SMTP Server Configuration

Tenable Identity Exposure requires Simple Mail Transfer Protocol (SMTP) configuration to send out alert notifications.

Differences in Deployment Architecture
  • For Secure Relay Architecture:

    • The Secure Relay is installed in the customer’s environment.

    • You manage communication between the Secure Relay and the SMTP/SYSLOG server.

  • For VPN Architecture:

    • The Secure Relay service is hosted on Tenable’s Cloud.

    • You open a support case with Tenable to manage communication for alerting.

SMTP Server Configuration for Secure Relay Environments

To configure the SMTP server for Secure Relay:

  1. In Tenable Identity Exposure, click System > Configuration.

  2. Under Application Services, select SMTP Server.

    The SMTP Server pane opens.

  3. If your network uses Secure Relay: In the Relay box, click the arrow to select a Relay to communicate with your SMTP Server from the drop-down list.

  4. Provide the following information:

    • SMTP Server address

    • SMTP Server port

    • SMTP account

    • SMTP account password

  1. In the SMTP Encryption box, click the arrow to select an encryption method from the drop-down list.

  2. In the Email address of the sender box, provide an email address for Tenable Identity Exposure to use when sending emails.

  3. Click Save.

    A message confirms that Tenable Identity Exposure updated the SMTP parameters.

SMTP Server Configuration for VPN Environments

To configure the SMTP server for VPN:

  1. Identify whether the SMTP server is hosted:

    • Inside the customer network (private).

    • Outside the customer network (public).

  1. Depending on your network setup:

    • For an SMTP server Hosted inside the customer network:

    • Provide the private IP address of the SMTP server to Tenable by opening a Support Case. Include the request to whitelist this IP for communication within the VPN tunnel.

    • Wait for Tenable’s development team to complete the configuration.

    • Test the VPN tunnel to confirm connectivity between Tenable Cloud and the internal SMTP server.

    • For an SMTP server hosted outside the customer network:

    • Confirm whether the external SMTP server filters inbound connections:

    • If filtering inbound traffic based on source IP:

    • Open a support case with Tenable to request the alerting IP address for the VPN tunnel.

    • Work with the external SMTP provider to whitelist Tenable’s alerting IP address.

    • If not filtering inbound traffic: Ensure the SMTP server’s public IP is reachable over the VPN tunnel.

  1. Ongoing maintenance: Notify Tenable of any changes to the SMTP server’s private or public IP address to maintain VPN tunnel functionality.

Troubleshooting Common Issues

  • Unable to send alerts (SMTP/SYSLOG):

    • Verify that the SMTP server (private or public) is reachable within the VPN tunnel.

    • Confirm that the IP address is whitelisted on both ends (Tenable Cloud and the SMTP server).

  • Connection timeout:

    • Check VPN tunnel activity and routing configuration.