SMTP Server Configuration
Tenable Identity Exposure requires Simple Mail Transfer Protocol (SMTP) configuration to send out alert notifications.
Differences in Deployment Architecture
-
For Secure Relay Architecture:
-
The Secure Relay is installed in the customer’s environment.
-
You manage communication between the Secure Relay and the SMTP/SYSLOG server.
-
-
For VPN Architecture:
-
The Secure Relay service is hosted on Tenable’s Cloud.
-
You open a support case with Tenable to manage communication for alerting.
-
SMTP Server Configuration for Secure Relay Environments
To configure the SMTP server for Secure Relay:
-
In Tenable Identity Exposure, click System > Configuration.
-
Under Application Services, select SMTP Server.
The SMTP Server pane opens.
-
If your network uses Secure Relay: In the Relay box, click the arrow to select a Relay to communicate with your SMTP Server from the drop-down list.
-
Provide the following information:
-
SMTP Server address
-
SMTP Server port
-
SMTP account
-
SMTP account password
-
-
In the SMTP Encryption box, click the arrow to select an encryption method from the drop-down list.
-
In the Email address of the sender box, provide an email address for Tenable Identity Exposure to use when sending emails.
-
Click Save.
A message confirms that Tenable Identity Exposure updated the SMTP parameters.
SMTP Server Configuration for VPN Environments
To configure the SMTP server for VPN:
-
Identify whether the SMTP server is hosted:
-
Inside the customer network (private).
-
Outside the customer network (public).
-
-
Depending on your network setup:
-
For an SMTP server Hosted inside the customer network:
-
Provide the private IP address of the SMTP server to Tenable by opening a Support Case. Include the request to whitelist this IP for communication within the VPN tunnel.
-
Wait for Tenable’s development team to complete the configuration.
-
Test the VPN tunnel to confirm connectivity between Tenable Cloud and the internal SMTP server.
-
For an SMTP server hosted outside the customer network:
-
Confirm whether the external SMTP server filters inbound connections:
-
If filtering inbound traffic based on source IP:
-
Open a support case with Tenable to request the alerting IP address for the VPN tunnel.
-
Work with the external SMTP provider to whitelist Tenable’s alerting IP address.
-
If not filtering inbound traffic: Ensure the SMTP server’s public IP is reachable over the VPN tunnel.
-
-
Ongoing maintenance: Notify Tenable of any changes to the SMTP server’s private or public IP address to maintain VPN tunnel functionality.
Troubleshooting Common Issues
-
Unable to send alerts (SMTP/SYSLOG):
-
Verify that the SMTP server (private or public) is reachable within the VPN tunnel.
-
Confirm that the IP address is whitelisted on both ends (Tenable Cloud and the SMTP server).
-
-
Connection timeout:
-
Check VPN tunnel activity and routing configuration.
-