Authentication Support for SMTP Configuration

Authentication support for SMTP (Simple Mail Transfer Protocol) configuration refers to the ability to authenticate and securely communicate with an SMTP server when sending emails. This feature ensures that only authorized party can send emails through the server, enhancing security and preventing misuse.

The authentication mechanisms commonly used include the following:

  • Username or password authentication

  • OAuth authentication

By implementing authentication support, SMTP configurations can safeguard against unauthorized access and protect sensitive email communication.

Prerequisite for SMTP Configuration

  1. Add SMTP permission SendAsApp to the Azure Ad.

    1. Go to App registration view.

    2. Click API permissions.

    3. Click Add a permission.

    4. Click APIs my organization uses.

    5. Search for Office 365 Exchange Online and click the same.

    6. Click Application Permission.

    7. Search for SMTP and select SMTP.SendAsApp.

    8. Click Add Permissions.

  2. Register Service Principle by executing the following script:

    Copy 
    Install-Module -Name ExchangeOnlineManagement
    Import-module ExchangeOnlineManagement 
    Connect-ExchangeOnline -Organization <tenantId>

    $AADServicePrincipalDetails = Get-AzureADServicePrincipal -SearchString <app-name>
    New-ServicePrincipal -AppId $AADServicePrincipalDetails.AppId -ObjectId $AADServicePrincipalDetails.ObjectId -DisplayName "SMTP ServicePrincipal for <app-name>"
    $EXOServicePrincipal = Get-ServicePrincipal -Identity "SMTP ServicePrincipal for <app-name>"

    Add-MailboxPermission -Identity "<service/shared account>" -User $EXOServicePrincipal.Identity -AccessRights FullAccess

  3. Register the Oauth application in Genix. For more information about registering Oauth application, see section Register-OAuth Application.

Perform the following step for SMTP Configuration:

  1. Navigate to Administration > Email Setting > Email Accounts.

  2. Click +Add SMTP Server.

  3. Click Sign in with Micorsoft 365 and enter the required parameter fields.

    Field

    Details

    OAuth Application

    		Select the same OAuth Application registered as part prerequisite (step 3).

    From Address

    Enter the same email address ("<service/shared account>") used in the script for registering Service Principle.

    Host Name

    Enter the SMTP server address. The default host name is smtp.office365.com.

    Port Number

    Enter the port number of SMTP server. The default port number is 587.

    SSL Option

    Select a SSL option which is supported by the SMTP server. The default SSL option is Auto.

    Timeout (in seconds)

    It is the duration for the which the SMTP server tries to send out an email.

    If the SMTP server fails to send out an email, then it throws an error for the same. The default timeout value is 5 seconds.

    Scope

    It is the scope for acquiring the OAuth token. Default scope is https://outlook.office365.com/.default.

  4. Click Add to save the details.