Situation | Admin is traying to set up a SMTP credential, where he can send emails using SMTP Auth credentials. |
---|---|
Solution | See bellow steps to create a SMTP Authentication. How to troubleshot Issues when the new SMTP authentication doesn't work |
Overview
SMTP Authentication (SMTP AUTH) improves the trust between a customer's mail server and Essentials to eliminate the risk of spoofing. This feature simply creates an SMTP AUTH username and password pair in Essentials that customers can enter on their email exchange server to authenticate with Essentials.
To enable SMTP authentication:
- Navigate to Administration > Account Management > Domains.
- Under the SMTP Authentication section, click New Credential.
- Enter a label for the credential.
- Click Generate Password.
Copy and save Username and Password information. This will be needed later when you enter these credentials in your email exchange and you will not be able to access this screen again after saving. |
---|
- Click Save.
Note: Please wait up to 60 minutes to start the next step as it may take up to 60 minutes for the credentials to propagate. |
---|
Troubleshooting
If you cannot remember your SMTP AUTH credentials, simply create a New Credential by repeating the steps above. You may delete unused Credential pairs.
Common Issue
Reviewing SMTP error connection. Customer receiving NDR messages.
Solution:
Connection issues for SMTP, whether inbound or outbound, will reference Proofpoint Essentails servers with the domain ppe-hosted.com. If a server name is not listed, the SMTP transaction from the 'sending' server needs to be reviewed to show the specific hand off. We will require those log details in order to troubleshoot further. If the error message does not contain our domain, the problem is that the sending server is not handing off to the Proofpoint server yet.
Frequently Asked Questions
The following are some common questions asked about the SMTP Authentication feature:
Q: Do customers require the use of a sending server when using SMTP AUTH credentials?
A: Yes
Q: If you set the force SMTP AUTH, is sending servers still required?
A: If SMTP AUTH is all you use as a customer, you will still require a sending server address for relay.
Q: How does SMTP AUTH eliminate the risk of spoofing?
A: If you use SMTP AUTH ONLY (i.e., no other Sending Servers configured), it eliminates the spoofing ability originating either NATTED behind the same IP address as the Outbound mail server, or within the same shared IP space of an email service provider. Assuming the credential is not compromised of course but at least that's a more defendable position.
Q: Is everything over port 25 still?
A: No. SMTP AUTH Outbound uses port 587 ONLY. In fact, if it is connecting over Port 25 you will see "Relay Access Denied"
Q: What if they have the same sending server IP configured?
A: Telnet test is quite different for SMTP AUTH. Port 587 is reserve exclusively for SMTP AUTH and normal Sending Servers won't do anything on that port
Q: Does SMTP AUTH still do sender checks?
A: Yes, the sender domain (address in the case when SMTP Discovery is off) still needs to be registered and active
Q: Does this solve mail forwarding issue? (external recipients in distribution groups)
A: No, that's still open as a feature request
Q: Will I need to use TLS?
A: STARTTLS is required before SMTP Auth
IMPORTANT SAFETY TIP:
in a nutshell, if you want to use SMTP Authentication
a) You need to create the SMTP AUTH user under Account Management > Domains > SMTP AUTH
b) You need to have a user that exist in proofpoint either as an end_user, silent_user or functional account with the same name (should be done automatically when creating the SMTP Auth account)
c) Remember that when you create user or functional account, it can take an hour for it to be live.