Configuring My Service to Send Email

Tags email SMTP

Introduction

Many individuals have applications, devices, and instrumentation that need to send emails as part of Dartmouth business operations. Examples include lab instrumentation, multifunction printers, or applications that send automated notifications. The following set of instructions provides an overview of how to configure your system correctly.

Prerequisites

Whenever possible, applications and devices should use OAuth2 authentication (Option 1) for sending email. If an application or device does not support OAuth2, you may submit a request for IP-authenticated relay (Option 2), which requires approval from the Information Security Team.

  1. Your use case must comply with all approved Dartmouth security policies, standards, and practices. Please contact help@dartmouth.edu if you are unsure.
  2. If your system supports OAuth2 authentication, see Option 1: Configuring my system to relay emails.
  3. If your system does not support OAuth2 authentication, see Option 2: IP Authenticated SMTP Relay and follow the request process.

Option 1: Configuring my system to relay emails

Important Update: Microsoft has announced that Basic Authentication for SMTP Auth will be fully retired in Exchange Online by September 2025. After this date, applications and devices will no longer be able to send email using Basic Authentication, and all configurations must transition to Modern Authentication (OAuth). New setups should not rely on Basic Authentication.

Secure Authenticated SMTP Configurations

  1. Submit a request for a service account that you will use for your configuration.
    1. Account Request Form
      • Type of Account Requested: Service
      • Account Name Requested: Usually the same as the service.
      • Type of Mailbox/Calendar Needed: In most cases, Forwarding Only will work if only sending email is needed, and inbound email will be forwarded to an account or group of your choosing. If return email needs to be stored in a separate inbox, you may choose Full email and calendar.
  2. Once you receive your account information, find your application's SMTP settings, and update accordingly.
    1. Office 365 SMTP Settings:
      • Server: smtp.office365.com
      • Port: 587
      • Protocol: STARTTLS (SSL/TLS) is required
      • Authentication: Applications and devices must use OAuth authentication. Basic Authentication for SMTP will be permanently disabled in September 2025.
      • For Linux-based applications using Sendmail or Postfix, confirm the Mail Transfer Agent (MTA) configuration with your system administrator.

Note: Existing applications and devices using Basic Authentication for SMTP Auth must transition to OAuth-based authentication before September 2025 to avoid service disruption.

Option 2: IP Authenticated SMTP Relay

In cases where OAuth2 authentication is not supported, non-user-based authenticated email relay through Dartmouth’s SMTP system may be requested. However, due to security risks, this option is strongly discouraged and requires approval. The owner of the device or service must demonstrate full compliance with the guidelines documented in the Dartmouth Information Security Committee charter (DISC).

  1. Submit a request to have your device or service added to an IP allow list for SMTP relay.
    1. General Request Form
      • Your device must have a static IP address and include it in your request.
      • You must provide an overview of the functionality of the device or service.
      • You must provide the proposed sending email address. Sending from a valid @dartmouth.edu email address that will receive and respond to bounce and reply messages is preferred.
      • Provide consent of compliance to the DISC guidelines; specific evidence may be requested.
  2. Security Review and Approval:
    • After submitting your request, it will be reviewed and must be approved by the Information Security Team before the device or service is allowed to send email through `smtp.dartmouth.edu`.
    • Requests that do not meet security requirements will be denied.
  3. Once approved, your device's IP address will be added to the IP allow list for mail routing.
  4. SMTP Settings:
    • Server: smtp.dartmouth.edu
    • Port: 25

Misuse Policy

Important Notice: Misuse of the IP Authenticated SMTP relay service will result in the immediate suspension of the application's ability to send email. Dartmouth reserves the right to revoke access at any time if security concerns arise.

Print Article

Related Articles (2)

Microsoft will retire Basic Authentication for SMTP Auth in Exchange Online by September 2025, requiring all email-sending applications, devices, and legacy email clients to transition to Modern Authentication (OAuth). This change enhances security, reduces phishing risks, and aligns with Dartmouth’s security strategy. Application administrators and users must take action to update configurations before the deadline.