Assuming the credential is not compromised of course but at least that's a more defendable position.
Is everything over port 25 still?
No. SMTP AUTH Outbound uses port 587 ONLY. In fact, if it is connecting over Port 25 you will see "Relay Access Denied"
What if they have the same sending server IP configured?
Telnet test is quite different for SMTP AUTH. Port 587 is reserve exclusively for SMTP AUTH and normal Sending Servers won't do anything on that port
Does SMTP AUTH still do sender checks?
Does this solve mail forwarding issue? (external recipients in distribution groups)
No, that's still open as a feature request
Will I need to use TLS?
STARTTLS is required before SMTP Auth