Configure Mail Server at Tenant Level

You can send emails from a different mail server with custom SMTP configurations. This is done at the tenant level through the
Email/SMTP Settings
option. You can use trusted certificates to authenticate the API Portal or client, or both.
Ensure that the tenant uses only the following SMTP authentication mechanisms, as supported by API Portal:
  • CRAM-MD5
To configure SMTP at the tenant level:
  1. Log in as administrator.
  2. From the menu bar, select the gear icon,
    Email/SMTP Settings
  3. Configure the following options:
    SMTP Configuration
    Connection Details
    , and
    Email Options
SMTP Configuration
Custom SMTP Service
Disabled option is used for the default mail server that is configured during deployment.
Select from
, or
If SMTPS or SMTP TLS is selected:
SSL Authentication Type
Server Authentication
Mutual Authentication
  • Select Server Authentication if you want API Portal to send the client a trusted certificate to authenticate itself.
  • Select Mutual Authentication if you want the client and API Portal to mutually authenticate each other using their corresponding trusted certificates.
Server Certificate
Choose File
and upload a trusted certificate in X.509 format that is required for a secure connection with the SMTP server.
(For Mutual Authentication only)
Client Certificate
  • Click
    Create CSR
    and fill in these values, then hit
    • Common Name
    • Alias Name
    • Organization/Department/City/State/Country
    • Key Size
  • Choose an
    Alias Name
    from the dropdown and upload a trusted certificate.
  • Common Name specifies a distinguished name that is associated with your CSR. Recommendation: The Common Name is typically composed of Host + Domain Name.
  • Alias Name specifies a common identifier name that is associated with the CSR. Ensure that you add a unique alias name every time you upload a new certificate.
  • Organization/Department/City/State/Country specifies the details relevant to your organization.
  • Key Size: Select the key length (in bits) for the RSA Key pair. The signature algorithm that is used to generate the key pair is SHA256withRSA.
Regarding certificates:
  • The maximum file size of the certificate must be 50 KB.
  • Ensure that the format of the certificate and file type is valid. If you upload an invalid certificate, selecting
    does not save the file.
  • If you have already uploaded a certificate to authenticate your client, then the newly uploaded valid certificate replaces the old one after you select
    . This change cannot be reversed.
  • Replacing a previously uploaded certificate may disrupt your existing SMTP connection. In such a case, API Portal displays a warning message. Ensure that you check the corresponding CSR, the connection details, and so on, to establish a successful SMTP connection.
  • If you have already uploaded a client certificate, you cannot delete it. You need upload a new one.
  • Do not upload an expired certificate.
  • CSR is not available for download later.
  • If you have previously configured a connection, API Portal continues to connect to that connection.
  • If you do not have a previously successful connection, the connection to the SMTP server shows as inactive.
  • To delete the saved certificate, select
    Clear File
    , and then save the changes. This is applicable only for server certificates.
Connection Details
Define the connection details for an SMTP server.
Specifies the Host Name of the SMTP Server.
Specifies the port of the SMTP server through which the communication happens.
Layer7 recommends that one of the following common SMTP ports be used:
  • SMTP (587)
  • SMTPS (465)
  • SMTP TLS (587)
Specify the user name if the SMTP server is enabled for authentication.
Specify password that is associated with the user name.
Email Options
Define the emails options. Note that the domain associated with the Sender's Address and Bounce Email must be a trusted domain on the SMTP host.
Sender's Name
Specifies the name of the sender.
Sender's Address
Specifies the from email address.
Verification Email
Specifies the email to test if the connection is successful.
Bounce Email
Bounced email notifications are sent to the specified email address.
to save your configurations.
Verify that configuration is successful, as follows:
  • After saving, API Portal tests the connection to the SMTP server.
  • If the connection is successful:
    • A success message stating "Connection is active" is displayed.
    • A test email is sent to your specified verification email address.
  • If the connection is unsuccessful:
    • API Portal allows you to save the configuration but there is no connection to the SMTP server.
    • A warning message stating "Connection is inactive" is displayed.
API Portal's connection to the SMTP server is validated each time an email is sent. If the email is received successfully, it means the connection is successful and accordingly the connection status will display on the Email/SMTP Settings page. Similarly, even if the connection had been up and running but a delivery error occurred, the connection is now found inactive. This status is updated on the Email/SMTP Settings page.