General Inbound and Outbound Email Settings

Download this manual as a PDF file

This section describes the global settings in SL1 that allow SL1 to receive and send email messages. You must configure SL1 as described in this section before defining policies for events from email, tickets from email, or email round-trip policies.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

Configuring System Email Settings

To configure the system settings for email:

  1. Go to the Email Settings page (System > Settings > Email).
  2. To define settings for inbound email, provide values in the following field:
  • Authorized Email Domains. Type the SMTP domains that SL1 will use to receive incoming mail. The list of domains should include: 
  • All domains used for loopback addresses in email round-trip monitoring policies.
  • All domains used to generate tickets from emails.
  • All domains used to receive event messages from third-party monitoring systems.
  • Each entry in this field must be a fully-qualified email domain and cannot exceed 64 characters. If you include a list of domains, separate the list with commas.
  • Each domain in this field must be managed by the Database Server or All-In-One Appliance. This means that a DNS MX record must already exist or be created that maps each domain specified in this field to the Database Server or All-In-One Appliance. When creating the DNS MX record, use the fully qualified name of the Database Server or All-In-One Appliance as the name of the email server.
  1. The other fields on this page pertain to outbound email and are not required to configure inbound email. However, if you want to define settings for outbound email, provide values in the following fields: 

  • System From Email Address. Type the default email address that SL1 should use to send outbound emails.

Some outbound email servers, such as Gmail, might overwrite the System From Email Address value and instead use the email address of the authenticated user.

  • Email Formal Name. Type the name that will appear in the from field in email messages sent from SL1.
  • Email Gateway. Type the IP address or fully qualified name of the SMTP relay server used by SL1. Examples of when SL1 sends outgoing email messages are:
  • Automatically in response to Tickets from Email policies.
  • Automatically in response to changes in a ticket (ticket is assigned, edited, or resolved).
  • Automatically based on Ticket Escalation policies.
  • Automatically when executing Email Round-Trip Monitoring policies.
  • Automatically when executing Run Book policies that include email actions.
  • Automatically based on Report Jobs policies.
  • Manually, when a user selects the Send Message page from the ticket panel pages.

To use the email server that is built in to SL1, type the IP address or fully qualified name of the Database Server or All-In-One Appliance in the Email Gateway field. If SL1 cannot use its built-in SMTP relay server to route email messages directly to their destination server (for example, due to firewall rules or DNS limitations), SL1 can use another relay server. If you do so, make sure you have configured your network to allow the Database Server or All-In-One Appliance to access this SMTP Relay server.

The Email Gateway field must be configured to use the appropriate port number to use, which is designated by a preceding colon. When no port number is specified, SL1 uses the default SMTP port (25).

  • Email Gateway Alt. Type the IP address or fully qualified name of the SMTP relay server SL1 should use if the primary email gateway is unavailable.
  • Escalation Notify Subject. Type the subject line that SL1 will use when sending ticket escalation notification emails.

The Escalation Notify Subject field can include one or more variables. For a list of the variables you can include, see the section on Global Settings for Inbound Email and Outbound Email.

  1. Click Save. If the settings were saved successfully, the message "Email Settings Saved" is displayed at the top of the page.

System Settings that Affect Inbound Email

To define global settings that affect all inbound email, perform the following steps:

  1. Go to the Behavior Settings page (System > Settings > Behavior):
  2. To define settings for inbound email, provide the following values in the following field:
  • Strip FQDN From Inbound Email Device Name. In Events from Email policies, specifies how SL1 will match the regular expression for device name. Choices are:
  • Enabled. SL1 will search the text string in the incoming email and match all characters up to the first period that appears in the text string. If multiple devices in SL1 match the characters up to the first period (for example, my_device.1 and my_device.2), SL1 will align the event with the matching device with the highest Device ID.
  • Disabled. SL1 will search the text string in the incoming email for a match for the device name. The text string must include an exact match to the regular expression (defined in the Events from Email policy), including any text following a period in the device name. If SL1 does not find an exact match in the incoming email, SL1 creates an entry in the system log.
  • Inbound Email Alert Message. In each event policy, the First Match String and Second Match String fields specify the string or regular expression used to correlate the event with a log message. To trigger an event, the text of a log message must match the value in the First Match String and Second Match String fields in that event's policy. For Events from Email policies, this field specifies whether only the email message body will be written to the device log or whether both the email message subject and email message body will be written to the device log. Choices are:
  • Email Message Body Only. Only the email message body is written to the device log. The First Match String and Second Match String fields can examine and match only the email message body.
  • Email Message Subject and Body. Both the email message body and the email message subject are written to the device log. The First Match String and Second Match String fields can examine and match against both the email message body.

