Setting up an on-premise SMTP server to relay emails from devices and servers


Objectives

You need to relay emails out from devices and servers within your LAN to recipients online (such as Gmail, Yahoo, and others), or to your actual email server running on the cloud.

Assumptions

Assume you have a domain called mycorp.com that uses Microsoft Exchange Online or another cloud-based email provider for sending and receiving emails. You have multiple offices that run servers and devices that require sending emails. The recipients of these emails are both in-house users, meaning they have an email address ending with @mycorp.com or any other domain, such as @gmail.com or @someOtherCorp.com.

Requirements

You need emails generated from these devices to be sent to an on-premise SMTP server that:

  • Accepts emails from these devices
  • Relays them to their final destination
  • Messages can be sent to this on-prem SMTP either using SMTP Authentication or based on the sender's IP address.

Design

There are two ways to design this system:

  • Method 1 - The on-premise SMTP server can send these emails directly to their final recipient. For example, if the recipient is someone@gmail.com, the email will go directly to Gmail's SMTP server.
  • Method 2 - The on-premise SMTP server will first send these emails to your corporate server, such as Exchange Online, which will then send the emails to the final recipient.

The following image show the flow of messages for both methods.

relaying-from-on-premise-smtp.png

Ingredients

You will need Xeams, which is an on-premise SMTP server that you can use to relay emails to their final destination. Xeams can be installed on Windows, Linux, or a NAS box such as QNAP.

Implementing Method 1 -Send them directly to the final destination.

The following steps demonstrate a step-by-step process for implementing this scenario.

Prerequisites

  • You must be running on a network with a static public IP address. If you don't have a static IP address, you can either run it on a rented VPS server from providers like AWS, IONOS, Vultr, or any other service provider of your choice.

Step-by-step instructions

  • Install Xeams and run it in Firewall mode. When asked about domain configuration, enter your actual domain name, including the hostname of your server on the cloud, as the "Forward To" address. For example, if your actual server is hosted on Microsoft, the hostname will be something like: mycorp.mail.protection.outlook.com.
  • Modify the SPF record for your domain to include your public IP. Check this page for details.
  • Add a DKIM record for your domain. Check this page for details.
  • Allow outbound traffic for port 25 through your firewall from the IP address where Xeams is running.
  • Click Tools/Diagnostic Check - Outbound in the Xeams web interface to confirm all the best practices for sending outbound emails are being followed.
  • Send a test message. This can be done by sending it from your actual server, an email client such as MS Outlook, Mozilla Thunderbird, or a tool like Email Sender.
Implementing Method 2 -Send them through your corporate server.

You do not need to run Xeams behind a static IP address if you choose this option.

Step-by-step instructions

  • Install Xeams and run it in Firewall mode. When asked about domain configuration, enter your actual domain name, including the hostname of your server on the cloud, as the "Forward To" address. For example, if your actual server is hosted on Microsoft, the hostname will be something like: mycorp.mail.protection.outlook.com.
  • Click Server Configuration > Manage Smart Hosts, and add a new Smart Host. Put the address of your actual SMTP server and its credentials. Once done, outbound emails will be routed through your corporate email server.
  • Send a test message. This can be done by sending it from your actual server, an email client such as MS Outlook, Mozilla Thunderbird, or a tool like Email Sender.