2Answers

How can I send email notifications from an app that does not support TLS when my service requires TLS?

15k Views

2 Answers

We have recently changed the email services. The previous service allowed us to make SMTP connections without TLS. The new service requires TLS.

We have a couple applications that need to send email...and (of course) they do not support TLS.

To work around this, we configured the IIS 6 SMTP service to relay mail to the new service. We created a local domain user emaildude@internal.local and used these credentials in the applications.

We can now send email from the applications, BUT the from address is "support@domain.com on behalf of emaildude@internal.local".

Two questions: 1) Is there a way to get the from address to be simply "support@domain.com"? 2) Is there a better way to do this?

BTW --- we have this trouble with an internal app running on Win7 AND with an external app that is hosted on Win2003. Unfortunately, these applications are also third-party so we can't just break em open to add support for TLS.

Josefa Koch Aug 16,2020

Just to clarify, does the service require (a) using STARTTLS or (b) using SSL/TLS on connection (in which case SSL and TLS are mainly different versions of the protocol)?

Istvánné Kállai

Istvánné Kállai Added an answer on Aug 16,2020

We developed our own SMTP Proxy and have contributed it to the Open Source community: http://smtpproxy.codeplex.com

Have been using it on the internal network hitting it from multiple internal workstations and it works great. Also using it on our cloud network that handles our public facing web sites...works great there too.

Petr Skála

Petr Skála Added an answer on Aug 16,2020

You can use stunnel as a TLS proxy. It runs on Linux; not sure about Windows, but it's simple to use and very script friendly.

As for the "on behalf of," you could certainly setup an anonymous relay that doesn't require credentials, but you have to be careful not to expose this to the Internet in any way or you'd be blacklisted in a hurry. If it's internal/on the LAN only, IP filtering should suffice.

Istvánné Kállai Aug 16,2020

Thanks for suggesting the use of a proxy. I've been so focused on getting a relay to work, that I hadn't considered a proxy which I expect will be a simpler, cleaner solution.

Istvánné Kállai Aug 16,2020

I've looked into STunnel and WinGate, but I am uncomfortable installing a third party product on our production servers. We have both Win2003 and Win2008 servers that need a solution for this problem, but I just can't shake the idea that setting up a proxy to bounce SMTP traffic to another box is one of those things that can be done "out of the box" by Windows. Do you know a way to configure Windows/IIS/whatever to do such proxying? Thanks.

How can I send email notifications from an app that does not support TLS when my service requires TLS?