The global setting Inbound Email Alert Message affects how events are triggered. This field does not affect the Regex Pattern field in the Event from Email policy. The Regex Pattern field in an Event from Email policy specifies the device log to which the alert should be written.

  1. Click the Save button.

Enabling TLS for Inbound Email

By default, Transport Layer Security (TLS) is not enabled for incoming email. To enable TLS, you will need a valid TLS certificate and key file.

To enable TLS for inbound email:

  1. Obtain the content of the TLS certificate file, like the following example:

    -----BEGIN CERTIFICATE-----
    MIIEGzCCAwOgAwIBAgIUAsngd+MwWuAV16vfpkljjLxtl+4wDQYJKoZIhvcNAQEL
    BQAwgZwxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhWaXJnaW5pYTEPMA0GA1UEBwwG
    UmVzdG9uMRUwEwYDVQQKDAxTY2llbmNlbG9naWMxDTALBgNVBAsMBE1PU1MxFjAU
    BgNVBAMMDU1PU1MtQUlPLTMtNDAxKzApBgkqhkiG9w0BCQEWHHlhbWluZy5zaGFv
    QHNjaWVuY2Vsb2dpYy5jb20wHhcNMjQwNzE2MTcxMzI2WhcNMzQwNzE0MTcxMzI2
    WjCBnDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCFZpcmdpbmlhMQ8wDQYDVQQHDAZS
    ZXN0b24xFTATBgNVBAoMDFNjaWVuY2Vsb2dpYzENMAsGA1UECwwETU9TUzEWMBQG
    A1UEAwwNTU9TUy1BSU8tMy00MDErMCkGCSqGSIb3DQEJARYceWFtaW5nLnNoYW9A
    c2NpZW5jZWxvZ2ljLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
    AMCs98Y/CubDuuMlrbnQswdTvji9NoI87yory+LrIdO0eL8P/3SRWyIppccSdc+/
    g4TNm6466+BK+bmtUkwizsTWBOUrORXf2xmXVdgMEIwccVnn5RxXfqPY+QbcI31v
    uqfXSEvrVwBH03+amwiU/EgKkPQdmgYPWSOPa0nEZKsXcVvtp7I26CYluSYKlL/0
    2OMcBS0YIa/RYG8S7+8fG3NKqytiTfDOEx9W1p0lm/nusXGtntOvwLE8gzE+Nz3U
    IQ4ta8FLgj8w9sODOZCovYZisuQu+KiXNXqN42CcT6/PE35XmGrw3U2YXEx1NPIS
    zEOP7jyIRjo1hoKY2NbywnMCAwEAAaNTMFEwHQYDVR0OBBYEFEhdXy/hDkvwyXDT
    mcc7+TjN8wcaMB8GA1UdIwQYMBaAFEhdXy/hDkvwyXDTmcc7+TjN8wcaMA8GA1Ud
    EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJP2BIJwIaVeYksgjPlpEBC9
    qQFA+QNsjs/wReiPTRjiw8IfEvL05/ezBrdRf41pO9ETaCXrpZN5L7vtT6kn8Foc
    69GL8uGUU6kKxqwsdHF8CEBj8rvHJLVnuGSJvgPP4BBOLrMjBE4uzAh5Vd7z6Bsh
    NZFHmtw5QeqOafWVwBJL4KiRbTlU1RBOrP3gE2WybpEOBeQDtIqovR+noYDUMyVc
    Z20jjk3LkWjIUS8knfK8Wf73wF9s4wTTnYfaoLweymFT0/geXzhkm8lHYatVG7e/
    xgZdw5/cSsHToNvO5jriAoR/GDtZUlhw1q2qv+JRY5Hs+jrCxq/ZpIMA1mDUATU=
    -----END CERTIFICATE-----
  2. Obtain the content of TLS key file, like the following example:

