Configure outbound relay with scanners, web applications, phone or fax servers

BEST PRACTICE: Mailprotector is designed for secure, human-to-human communication. Configuring a web application, phone system, scan to email, or other transactional devices to relay through Mailprotector may result in quarantined messages or a disabled relay if abusive behavior is detected. Using a relay service such as Mailgun, SMTP2Go, or Mailjet will perform better for these situations.

Please read Limitations of outbound relay through Mailprotector for more details.

NOTE: Both outbound relay options can be used in different situations with success. We recommend that if one of the two methods listed here is not working that the other method should be attempted.

Option 1: SMTP Authentication using port 587

Use case:

  • Typically the preferred option if SMTP Auth is supported
  • Device or application must use TLS 1.2 (TLS 1.0 and 1.1 are not supported)
  • Outbound port 25 is restricted

Configure your device or application

Configure your server, application, or device to relay outbound using SMTP Auth. Use the following information to fill in the server and credential requirements:

  • Server - smtp.cloudmail.email
  • Port - 587
  • Username - A valid address from your Mailprotector User list
  • Password - The password created/used for this address on Mailprotector
The User Type cannot be a "Mailing List"

mceclip1.png

NOTE: The user type of Equipment is not considered a billable user, so this is often the most appropriate choice for on-premise devices.

The Username and Password information is set on the User's Settings page (below). This is the full email address and password you will use when configuring SMTP Auth.

To configure/change a password, navigate to the User Profile:

  1. Login to the Mailprotector Console with a manager account
  2. Search for the address in the Finder tool or navigate to the individual user via Domain -> Users -> Select the User
  3. Click the ellipse icon on the far right-hand side mceclip2.png
  4. Set the password for the user with your preferred method. mceclip3.png

Troubleshooting SMTP Authenticated Relay

Issue

The device or application is failing to connect.

Solution

  • Make sure the device or application supports TLS 1.2. Some older multi-function printers or copiers do not support TLS 1.2, and will not be able to relay scanned documents through Mailprotector.
  • Ensure the TLS 1.2 connection is being made over port 587
  • Double-check that the server address is smtp.cloudmail.email

Issue

The device or application connects successfully, but emails are not relayed.

Solution

  • If the Sender address differs from the SMTP Auth username, make sure the Sender address is a valid address in Mailprotector. If the address does not exist, Mailprotector will reject the relay for having an invalid sender address.
  • If the application is using dynamic sender addresses, commonly used with CRM and some web forms for email tracking functions, Mailprotector's relay will not be compatible with the application. A different relay service will need to be considered.

Issue

Address added to Mailprotector Console is being removed by User Sync.

Solution

  • If User Sync is connecting to Microsoft 365 or Google Workspace, you could create a distribution group, contact, or shared mailbox to ensure the address is added and remains on Mailprotector as well.
  • Or, create a new Group in Mailprotector and add the address. User Sync only acts upon one Group at a time, and the new group will not be affected. The address will remain on Mailprotector even though it does not exist at the user sync source.

Option 2: Standard outbound relay through port 25

Use case:

  • If SMTP Authentication is not an option
  • TLS 1.2 is not supported

Configure your device or application

Configure your server, application, or device to relay using the following information:

  • Server - <your-domain>.outbound.emailservice.io
  • Port - 25 (if port 25 is blocked, use 2525)
  1. Login to the Mailprotector Console with a manager account
  2. Navigate to the domain where the device, application, or server is located
  3. Select the "Mail Flow" tab
  4. Scroll to the "Outbound email source IPs" section of the page
  5. Select the "Add" option under "Where is your email coming from?"
  6. Input the public IP address of the device, application, or server that Mailprotector should accept outbound messages from
    mceclip0.png
  7. Make sure the Sender address of the emails exists in the User list on Mailprotector

NOTE: If the Sender address is not in the Console, Mailprotector will bounce email from the device, application, or server.

If User Sync is enabled, make sure the user is in a group that doesn't have User Sync managing it. User Sync will remove any manually added users from the Console if they do not exist in the User Source. You will also want to modify the User Type to Equipment or Contact if not a real mailbox.

 

Troubleshooting Standard Relay

Issue

The device or application is failing to connect.

Solution

  • Make sure the device, application, or server's public IP address is correctly added to Mailprotector, per Step 6 above. If possible, try https://www.whatsmyip.org/ to confirm you have the correct IP address.
  • Some ISPs will block port 25. Try using port 2525.

Issue

The device or application connects successfully, but emails are not relayed.

Solution

  • If the Sender address differs from the SMTP Auth username, make sure the Sender address is a valid address in Mailprotector. If the address does not exist, Mailprotector will reject the relay for having an invalid sender address.
  • If the application is using dynamic sender addresses, commonly used with CRM and some web forms for email tracking functions, Mailprotector's relay will not be compatible with the application. A different relay service will need to be considered.

Issue

Address added to Mailprotector Console is being removed by User Sync.

Solution

  • If User Sync is connecting to Microsoft 365 or Google Workspace, you could create a distribution group, contact, or shared mailbox to ensure the address is added and remains on Mailprotector as well.
  • Or, create a new Group in Mailprotector and add the address. User Sync only acts upon one Group at a time, and the new group will not be affected. The address will remain on Mailprotector even though it does not exist at the user sync source.
Have more questions? Submit a request

Comments