SMTP Configuration
SMTP Configuration for Email Services¶
It is possible for Cloud Providers to use their own SMTP servers for sending system-generated emails such as user registration confirmations, password resets, and alert notifications. SMTP configurations can be applied using the radm deployment tool or API-based methods.
SMTP Configuration Options¶
Customers can configure SMTP in either of the following ways:
Configure SMTP via Web Console¶
SMTP settings can be configured directly from the System section of the Web Console. This allows organizations to route notification emails through their own mail servers for security, monitoring, or compliance purposes.
Important: The SMTP Configuration feature is not available to all organizations by default. Contact Support team to enable this feature. If the feature is not enabled, the SMTP Configuration option will not appear in the Settings section.
- Navigate to Infrastructure → System → Settings.
- Under Settings, select SMTP Configuration.
- Provide the following details:
- Host: SMTP server hostname (for example,
smtp.gmail.comorsmtp.sendgrid.net). - Port: Port number used by the SMTP server (commonly
587for TLS). - TLS: Enable or disable TLS encryption as required.
- Username: Email address or username for SMTP authentication.
- Password: Corresponding password for authentication.
- Host: SMTP server hostname (for example,
- (Optional) Select Send Test Email to verify the configuration.
- Click Save to apply the configuration.
Global (Controller-Level) SMTP Configuration¶
Configure SMTP for the entire controller by adding the following environment variables to the event-framework deployment:
- name: FW_EVENT_SMTP_SERVER_ADDR
value: <SMTP_SERVER_ADDRESS>
- name: FW_EVENT_SMTP_SERVER_PORT
value: "<SMTP_SERVER_PORT>"
- name: FW_EVENT_SMTP_SERVER_USERNAME
value: <SMTP_USERNAME>
- name: FW_EVENT_SMTP_SERVER_PASSWORD
valueFrom:
secretKeyRef:
key: <SMTP_PASSWORD_KEY>
name: <SECRET_NAME>
- name: FW_EVENT_SMTP_SERVER_USE_TLS
value: "<USE_TLS_TRUE_OR_FALSE>"
- name: FW_EVENT_SMTP_SERVER_USE_INSECURE
value: "<USE_INSECURE_TRUE_OR_FALSE>"
Note: Without TLS enabled, authentication will not work. Username and password are required for authentication.
Partner-Level SMTP Configuration¶
SMTP can be configured at the partner level using the Ops Console UI or APIs. Partner-level configuration applies to all organizations under the partner.
Configure SMTP via Ops Console (UI)¶
SMTP settings can be configured directly from the Ops Console using the UI.
- Log in to the Ops Console as a partner admin and select SMTP.
- Provide the following details:
- Host: Fully qualified domain name (FQDN) or IP address of the SMTP server.
- Port: Port used by the SMTP server.
- TLS: Enable or disable TLS encryption for SMTP communication.
- Username: Username used for SMTP authentication.
- Password: Password associated with the SMTP account.
- (Optional) Select Send Test Email to verify the configuration.
- Click Save to apply the configuration.
The configured SMTP settings are used for sending system-generated emails across all organizations under the partner.
Configure SMTP via API¶
curl -X POST 'https://<ops-console-url>/event/v1/email/config' \
-b 'rsid=<SESSION_ID>' \
--data-raw '{
"email_config": {
"smtp_config": {
"username": "<SMTP_USERNAME>",
"password": "<SMTP_PASSWORD>",
"host": "<SMTP_SERVER_ADDRESS>",
"port": <SMTP_PORT>,
"use_tls": <USE_TLS_TRUE_OR_FALSE>,
"use_insecure": <USE_INSECURE_TRUE_OR_FALSE>,
"retries": <NUMBER_OF_RETRIES>
}
}
}'
Note: Partner-level configuration overrides the controller-level SMTP settings if both are defined.
Additional SMTP Management APIs
- Get SMTP configuration
curl 'https://<console-url>/event/v1/email/config'
-b 'rsid=***
- Delete SMTP configuration
curl -X DELETE 'https://<console-url>/event/v1/email/config'
-b 'rsid=***'
- Verify SMTP configuration
curl -X POST 'https://<ops-console-url>/event/v1/email/config/verification' \
-b 'rsid=<SESSION_ID>' \
--data-raw '{
"sender_email": "<SENDER_EMAIL_ADDRESS>",
"recipient_email": "<RECIPIENT_EMAIL_ADDRESS>",
"subject": "<EMAIL_SUBJECT>",
"body": "<EMAIL_BODY>"
}'
Additional Configuration¶
Set the following environment variable in admin-api and rafay-sentry to control how passwords are handled during organization creation and to enable email-based account setup:
name: ACCOUNT_CREATION_STRATEGY
value: VERIFY
When set to VERIFY, SMTP can be configured and no password is required during organization creation. Users receive an email to complete password setup.
When set to AUTO, a password must be set while creating the organization.
Viewing Email Activity via Audit Logs¶
Use audit logs to check whether email events have been processed and sent.
- Organization-Level SYSTEMAUDIT Logs
curl 'https://<console-url>/event/v1/auditlog?&filter.timefrom=now-1h&filter.offset=0&filter.limit=10&filter.category=SYSTEMAUDIT'
-b 'rsid=***'
- Partner-Level SYSTEMAUDIT Logs
curl 'https://<ops-console-url>/opsauditlogs/?timefrom=now-7d&category=SYSTEMAUDIT'
-b 'rsid=***'
Audit Logs in OPS Console¶
To enable querying Elasticsearch for audit logs in the OPS Console, configure the following environment variables in the frontend-opsconsole deployment:
- name: ES_USER_NAME
value: elastic
- name: ES_PASSWORD
valueFrom:
secretKeyRef:
key: elastic
name: rafay-es-es-elastic-user
- name: ELASTIC_SEARCH_FQDN
value: https://rafay-es-es-http:9200
Notes: - Confirm the
ElasticSearchURL is correct. Avoid duplicate or incorrect entries. - These changes must be deployed usingradmor equivalent deployment automation tools. - These configurations apply only to self-hosted/on-premises controllers.
Summary¶
| Scope | Configuration Method | Description |
|---|---|---|
| Controller | Env vars in event-framework | Affects all partners and orgs if no partner-level config is set |
| Partner | POST /event/v1/email/config |
Affects all organizations within the partner |
| Verification | POST /event/v1/email/config/verification |
Verify SMTP before enabling workflows |
| Logging | SYSTEMAUDIT via API | Confirm email dispatch via system audit logs |