:

SMTP Server Configuration

Tenable Identity Exposure requires Simple Mail Transfer Protocol (SMTP) configuration to send out alert notifications.

Differences in Deployment Architecture

For Secure Relay Architecture:
- The Secure Relay is installed in the customer’s environment.
- You manage communication between the Secure Relay and the SMTP/SYSLOG server.

For VPN Architecture:
- The Secure Relay service is hosted on Tenable’s Cloud.
- You open a support case with Tenable to manage communication for alerting.

SMTP Server Configuration for Secure Relay Environments

To configure the SMTP server for Secure Relay:

In Tenable Identity Exposure, click System > Configuration.
Under Application Services, select SMTP Server.

The SMTP Server pane opens.
If your network uses Secure Relay: In the Relay box, click the arrow to select a Relay to communicate with your SMTP Server from the drop-down list.
Provide the following information:
- SMTP Server address
- SMTP Server port
- SMTP account
- SMTP account password

In the SMTP Encryption box, click the arrow to select an encryption method from the drop-down list.
In the Email address of the sender box, provide an email address for Tenable Identity Exposure to use when sending emails.
Click Save.

A message confirms that Tenable Identity Exposure updated the SMTP parameters.

SMTP Server Configuration for VPN Environments

To configure the SMTP server for VPN:

Identify whether the SMTP server is hosted:
- Inside the customer network (private).
- Outside the customer network (public).

Depending on your network setup:
- For an SMTP server Hosted inside the customer network:
- Provide the private IP address of the SMTP server to Tenable by opening a Support Case. Include the request to whitelist this IP for communication within the VPN tunnel.
- Wait for Tenable’s development team to complete the configuration.
- Test the VPN tunnel to confirm connectivity between Tenable Cloud and the internal SMTP server.
- For an SMTP server hosted outside the customer network:
- Confirm whether the external SMTP server filters inbound connections:
- If filtering inbound traffic based on source IP:
- Open a support case with Tenable to request the alerting IP address for the VPN tunnel.
- Work with the external SMTP provider to whitelist Tenable’s alerting IP address.
- If not filtering inbound traffic: Ensure the SMTP server’s public IP is reachable over the VPN tunnel.

Ongoing maintenance: Notify Tenable of any changes to the SMTP server’s private or public IP address to maintain VPN tunnel functionality.

Troubleshooting Common Issues

Unable to send alerts (SMTP/SYSLOG):
- Verify that the SMTP server (private or public) is reachable within the VPN tunnel.
- Confirm that the IP address is whitelisted on both ends (Tenable Cloud and the SMTP server).

Connection timeout:
- Check VPN tunnel activity and routing configuration.

Copyright © 2025 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.