Mail Alerting Administration

(These administration settings are applicable to on-premise Netreo appliance deployments only.)

To send its email-based alert notifications the Netreo appliance uses an onboard "send-only" email server. The Mail Alerting Administration page is where you configure the settings that control the outbound email communication of this server.

Only users with the SuperAdmin access level may manage mail alert settings.

To open the Mail Alerting Administration page, go to the main menu and select Administration > Alerts > Mail Setup. Each section is explained below.

Configuration Sections

Mail Delivery

This section allows you to specify how email coming from Netreo (such as for alert notifications) should be handled. You may choose from the following three options.

• Direct SMTP - Mail is sent by looking up the DNS Mail Exchange record (MX) for the domain the alert notification is being sent to, and then trying to connect directly to that address.
• Relay SMTP - Forces all of Netreo's outbound mail to go to the specified server first. Enter the IP address or domain name of the server in the field provided.
• SMTP Authenticated Relay (Office 365) - If you use Microsoft Office 365 to handle your mail delivery, enter the credentials for the user account you want Netreo to use. Netreo will fail to send alert notifications  if valid credentials are not provided. (It's a good idea to create a dedicated Office 365 account for Netreo's use unless you have a specific reason not to.) Use of this option requires outbound internet access to login.microsoftonline.com on port TCP/443. Note: Once an email alias has been configured here all email from Netreo will be sent from that address, including the email test function (see below).
  • Use OAuth 2.0 - Switch on to use modern OAuth 2.0 authentication. (Microsoft is phasing out use of basic authentication for Office 365, so this option is highly recommended.)

Select Save Mail Setup after making changes to this section or the changes may be lost when editing another section.

Mail Routing

Used to set up a mail route. Only used if you have selected Direct SMTP in the Mail Delivery section. This section allows you to specify a static mail server address for a domain. Enter the domain name in the DOMAIN field, then enter the IP address that all mail for that domain should be sent to in the RELAY IP field. After you have entered the domain and IP, select the add domain (+) button in the ACTIONS column to save it. You can add as many domains as you need.

E-Mail Acknowledgement

This section allows you to set up Netreo's email acknowledgment feature.

Email acknowledgement allows you to directly reply to a Netreo-generated alert notification from your email client to acknowledge the incident that generated the alert.

Enter the details of an IMAP email account that Netreo can use to process acknowledgements. This will become the "from" account in all email alerts Netreo sends out. So, it's important that the details are correct, and that you have your organization's spam filters set to permit mail from this address to pass without filtering. If you use an IP address in the IMAP MAIL SERVER field, Netreo’s email acknowledgement checking will not be dependent on DNS. If your IMAP server requires SSL, switch on the USE SSL option.

Use OAuth 2.0 - Switch on to use modern OAuth 2.0 authentication. (Microsoft is phasing out use of basic authentication for Office 365, so this option is highly recommended.)

You can provide an alternate TCP port number to use (if one is required for your environment) in the ALTERNATE PORT NUMBER field. If this is left blank, Netreo will use the default IMAP ports (TCP/143 for IMAP or TCP/993 for SSL).

Select Save Email Acknowledgement after making changes to this section or the changes may be lost when editing another section.

E-Mail Test

Enter any email address that you would like to make sure can receive alerts here and select Test Mail to verify that Netreo is able to send alert notifications to that address.

Clear Outbound Mail

If your settings are configured incorrectly, you may accumulate a number of emails in the queue that cannot be sent. Select Clear Mail Queue to delete these messages and clear the queue.

Mail Log

The mail log shows the most recent email activity. Select More... to see an expanded view of the last 50 entries added to the log.

Best Practices

Preventing Single Point of Failure Syndrome for Alert Notifications

Netreo includes its own send-only mail server which can be used to help prevent single point of failure syndrome when sending alert notifications.

If your firewall is configured to allow outbound mail traffic from Netreo, then action groups can be configured to send alert notifications through both an external messaging system (such as a pager or cell phone provider or a Gmail account), as well as your internal mail system—thus avoiding a single point of failure for alert communication. These action groups can then be added as host alert contacts to your most important host devices, providing redundant alerting for host-down situations. This can be especially important for host-down alerts about your internal mail server—since, if that goes down, you won't receive any email alert notifications from Netreo going through it.

When an alert notification is sent to an external email address, Netreo makes a direct connection to that mail provider using its built-in mail server. Provided Netreo's outgoing traffic isn't stopped by your firewall configuration, this means your alert notifications won't be dependent on your internal mail server.

Internal Mail Server with Different IP from Public MX Record

When using Direct SMTP (the recommended option), Netreo sends mail by looking up the DNS Mail Exchange record (MX) for the domain the alert notification is being sent to, and then trying to connect directly to that address.

A potential problem with this is if Netreo is trying to send mail to an internal email address, and your company's internal mail server has a different address inside your firewall than the one that you get by looking up a DNS record for it. This could potentially cause an issue with mail not being sent.

If this is the case, then you have two options:

1. The best option would be to configure your firewall to allow Direct SMTP from the Netreo host, then in the Mail Routing section of the Mail Alerting Administration page configure a mail route with the internal address of your mail server. Mail routing works in conjunction with the Direct SMTP setting to control where mail goes.
   • A mail route is a static address entry for a particular domain. When Netreo wants to send mail to "yourcompany.com" it can look in that table to get the correct internal address for the mail server, instead of using the DNS-provided address.
   • Using Direct SMTP along with Mail Routing offers the benefit of allowing you to still send alerts directly through outside providers as well as through the internal email server—thus helping prevent single point of failure syndrome (as covered above).
2. If your firewall blocks all outbound SMTP traffic completely unless it's sent from your internal mail server, you can select the Relay SMTP option instead. This forces all of the mail sent from Netreo to go to the specified address. But, remember, this means you will be completely dependent on that system for all your outbound alerting.