SMTP Authentication

About this task

If you want to grant your end users the ability to send email through the appliance from an external network, you can enable SMTP authentication. With SMTP authentication configured, authenticated users are treated as if they were sending mail from inside the network, and the same outbound policy rules apply.

It is strongly recommended that you also enable Transport Layer Security (TLS) to encrypt the credentials required for SMTP authentication because SMTP authentication alone does not provide a secure connection.

Only users with a valid username and password will be able to connect from an external network.

Use the Configuration > Policy > SMTP Authentication page to enable and configure SMTP authentication.

You must configure directory services before you can enable SMTP authentication. For more information, see "Directory Services." End users must also configure their email clients in order for SMTP authentication to take effect.

To configure SMTP authentication for end users:

Follow these steps

  1. Select the Enable SMTP Authentication check box to begin configuring the appliance so that users can send email from an external network using SMTP authentication. (This check box cannot be selected if Directory Services have not been configured.)

    The grayed out SMTP authentication options become available.

  2. Authentication: Confirm that directory services are configured. If they are not, click Configure directory services settings to access the System: Directory Services configuration page. You must configure directory services for SMTP authentication to take effect.
    If directory services are configured, a drop-down list containing all configured directory servers is displayed. If you have configured multiple directory servers, the appliance can only perform SMTP authentication for one of them. Select this server from the list.
  3. TLS Encryption: Enable and configure TLS.
    1. Status: If TLS is not enabled, it is strongly recommended that you enable it to protect authentication credentials and other potentially sensitive data. Click Configure TLS settings to access the Policy: Encryption configuration page.
    2. Enforce TLS: It is strongly recommended that you select this check box to make TLS mandatory for your end users. When it is selected, end users who are sending email via SMTP authentication must encrypt it using TLS, or their connections will be rejected.
  4. Ports: Select one or more of the available ports to use for SMTP authentication. Port 587 is selected by default. Whichever port(s) you choose, the network must also be configured to permit remote access to the appliance over the designated port(s). An alternative port is 465. You must select at least one port.
  5. Click Apply.