Remote sending (a.k.a SMTP AUTH)
Mail will be either to a local user (so delivered to their INBOX) or will need to be sent on to another server. The action of sending on is known as relaying. All users both external and internally can send mail to be delivered to local users, but it is important to control who can relay. If your NetManager allowed anyone to send mail to anyone, it would be an open relay and a prime target for sending spam.
Therefore, mail sending falls into 5 groups:
- Local user on internal computer sending to a local user (always allowed)
- Local user on internal computer sending to someone outside (always allowed)
- Anyone on external computer sending to a local user (always allowed)
- Local user on external computer sending to someone outside (not allowed by default)
- Someone unknown on external computer sending to someone else outside (never allowed)
Internal computers are defined as those on Trusted Networks. They can send to all local or outside users.
When your users are not using an internal computer (e.g. they are at home or using a mobile device), by default they will not be able to send mail via your NetManager unless it is to another local user. To allow your users to send mail to both internal and external users, they need to identify themselves to the NetManager by logging in. This is known as SMTP AUTH (SMTP is the language used between mail servers and clients for delivering mail. AUTH is short for authentication).
To allow external sending two things need to be enabled on the NetManager:
- SMTP encryption (otherwise usernames and passwords could be viewed by other people)
- A list of valid users and groups must be configured
To enable SMTP encryption, you should follow the procedure to configure SSL certificates, specifically the SMTP SSL Certificates section. You will then need to ensure you configure the SMTP server in your email client with the fully-qualified domain name on your certificate rather than an IP address.
To configure the list of users and groups, go to E-Mail Administration > Send/Receive in webadmin and click on the SMTP Sending tab. In the Sending mail from outside your network: section you should complete the following:
- List of specific users in addition to chosen groups (separated by spaces)
- Tick the chosen groups
- Select whether users will only be able to send from a local domain name. This should always be enabled unless you really know what you are doing.
- Select whether usernames must match the email address you are sending as. If enabled, then you would not be able to email as firstname.lastname@example.org if your username was actually jsmith)
smtp_submit_validusers- space-separated list of users and groups (which are specified with a @ at the start of the name) which may send mail from externally
smtp_submit_matchuser- y/n to set whether to enforce whether usernames must match the email address you are sending as
smtp_submit_matchdomain- y/n to set whether to enforce whether users will only be able to send from a local domain name