    -----BEGIN PRIVATE KEY-----
    MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDArPfGPwrmw7rj
    Ja250LMHU744vTaCPO8qK8vi6yHTtHi/D/90kVsiKaXHEnXPv4OEzZuuOuvgSvm5
    rVJMIs7E1gTlKzkV39sZl1XYDBCMHHFZ5+UcV36j2PkG3CN9b7qn10hL61cAR9N/
    mpsIlPxICpD0HZoGD1kjj2tJxGSrF3Fb7aeyNugmJbkmCpS/9NjjHAUtGCGv0WBv
    Eu/vHxtzSqsrYk3wzhMfVtadJZv57rFxrZ7Tr8CxPIMxPjc91CEOLWvBS4I/MPbD
    gzmQqL2GYrLkLviolzV6jeNgnE+vzxN+V5hq8N1NmFxMdTTyEsxDj+48iEY6NYaC
    mNjW8sJzAgMBAAECggEAPhX+aXVbD+02RYeYqW2kotHLVAE0lVcJQi+GrYJTDiLz
    Xa3MBUXpdeKxtqouKFlwCdUvOz9lTosaWUiOYlY9BpRoU2hQJspRkbeAQ/PvSRbJ
    N81PuIhBGI8L/7fj/8GHBhqLA1u8VyzN7CpnlqZbfONavi7juNwtPxYx3j1YqwB9
    JzS4wGdr4y+1XazJc3tXI3qHAAGgUAvhvcuwuLsIQluwOGvhYl+5QdXBvJ+zqOZ0
    ylckh/OaJ8obfuEbHnTxAdvaCyihPBNPOj65HZvJnU8yNaO8apeezmALWfBGaB+o
    WapGkiaXpQIt3AnE7FD3VX8MxWLLvTA+8AIFSPP/wQKBgQDyqKeJWGhThULt31CO
    IMS+Qe3bBuNtxambyJAZ/NvBnT2tgB5f09lFMlByx7S+luU3Ty06j0gCVztaBjCp
    LTRnQWnGQ0CibArfL1z0Gh/HkZIodKsocNUdydCDryL8iCYJSZg+Sbawj2dlcqLi
    9YcQOJSpYbvO2CQ8VjT/YPxIQwKBgQDLRNEEXv5EM4wQYZaEmBlOdHPvZdc2FqqS
    LUUmoK6+N3d3eSBEvIWGjgWYV9wrIePaYGxhE/A9cySjtpkn85P5PRRh7y82XrHf
    EdWwjEWFeMTP6Szxn4A6F/zZjCQ+9EjzybMOoGakXwhqpBmKIuDKDP06w3sDwpw1
    4KNOdDnSEQKBgDGblRSZBEr+1V3352oG/PHAXLYIRHpujGwSppMJhIuib7eGl68T
    ijmBPb0ZYrQL+TRDdYWhQSFpX/LZjR0o5qutTciAezg5SkeyURh+Nrz/35dxsoQD
    /S2n0n75UPe7hbskVoF1ZGnYB1VQCEjJ1SDV0F6IYnK48T98iD0lQK4tAoGADgtD
    JboqdyvYkYksjRy1IuaI3BF9PQ9z2YWnMXQInrvWVTrZL+aWkyVc3Zm0bIZ656uh
    0VM/Vf+OmIEVM91wa9f8gIe2C1ufjnn8+aW3Z/FgJ71Eja0nftwJbD5ygqb+I1nc
    NTZ/4Ptv6W5NFW4zecJL/LNk3G2lvVM39UOyewECgYBmI04hXERWEAZRiDKDSpPd
    3eKhLUQG5SX1LLYc3vos9d4U9ydrBWlJbKlXSpxtofGuGt1nCPOeT8KyrKInNhhp
    3MwSc7PnqsQPzkSl224pfPusaaT4rfbcU5PmAmpdWAk4XfVj3z6qwQlonasi1cTt
    EtpHMlXJJDPbeK8hVaQfog==
    -----END PRIVATE KEY-----
  3. Prepare the following query, using the above content as an example:

