SMTP Configuration

ℹ️ Minimum Controller Version: v3.1-31

SMTP Configuration for Email Services¶

It is possible for Cloud Providers to use their own SMTP servers for sending system-generated emails such as user registration confirmations, password resets, and alert notifications. SMTP configurations can be applied using the radm deployment tool or API-based methods.

SMTP Configuration Options¶

Customers can configure SMTP in either of the following ways:

Configure SMTP via Web Console¶

SMTP settings can be configured directly from the System section of the Web Console. This allows organizations to route notification emails through their own mail servers for security, monitoring, or compliance purposes.

Important: The SMTP Configuration feature is not available to all organizations by default. Contact Support team to enable this feature. If the feature is not enabled, the SMTP Configuration option will not appear in the Settings section.

Navigate to Infrastructure → System → Settings.
Under Settings, select SMTP Configuration.
Provide the following details:
- Host: SMTP server hostname (for example, smtp.gmail.com or smtp.sendgrid.net).
- Port: Port number used by the SMTP server (commonly 587 for TLS).
- TLS: Enable or disable TLS encryption as required.
- Username: Email address or username for SMTP authentication.
- Password: Corresponding password for authentication.
(Optional) Select Send Test Email to verify the configuration.
Click Save to apply the configuration.

Global (Controller-Level) SMTP Configuration¶

Configure SMTP for the entire controller by adding the following environment variables to the event-framework deployment:

- name: FW_EVENT_SMTP_SERVER_ADDR
  value: <SMTP_SERVER_ADDRESS>
- name: FW_EVENT_SMTP_SERVER_PORT
  value: "<SMTP_SERVER_PORT>"
- name: FW_EVENT_SMTP_SERVER_USERNAME
  value: <SMTP_USERNAME>
- name: FW_EVENT_SMTP_SERVER_PASSWORD
  valueFrom:
    secretKeyRef:
      key: <SMTP_PASSWORD_KEY>
      name: <SECRET_NAME>
- name: FW_EVENT_SMTP_SERVER_USE_TLS
  value: "<USE_TLS_TRUE_OR_FALSE>"
- name: FW_EVENT_SMTP_SERVER_USE_INSECURE
  value: "<USE_INSECURE_TRUE_OR_FALSE>"

Note: Without TLS enabled, authentication will not work. Username and password are required for authentication.

Partner-Level SMTP Configuration¶

Configure SMTP for a specific partner by logging in as a super admin and running the following API request:

curl -X POST 'https://<ops-console-url>/event/v1/email/config' \
  -b 'rsid=<SESSION_ID>' \
  --data-raw '{
    "email_config": {
      "smtp_config": {
        "username": "<SMTP_USERNAME>",
        "password": "<SMTP_PASSWORD>",
        "host": "<SMTP_SERVER_ADDRESS>",
        "port": <SMTP_PORT>,
        "use_tls": <USE_TLS_TRUE_OR_FALSE>,
        "use_insecure": <USE_INSECURE_TRUE_OR_FALSE>,
        "retries": <NUMBER_OF_RETRIES>
      }
    }
  }'

Additional SMTP Management APIs¶

Get SMTP configuration

curl 'https://<console-url>/event/v1/email/config'
-b 'rsid=***

Delete SMTP configuration

curl -X DELETE 'https://<console-url>/event/v1/email/config'
-b 'rsid=***'

Verify SMTP configuration

curl -X POST 'https://<ops-console-url>/event/v1/email/config/verification' \
  -b 'rsid=<SESSION_ID>' \
  --data-raw '{
    "sender_email": "<SENDER_EMAIL_ADDRESS>",
    "recipient_email": "<RECIPIENT_EMAIL_ADDRESS>",
    "subject": "<EMAIL_SUBJECT>",
    "body": "<EMAIL_BODY>"
  }'

Note: Partner-level configuration overrides the controller-level SMTP settings if both are defined.

Additional Configuration¶

Set the following environment variable in admin-api and rafay-sentry to enable email sending for events such as account or organization creation:

name: ACCOUNT_CREATION_STRATEGY
value: VERIFY

Viewing Email Activity via Audit Logs¶

Use audit logs to check whether email events have been processed and sent.

Organization-Level SYSTEMAUDIT Logs

curl 'https://<console-url>/event/v1/auditlog?&filter.timefrom=now-1h&filter.offset=0&filter.limit=10&filter.category=SYSTEMAUDIT'
-b 'rsid=***'

Partner-Level SYSTEMAUDIT Logs

curl 'https://<ops-console-url>/opsauditlogs/?timefrom=now-7d&category=SYSTEMAUDIT'
-b 'rsid=***'

Audit Logs in OPS Console¶

To enable querying Elasticsearch for audit logs in the OPS Console, configure the following environment variables in the frontend-opsconsole deployment:

- name: ES_USER_NAME
  value: elastic
- name: ES_PASSWORD
  valueFrom:
    secretKeyRef:
      key: elastic
      name: rafay-es-es-elastic-user
- name: ELASTIC_SEARCH_FQDN
  value: https://rafay-es-es-http:9200

Notes: - Confirm the ElasticSearch URL is correct. Avoid duplicate or incorrect entries. - These changes must be deployed using radm or equivalent deployment automation tools. - These configurations apply only to self-hosted/on-premises controllers.

Summary¶

Scope	Configuration Method	Description
Controller	Env vars in event-framework	Affects all partners and orgs if no partner-level config is set
Partner	POST `/event/v1/email/config`	Affects all organizations within the partner
Verification	POST `/event/v1/email/config/verification`	Verify SMTP before enabling workflows
Logging	SYSTEMAUDIT via API	Confirm email dispatch via system audit logs