Setting up SMTP settings for outbound email connections

Venafi Platform has powerful logging capabilities, with a variety of methods of delivery. After database logging, the most popular form of notifications is via email.

Venafi Platform will not be able to send email notifications for log channels or for the reporting service until you configure the outbound SMTP server settings, as described below.

The SMTP server settings you want to use may be the same for both log channels and the reporting service, however you need to set up both if you are using both features. Keeping the configurations separate allows you to use different email settings for the different purposes.

Configuring the SMTP Default Connectors for Log Channels and Reporting in VCC

  1. In Venafi Configuration Console, open the Connectors node.

  2. In the SMTP Default Connectors section, click the connector you want to configure.

    • Log Channels. This connector controls the SMTP email configuration for all SMTP Log channels. For more information, see Setting up notification channels

    • Reporting. This connector controls the SMTP email configuration for all Reporting service modules.

  3. Click Properties.

  4. If prompted, log in to Venafi Platform using an account with system administrator permissions.

  5. Enter the SMTP Server information as outlined in the table below.

    Field Description
    Host Enter the SMTP host name or IP address. For example: smtp.example.com or 127.0.0.1.
    Port

    Enter the port to use for the SMTP connection. The default port for SMTP connection is 25, which does not encrypt the connection.

    To use Secure TLS communication, you cannot use port 25. Here are the three standard SMTP ports:

    • Port 25. (Default) This is a non-secure default SMTP port.

    • Port 465. This port securely sends email via SMTP by SSL/TLS.

    • Port 587. This is the successor port of port 465 and is often seen as the default transmission channel for secure SMTP connections.

    Venafi uses SMTP Authentication for outbound email. We are investigating support for OAuth2, but the currently-implemented OAuth2 flows are created for client applications where the user can be periodically prompted for credentials (or MFA) to obtain a new grant. As a server application, Venafi requires an unattended authentication method.

    We strongly recommend you configure your SMTP to use Secure TLS communication on a supported port. The Microsoft Exchange team's solution for continued support is using High Volume Email (HVE) for Microsoft 365, Azure Communication Services for Email, or an Exchange Server on-premises in a hybrid configuration.

    For instructions on how to onboard to High Volume Email for Microsoft 365, see instructions from Microsoft at https://learn.microsoft.com/en-us/Exchange/mail-flow-best-practices/high-volume-mails-m365. This solution uses port 587 and authenticates to Office 365 using a HVE account username and password.

    Sender E-mail This is the e-mail address the recipient will see in the "From" field of their email message.
    Use Secure TLS communication This setting enables the email client and server to exchange messages using the Transport Layer Security (TLS) protocol, which encrypts the data and verifies the identity of and integrity of the parties involved.
    Log event for each delivered message When checked, Venafi Configuration Console will log an event for every email message it sends. This feature is useful to meet some organization's auditing requirements.
    Lock settings [...] When checked, individual SMTP channels or Reporting modules will not be able to override these settings. This is analogous to locking the policy setting.
    Authenticate to SMTP Server This setting requires the email client to provide a valid user name and password to the SMTP server before it can send or receive email messages. When selected, the following two fields become available.
    Username The username used to authenticate the SMTP connection to the email host.
    Password The password used to authenticate the SMTP connection to the email host.
    Send Test E-mail Click to test the connection to ensure Venafi Platform can send messages using these settings.

  6. Click OK.

IMPORTANT  Until SMTP outbound server settings are configured for the first time, SMTP channels are disabled. Do not attempt to send any logs to SMTP channels until you configure SMTP outbound server settings as described above.

The first time you configure an SMTP connection, the built-in SMTP channels automatically become enabled.