    update master.system_settings_com set enable_tls=1, tls_certificate="
    -----BEGIN CERTIFICATE-----
    MIIEGzCCAwOgAwIBAgIUAsngd+MwWuAV16vfpkljjLxtl+4wDQYJKoZIhvcNAQEL
    BQAwgZwxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhWaXJnaW5pYTEPMA0GA1UEBwwG
    UmVzdG9uMRUwEwYDVQQKDAxTY2llbmNlbG9naWMxDTALBgNVBAsMBE1PU1MxFjAU
    BgNVBAMMDU1PU1MtQUlPLTMtNDAxKzApBgkqhkiG9w0BCQEWHHlhbWluZy5zaGFv
    QHNjaWVuY2Vsb2dpYy5jb20wHhcNMjQwNzE2MTcxMzI2WhcNMzQwNzE0MTcxMzI2
    WjCBnDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCFZpcmdpbmlhMQ8wDQYDVQQHDAZS
    ZXN0b24xFTATBgNVBAoMDFNjaWVuY2Vsb2dpYzENMAsGA1UECwwETU9TUzEWMBQG
    A1UEAwwNTU9TUy1BSU8tMy00MDErMCkGCSqGSIb3DQEJARYceWFtaW5nLnNoYW9A
    c2NpZW5jZWxvZ2ljLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
    AMCs98Y/CubDuuMlrbnQswdTvji9NoI87yory+LrIdO0eL8P/3SRWyIppccSdc+/
    g4TNm6466+BK+bmtUkwizsTWBOUrORXf2xmXVdgMEIwccVnn5RxXfqPY+QbcI31v
    uqfXSEvrVwBH03+amwiU/EgKkPQdmgYPWSOPa0nEZKsXcVvtp7I26CYluSYKlL/0
    2OMcBS0YIa/RYG8S7+8fG3NKqytiTfDOEx9W1p0lm/nusXGtntOvwLE8gzE+Nz3U
    IQ4ta8FLgj8w9sODOZCovYZisuQu+KiXNXqN42CcT6/PE35XmGrw3U2YXEx1NPIS
    zEOP7jyIRjo1hoKY2NbywnMCAwEAAaNTMFEwHQYDVR0OBBYEFEhdXy/hDkvwyXDT
    mcc7+TjN8wcaMB8GA1UdIwQYMBaAFEhdXy/hDkvwyXDTmcc7+TjN8wcaMA8GA1Ud
    EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJP2BIJwIaVeYksgjPlpEBC9
    qQFA+QNsjs/wReiPTRjiw8IfEvL05/ezBrdRf41pO9ETaCXrpZN5L7vtT6kn8Foc
    69GL8uGUU6kKxqwsdHF8CEBj8rvHJLVnuGSJvgPP4BBOLrMjBE4uzAh5Vd7z6Bsh
    NZFHmtw5QeqOafWVwBJL4KiRbTlU1RBOrP3gE2WybpEOBeQDtIqovR+noYDUMyVc
    Z20jjk3LkWjIUS8knfK8Wf73wF9s4wTTnYfaoLweymFT0/geXzhkm8lHYatVG7e/
    xgZdw5/cSsHToNvO5jriAoR/GDtZUlhw1q2qv+JRY5Hs+jrCxq/ZpIMA1mDUATU=
    -----END CERTIFICATE-----", tls_key="
    -----BEGIN PRIVATE KEY-----
    MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDArPfGPwrmw7rj
    Ja250LMHU744vTaCPO8qK8vi6yHTtHi/D/90kVsiKaXHEnXPv4OEzZuuOuvgSvm5
    rVJMIs7E1gTlKzkV39sZl1XYDBCMHHFZ5+UcV36j2PkG3CN9b7qn10hL61cAR9N/
    mpsIlPxICpD0HZoGD1kjj2tJxGSrF3Fb7aeyNugmJbkmCpS/9NjjHAUtGCGv0WBv
    Eu/vHxtzSqsrYk3wzhMfVtadJZv57rFxrZ7Tr8CxPIMxPjc91CEOLWvBS4I/MPbD
