Skip to content

Commit

Permalink
add smtp authentication docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@adamcooke
adamcooke committed Mar 12, 2024
1 parent 8f7f674 commit 87ba62e
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 3 deletions.
6 changes: 3 additions & 3 deletions content/3.features/oidc.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,9 @@ oidc:
# The client secret for OIDC
secret: zyx0987654321

# Scopes to request from the OIDC server. You'll need to find these from your provider.
# You should ensure you request enough scopes to ensure the user's email address is
# returned from the provider.
# Scopes to request from the OIDC server. You'll need to find these from your
# provider. You should ensure you request enough scopes to ensure the user's
# email address is returned from the provider.
scopes:
- openid
- email
Expand Down
25 changes: 25 additions & 0 deletions content/3.features/smtp-authentication.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
title: SMTP Authentication
description: ''
category: Features
---

For sending outgoing emails through the Postal SMTP server you will need to generate a <b>credential</b> through the Postal web interface. This credential is associated with a server and allows you to send mail from any domain associated with that domain (or the organization that owns the domain.)

## Authentication types

When authenticating to the SMTP server, there are three supported authentication types.

* `PLAIN` - the credentials are passed in plain text to the server. When using this, you can provide any string as the username (e.g. `x`) and the password should contain your credential string.
* `LOGIN` - the credentials are passed Base64-encoded to the server. As above, you can use anything as the username and the password should contain the credential string (Base64-encoded).
* `CRAM-MD5` - this is a challenge-response mechanism based on the HMAC-MD5 algorithm. Unlike the above two mechanism, the username does matter and should contain the organization and server permalinks separated by a `/` or `_` character. The password used should be the value from your credential.

## From/Sender validation

When sending outgoing email through the SMTP server, it is important that the `From` header contains a domain that is owned by the server or its organization. If this it not valid, you will receive a `530 From/Sender name is not valid` error.

If you have enabled "Allow Sender Header" for the server, you can include this domain in the `Sender` header instead and any value you wish in the `From` header.

## IP-based authentication

Postal has the option to authenticate clients based on their IP address. To use this, you need to create an **SMTP-IP** credential for the IP or network you wish to allow to send mail. Use this carefully to avoid creating an open relay.

0 comments on commit 87ba62e

Please sign in to comment.