Setup an internal relay outbound email for those legacy network devices to use Google Apps mail server.
Google's mail servers use TLS (SSL) encryption that require authentication for sending email.
Many legacy network devices, such as copier/scanner/multi function devices, do not support authenticated SSL login to a SMTP server. The following solution is a simple, low impact solution. By using the open source hMailServer to act as a Windows-based SMTP relay, companies can successfully switch to Google Apps without losing the ability to scan and email documents directly from their multi-function devices.
- A valid Google Apps account (batter to have a dedicated application user account, instate of normal user account).
- A PC or server which run windows server 2003 or above.
- Internet connection for the PC or server to connect to Google mail server (smtp.gmail.com) via port 465 or port 587.
- Download hMailServer from http://www.hmailserver.com/
- Select a machine that will be on and accessible 24/7 from any necessary device on the network.
- Perform a standard install. Drive space should be minimal as this system will act strictly as a relay server, and only cache undeliverable messages.
- Set an admin password for the console and be sure not to lose it as this admin panel will be accessed very infrequently after successful deployment.
- Configure a GMail/Google Apps account for outbound use. Skip to step 6 if you have already done this, otherwise, for Google Apps:
- Login to your Google Apps control panel as an administrator (typically https://www.google.com/a/yourdomain.com).
- Create a dedicated account for outbound scans/reports/etc, such as firstname.lastname@example.org and Save.
- * Important * Login to your new account through the Google Apps interface for your domain, as if you were a new user, and perform the CAPTCHA verification and accept the terms for the account and test the inbox functionality.
- Logout and note these credentials for the next steps.
- Open the Administration console for hMailServer and make the following configuration changes in hMailServer:
- [Domains | Add...] Add a new local domain. For example, local.yourdomain.com and Save.
- [Domains | local.yourdomain.com | Accounts | Add...] Add a new local account. For example,email@example.com and Save.
- [Settings | Protocols | SMTP | Delivery of e-mail] make the following changes:
- [Local host name] = yourserver.yourdomain.com (pretty much irrelevant)
- [Remote host name] = smtp.gmail.com
- [Remote TCP/IP port] = 465
- [Server requires authentication] = Checked
- [User name] = firstname.lastname@example.org (or email@example.com, etc.)
- [Password] = <as chosen>
- [Use SSL] = Checked
- [Settings | Advanced | IP Ranges] Add...
- [Name] = Firewalled subnets
- [Priority] = 20
- [Lower IP] - [Upper IP] = Inclusive local subnet that includes network devices that need to relay.
- [Anti-Spam] = Cleared
- [Anti-Virus] = Cleared
- [Require SMTP Authentication]
- [Local to local e-mail addresses] = Cleared
- [Local to external e-mail addresses] = Cleared
- [External to local e-mail addresses] = Cleared
- [External to external e-mail addresses] = Cleared
- Open the configuration page for your multi-function device or automated system that needs to relay.
- Select the IP address (or resolvable host name) of the computer on which you installed hMailServer as the mail server.
- If necessary set the username as firstname.lastname@example.org and the password <as chosen>.
- It is not required to set a username and password if the device does not support it.
- Send a test e-mail to an external address and verify receipt.
If you're having problems getting the relay to work, here are some things to try:
- Configure a standard mail client with the local (email@example.com) address and password, and point it at the hMailServer.
- Send a message to an external address and check the non delivery report.
- Open the Administration console and enable logging as follows:
- [Settings | Logging | Enabled] = Checked
- [Log | Application] = Checked
- [Log | SMTP] = Checked
- [Log | TCP/IP] = Checked
- <Show Logs>
- Send a test e-mail and check the logs. Typical errors include incorrect credentials, or a mistyped port on the outbound relay page.
This is a VERY INSECURE installation if the internal SMTP relay server is not behind your office firewall. If possible, please only allow the IP address of those systems that require the SMTP relay at the hMailserver setting (refer to the step 6 above). Do not open up the access list to the entire IP ranges of your office private network, Keep in mind that, those user's PCs/Laptops that affected by malware that looks for open relays on you local network will be able to forward with impunity through this relay.)