SMTPSERVER - Detailed description

Overview

Parameter:SMTPSERVER
Category: SMTP
Default value: "mail.example.com"
Product: eTASK.Other (SMTP)

What does this parameter do?

This parameter specifies which SMTP server (mail server) is used for sending emails from the eTASK.FM portal. All emails sent by the system (notifications, reminders, reports, etc.) are sent via this server.

SMTP stands for "Simple Mail Transfer Protocol" – the standard protocol for sending emails on the Internet.

What is this parameter used for?

• Notification emails: status changes, new orders, escalations

• Automatic reminders: Due tasks, maintenance appointments

• Report delivery: Automatic delivery of reports via email

• Password reset: Sending password reset links

• System alerts: Technical errors, warnings (depending on other parameters)

• Workflow communication: Email notifications in approval processes

• Room reservations: Confirmations and reminders

• Ticket system: Status changes and assignments

Technical Details (for Administrators)

Format: String (hostname or IP address)
Default value: "mail.example.com" (Placeholder - must be configured!)

Valid values:

- Hostname: mail.firma.de, smtp.office365.com, smtp.gmail.com
- Fully Qualified Domain Name (FQDN): mail.internal.firma.local
- IP address: 192.168.1.50 (not recommended, as it is less maintainable)
- With port (if different from default): Controlled via a separate parameter SMTPPORT

Default port: 25 (unencrypted), 587 (STARTTLS), 465 (SSL/TLS) - see SMTPPORT

Important technical aspects:

- DNS resolution: The server must be resolvable via DNS from
the eTASK server - Network connection: Firewall must allow SMTP ports (usually
25/587/465) - Authentication: Depends on SMTP server configuration (see SMTPUSERNAME, SMTPPASSWORD)
- TLS/SSL: Encryption is controlled via separate parameters (SMTPUSESSL)

Interaction with other parameters:

- SMTPPORT: Defines the port (default: 25, 587, 465)
- SMTPUSERNAME: Username for SMTP authentication
- SMTPPASSWORD: Password for SMTP authentication
- SMTPUSESSL: Enables SSL/TLS encryption
- SMTPSENDEREMAIL: Sender address for outgoing emails
- SMTPTIMEOUT: Timeout for server connection

Troubleshooting:

- If you encounter connection issues: telnet <SMTPSERVER> <SMTPPORT> Test from the
eTASK server - Check logs: Application Event Log (see LOGLEVEL)
- Use the test page: Control Panel - Portal Options - Portal Administration - Portal
Control - Network Traces: Wireshark for detailed analysis

When should you change this value?

Change the value to the new server if:

• SMTP server moves: New IP address or new hostname

• Cloud migration: Switch to Office 365, Google Workspace, etc.

• Consolidation: Centralization to a corporate mail server

• Security upgrade: Switch to a server with TLS/SSL support

• Performance issues: Current server is overloaded or slow

• Compliance requirements: New server for a regulated environment

• Disaster recovery: Failover to backup SMTP server

Retain value if:

• Server is functioning reliably: No technical issues

• No infrastructure changes: SMTP server remains unchanged

• Correct configuration: Email delivery works flawlessly

Check value if:

• Emails are not arriving: Recipients are not receiving notifications

• Delayed delivery: Emails are not delivered until hours later

• Errors in the application log: SMTP connection errors appear

• After server updates: SMTP server has been reconfigured

Important Notes

1. The default value is a placeholder!
   "mail.example.com" is not a real server. During the initial installation, this value must be changed to your organization’s actual SMTP server; otherwise, email delivery will not work!

2. Test DNS resolution
   Before configuration, ensure that the eTASK server can resolve the SMTP server via DNS: powershell nslookup mail.firma.de If it cannot be resolved: Either create a DNS entry or use the IP address (not recommended).

3. Firewall permissions required
   The firewall between the eTASK server and the SMTP server must allow the SMTP port (usually 25, 587, or 465). Coordinate this with your network department!

4. Changes usually do not require a restart
   The change usually takes effect immediately. To test: Send a test email via the system.

5. Note authentication requirements
   Many modern SMTP servers (especially cloud services like Office 365) require: - Username and password (SMTPUSERNAME, SMTPPASSWORD) - TLS/SSL encryption (SMTPUSESSL) - Often port 587 instead of 25

6. Relay permissions
   The SMTP server must allow the eTASK server to send emails (SMTP relay). Coordinate this with the SMTP server administrator.

7. Backup server?
   Consider setting up a fallback mechanism (e.g., via a load balancer or DNS round-robin) in case the primary SMTP server fails.

Security

Does changing this parameter affect security?

Yes, this parameter has indirect but important security implications.

Security implications:

• Confidentiality: Unencrypted SMTP connections can be eavesdropped on → Use TLS/SSL (SMTPUSESSL)

• Authenticity: A malicious SMTP server could intercept emails → Verify hostnames and certificates

• Availability: Email notifications are critical for workflows

• Man-in-the-middle attacks: DNS spoofing could lead to the wrong server → DNSSEC and certificate validation

• Spam abuse: A compromised SMTP server could be used for spam → Secure server configuration

Security best practices:

1. Use encryption (TLS/SSL) - Port 587 with STARTTLS (recommended) - Port 465 with SSL/TLS - NEVER use unencrypted Port 25 for sensitive data

2. Enable authentication - SMTPUSERNAME and SMTPPASSWORD enforce - Prevents unauthorized use

3. Prefer internal servers - Use internal SMTP servers instead of external services - Reduces the attack surface

4. Check certificates - For TLS/SSL: Validate server certificate - Issue a warning for self-signed certificates

5. Enable logging - LOGLEVEL set to at least 1 (Warnings) – Monitor SMTP errors

Compliance considerations:

GDPR:
Emails may contain personal data. Unencrypted SMTP connections could violate data protection regulations.

