15. Chapter - Email

15.1. Email Relay

15.1.1. Rights

The Intra2net system includes an SMTP server for sending emails. All network objects (e.g. networks, clients, VPNs,...) with the right "Email relaying allowed" (see Section 9.3, „Access Rights of a Network Object“) and firewall settings that allow access to the SMTP port can use the Intra2net system to send emails over the Internet (relayer) without further authentication.

From local networks without the right "Email relaying allowed" and the Internet it is still permitted after authentication with an active account from the Usermanager (see Section 14.2, „User“) and corresponding rights (see Section 14.1.1, „Access Rights“).

Sending emails to local addresses on Intra2net systems is not relaying and is possible from all networks which the firewall allows access to the SMTP port.

15.1.2. SMTP-Submission

To minimize spam, some ISPs do not allow their customers to connect directly to TCP port 25 (SMTP). This would mean that it would no longer be possible to use the Intra2net system to send emails from anywhere. For this reason, the Intra2net system supports SMTP submissions on TCP port 587.

Simply switch your mobile email client from port 25 to port 587 and enable authentication with your user name on the Intra2net system. You should also enable encryption using TLS (in some programs wrongly referred to as SSL).

15.1.3. Dispatch Methods

Emails sent to the Internet can either be sent directly to the target server or to an SMTP relay server, which then handles further transmission. Relay servers support virtually all website providers, but also some access providers.

To reduce spam, most email servers no longer accept direct emails from IPs used for dial-up or DSL. We therefore strongly encourage the use of a relay server.


The sending and receiving paths of emails are independent of each other. This means that you can easily receive emails directly via SMTP, for example, while using a relay server for sending them.

15.1.4. Dispatch via relay server

Email relay servers are stored as a relay profiles under Services > Email > Relay.

Almost all relay servers require authentication using login and password via SMTP-AUTH. The old method of SMTP after POP is nowadays rarely used and should be switched to SMTP-AUTH if possible.

15.1.5. Direct Dispatch

Many email providers use rather aggressive methods to reduce the amount of spam they receive. Therefore, the configuration and connectivity of email servers is tested before any email is accepted. In most cases it is recommended to use a relay server (see previous chapter).

If you want to send emails directly, you must first meet the following criteria:

  • Static IP address assigned by the Provider.

  • DNS reverse resolution (reverse lookup, PTR entry) must be possible for the IP and correspond exactly to the external email server name of the Intra2net system. This is specified under Services > Email > Settings. If you want to use or change reverse resolution, contact your access provider, they must configure this for you. Under System > Diagnosis > DNS you can enter your external IP address and check how the DNS reverse resolution is set.

  • The external email server name set under Services > Email > Settings must be resolvable via DNS (forward resolution, A entry) and point to the external IP of the Intra2net system. To create this DNS entry, contact your web space or domain provider.

  • The assigned IP address should be registered to the customer and not the provider. This can be checked using RIPE at http://www.ripe.net/.

15.1.6. Choosing the dispatch method

Normally, all emails are sent using the same method and configuration. This is configured in the Services > Email > Relay menu in the "Default" profile. If required, different sending methods can be used based either on the currently active Internet provider or on the sender address of an email.

A sending method that is dependent on the currently active Internet provider is particularly useful if the emails are to be sent directly by the primary provider, but with a fallback provider this is not possible because of the external IP address used, for example.

In this case, create a new profile of the type "Provider" under Services > EMail > Relay. Under Network > Provider > Profiles : Services, these profiles can then be selected for all Internet providers that are not to use the default sending method.

A relay profile dependent on the sender address of an email is particularly necessary if emails are to be sent via relay servers, but none of the relay servers in question allows emails to be sent with arbitrary sender addresses. In this case, several relay servers or different logins on the same relay server can be selected to match the sender domain or individual sender address.

In this case, under Services > Email > Relay, create a new profile of the type "Sender" and select the appropriate sender address or sender domain.

For the sender domain type, the domains must always be specified in full. Subdomains are not automatically treated like a superordinate domain, separate profiles must be created for them.

The priority of the relay profiles is as follows:

  1. Single sender address

  2. Sender domain

  3. The relay profile assigned to the currently active provider