    gzmQqL2GYrLkLviolzV6jeNgnE+vzxN+V5hq8N1NmFxMdTTyEsxDj+48iEY6NYaC
    mNjW8sJzAgMBAAECggEAPhX+aXVbD+02RYeYqW2kotHLVAE0lVcJQi+GrYJTDiLz
    Xa3MBUXpdeKxtqouKFlwCdUvOz9lTosaWUiOYlY9BpRoU2hQJspRkbeAQ/PvSRbJ
    N81PuIhBGI8L/7fj/8GHBhqLA1u8VyzN7CpnlqZbfONavi7juNwtPxYx3j1YqwB9
    JzS4wGdr4y+1XazJc3tXI3qHAAGgUAvhvcuwuLsIQluwOGvhYl+5QdXBvJ+zqOZ0
    ylckh/OaJ8obfuEbHnTxAdvaCyihPBNPOj65HZvJnU8yNaO8apeezmALWfBGaB+o
    WapGkiaXpQIt3AnE7FD3VX8MxWLLvTA+8AIFSPP/wQKBgQDyqKeJWGhThULt31CO
    IMS+Qe3bBuNtxambyJAZ/NvBnT2tgB5f09lFMlByx7S+luU3Ty06j0gCVztaBjCp
    LTRnQWnGQ0CibArfL1z0Gh/HkZIodKsocNUdydCDryL8iCYJSZg+Sbawj2dlcqLi
    9YcQOJSpYbvO2CQ8VjT/YPxIQwKBgQDLRNEEXv5EM4wQYZaEmBlOdHPvZdc2FqqS
    LUUmoK6+N3d3eSBEvIWGjgWYV9wrIePaYGxhE/A9cySjtpkn85P5PRRh7y82XrHf
    EdWwjEWFeMTP6Szxn4A6F/zZjCQ+9EjzybMOoGakXwhqpBmKIuDKDP06w3sDwpw1
    4KNOdDnSEQKBgDGblRSZBEr+1V3352oG/PHAXLYIRHpujGwSppMJhIuib7eGl68T
    ijmBPb0ZYrQL+TRDdYWhQSFpX/LZjR0o5qutTciAezg5SkeyURh+Nrz/35dxsoQD
    /S2n0n75UPe7hbskVoF1ZGnYB1VQCEjJ1SDV0F6IYnK48T98iD0lQK4tAoGADgtD
    JboqdyvYkYksjRy1IuaI3BF9PQ9z2YWnMXQInrvWVTrZL+aWkyVc3Zm0bIZ656uh
    0VM/Vf+OmIEVM91wa9f8gIe2C1ufjnn8+aW3Z/FgJ71Eja0nftwJbD5ygqb+I1nc
    NTZ/4Ptv6W5NFW4zecJL/LNk3G2lvVM39UOyewECgYBmI04hXERWEAZRiDKDSpPd
    3eKhLUQG5SX1LLYc3vos9d4U9ydrBWlJbKlXSpxtofGuGt1nCPOeT8KyrKInNhhp
    3MwSc7PnqsQPzkSl224pfPusaaT4rfbcU5PmAmpdWAk4XfVj3z6qwQlonasi1cTt
    EtpHMlXJJDPbeK8hVaQfog==
    -----END PRIVATE KEY-----
    ";
  4. SSH to the SL1 server and run the query in step 3.

  5. Log in to the SL1 user interface, go to the Email page (System > Settings > Email), and Click Save. By saving your existing email settings again, the certificate data provided in the previous steps will be updated within the configuration.

To verify that TLS is enable for inbound email:

  1. SSH to the SL1 server and go to /etc/postfix/main.cf.

  2. Verify that the following content exists in main.cf:

    smtpd_tls_security_level = may
    smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1
    smtpd_tls_cert_file = /opt/em7/lib/python3/sl_messaging/certificate/postfix.pem
    smtpd_tls_key_file = /opt/em7/lib/python3/sl_messaging/certificate/postfix.key