ISO 27001:
Recommends encrypted communication for business-critical systems.

Conclusion:
The parameter itself is not directly security-critical, but the choice of SMTP server and the type of connection (encrypted/unencrypted) have significant security implications. Always use encrypted connections (TLS/SSL) for production environments!

Practical example

Scenario 1: Initial installation with an internal SMTP server

Initial situation:
You are performing a fresh installation of the eTASK.FM Portal. Your company operates an internal Exchange server mail.firma.localthat allows SMTP relay for internal applications (Port 25, no authentication required).

Configuration:
You set SMTPSERVER to mail.firma.local.

Additional parameters:

- SMTPPORT = 25 - SMTPUSESSL = false (internal network, encrypted via IPsec)
- SMTPSENDEREMAIL = etask@firma.de - SMTPUSERNAME = (empty, no authentication)
- SMTPPASSWORD = (empty)

After configuration:

1. Test by sending a test email to yourself

2. The email is successfully sent via mail.firma.local sent

3. Recipient receives email from etask@firma.de

4. All system notifications are working

Result:
Email delivery works flawlessly on the internal network.

Scenario 2: Migration to Office 365

Initial situation:
Your company is migrating from a local Exchange server to Office 365 (Microsoft 365). The old server mail.firma.local will be shut down. Office 365 requires TLS and authentication.

Research:
Microsoft Office 365 SMTP settings:

- Server: smtp.office365.com
- Port: 587
- Encryption: TLS (STARTTLS)
- Authentication: required

Configuration:
Change the following parameters:

- SMTPSERVER = smtp.office365.com
- SMTPPORT = 587
- SMTPUSESSL = true (TLS)
- SMTPUSERNAME = ******@firma.onmicrosoft.com
- SMTPPASSWORD = [Passwort des Office 365-Kontos]
- SMTPSENDEREMAIL = etask@firma.de

After the change:

1. Test with a test email

2. The connection to smtp.office365.com:587 is established in an encrypted manner

3. Authentication with ******@firma.onmicrosoft.com is successful

4. Email is sent via Office 365

Possible issue:
Office 365 is blocking the email from being sent with the error "Client not authenticated".

Solution: Enable
"SMTP AUTH" in Office 365 for this mailbox

Result:
After configuring the app password, sending via Office 365 works flawlessly.

Scenario 3: Troubleshooting connection issues

Initial situation:
After a network update, emails are no longer reaching recipients. The Application Log shows: "Could not connect to SMTP server mail.company.com".

Diagnosis:

Step 1: Test DNS resolution

Result: DNS is working; the IP address is resolved.

Step 2: Test network connection

Result: "Could not open connection" → Firewall is blocking!

Step 3: Check firewall rule Contact the network department: After the update, the firewall rule for port 25 was accidentally deleted.

Solution: Network department creates new firewall rule: - Source: eTASK server (IP: 10.10.5.20) - Destination: SMTP server (IP: 10.10.1.50) - Port: 25 - Protocol: TCP

Step 4: Retest

Result: Connection successful!

Step 5: Send a test email Send a test email to yourself in the eTASK portal.

Result:
Email delivery is working properly again. The problem was a firewall block.

Recommended setting

For corporate environments with an internal SMTP server

Recommended configuration:

- SMTPSERVER = Your internal mail server (e.g. mail.firma.local or mail.firma.de)
- SMTPPORT = 25 (internal, unencrypted) or 587 (with TLS)
- SMTPUSESSL = true (if possible)
- Authentication: As needed

Reason:

- Direct control over mail servers
- No dependence on external services
- Often no authentication required on the internal
network - Fast delivery

For cloud-based SMTP servers (Office 365, Google Workspace)

Recommended configuration:

Office 365:

- SMTPSERVER = smtp.office365.com
- SMTPPORT = 587
- SMTPUSESSL = true
- SMTPUSERNAME = etask@firma.onmicrosoft.com
- SMTPPASSWORD = App password or regular password

Google Workspace (Gmail):
- SMTPSERVER = smtp.gmail.com
- SMTPPORT = 587
- SMTPUSESSL = true
- SMTPUSERNAME = etask@firma.com
- SMTPPASSWORD = App password

Reason:

- High availability (Cloud SLA)
- Secure connection (TLS/SSL)
- No need for server maintenance
- Requires an internet connection
- Dependency on cloud service

For small environments without their own SMTP server

Option A: Use ISP SMTP server

- SMTPSERVER = Your Internet provider’s SMTP server (e.g. smtp.isp.de)
- Often usable without authentication
- Dependent on the provider, often limited

Option B: Use a relay service

- Services such as SendGrid, Mailgun, AWS SES
- Highly available, professional
- Subject to fees once a certain volume is reached

NEVER use:

Default value mail.example.com
This value is a placeholder and does not work. The system cannot send emails!

External servers without encryption (Port 25)
Security risk! Emails can be intercepted.

Public SMTP servers without authentication
Are often misused as spam sources and blocked.

Configuration checklist:

1. DNS resolution works (nslookup <server>)

2. Firewall allows SMTP port

3. SMTP server allows relaying from the eTASK server

4. TLS/SSL enabled (SMTPUSESSL = true)

5. Authentication configured (if required)

6. Test email sent successfully

7. Logs checked for errors (LOGLEVEL)

Conclusion: Always use your organization’s SMTP server with an encrypted connection (TLS) for production environments!