It is the responsibility of the Appliance Administrator to configure Safeguard for Privileged Passwords to automatically send email notifications when certain events occur.
Use the Email pane to configure the SMTP server to be used for email notifications and to edit the email templates that define the content of email notifications.
Before you start
Before configuring the SMTP server, perform the following, as needed.
- Configure the DNS Server and set up the user's email address correctly.
- If you are using a transport layer for email authentication, it is recommended you create the certificate signing request (CSR) with SPP using the Add Certificate > Create Certificate Signing Request (CSR) option. For more information, see Creating an audit log Certificate Signing Request.
CSRs may be installed in the following formats.
- Install Certificate generated from CSR including:
- DER Encoded Files (.cer, .crt, or .der)
- PEM Encoded Files (.pem)
- Install Certificate with Private Key including:
- PKCS#12 (.p12 or .pfx)
- Personal Information Exchange Files (.pfx)
- Install Certificate generated from CSR including:
To configure the SMTP Server
- Go to SMTP Server:
- web client: Navigate to External Integration > Email.
- To configure the email notifications, enter these global settings for all emails:
- SMTP Server Address: Enter the IP address or DNS name of the mail server. When unspecified, the email client is disabled.
When entering an IPv6 address, you must encapsulate it in square brackets, such as [b86f:b86f:b86f:1:b86f:b86f:b86f:b86f].
If you are using a mail exchanger record (MX record), you must specify the domain name for the mail server.
- SMTP Port: A default port is set for SMTP which should be changed, if needed. By default, the SMTP port is 465 or, if you are using SSL/TLS, the default is port 25. The range is 1 to 65535.
-
Select one of the following to add Transport Layer Security.
- Require STARTTLS: Select this option to connect to an SMTP server that supports the STARTTLS command to elevate the connection from text-based to TLS.
- Require SMTPS: Select this option to immediately use TLS in its connection to the target SMTP server.
- None: There is no transport layer security applied to emails.
If you selected Require STARTTLS or Require SMTPS, you can select one, both, or none of the following:
- Verify SSL Certificate: Verify SSL Certificate: If not selected, the remote SMTP server's SSL certificate is not verified.
- Use Client Certificate: Select this check box to present a Client Certificate during a TLS connection to the remote SMTP server.
- User Authentication: Select an option if you want to authenticate access to the SMPT server.
- Account: If selected, click Directory Account or Asset Account then select the account to use for authentication.
- Password: If selected, enter the Account Name and Account Password to use for authentication.
- None: If selected, the user will not be authenticated.
- Send Test Email To: Enter an email address to use as the "From" address for all emails originating from the appliance. This is required if you specify the SMTP Server Address. The limit is 512 characters.
- SMTP Server Address: Enter the IP address or DNS name of the mail server. When unspecified, the email client is disabled.
To validate your setup
Test the email setup. When you test, no emails except for the tests are handled.
- In Send Test Email To, enter the email address of where to send the test message.
- Enter the Timeout for the test email from delivery start to the email successfully being sent or the return of an error notification. Each IP address is tested and if one fails, the an error is returned for the entire process. The maximum is 255 seconds per IP check. The error logs are maintained for two days. During testing, a valid From address with an invalid To address is not delivered.
- Click Send Test Email. The email is sent using the configuration settings. If there is an error or timeout, a message displays in the user interface.
- You must check to ensure the email is delivered. If there was no message in the user interface but the email is not delivered, check the support bundle log files in the SMTPSVC1 folder. Two days of logs are maintained. For more information, see Support bundle.