MCE Email Configuration
Overview
MCE groups support the following email features:
These features allow emails to be sent to a user's configured email address,
Note that email features require MCE to be setup and enabled. For more information see:
Setting up email features in the Management Center
MCE email features are configured in the Management Center under Feature > MCE > Email
.
Connecting to an SMTP server
All MCE email features require the connection to an SMTP server to be configured.
Connection
Configure the connection from the MCE email service to an SMTP server.
- SMTP server address: Specifies the server address / host name of the SMTP server.
- SMTP server port: Specifies the port of the SMTP server.
- The default port for modern SMTP servers is 587.
- If the port has a value of 0, the secure socket options determine the default port.
- SslOnConnect: The default port is 465.
- All other options: The default port is 25.
Security
The MCE email service supports connecting to an SMTP server using SSL or TLS encryption communication protocols, and supports trusting insecure self-signed certificates.
- SMTP server secure socket options: Specifies the preferred secure socket communication method.
- None: No SSL or TLS encryption is used.
- Auto: Allow the SMTP server to decide which SSL or TLS options to use.
- The configured SMTP server port is used to determine the default security options.
- Port 465: Uses SslOnConnect.
- All other ports: Use StartTlsWhenAvailable.
- If the server does not support SSL or TLS, then the connection will continue without any encryption.
- The configured SMTP server port is used to determine the default security options.
- SSL on connect: The connection uses SSL or TLS encryption immediately.
- Start TLS: Elevates the connection to use TLS encryption immediately after reading the greeting and capabilities of the server. The server connection will fail if the server does not support the STARTTLS extention.
- Start TLS when available: Elevates the connection to use TLS encryption immediately after reading the greeting and capabilities of the server, but only if the server supports the STARTTLS extension.
- Trust insecure certificates: Allows insecure self-signed certificates to be trusted.
Password authentication
The MCE email service supports connecting to an SMTP server using password authentication.
- Enable password authentication: Enables password authentication when connecting to the SMTP server.
- Authentication username: Specifies the username required for password authentication.
- Authentication password: Specifies the password required for password authentication.
- Note that the password is not currently encrypted when persisted in the configuration file.
Synchronizing user email address attributes
User email address attributes are required to have been synchronized in order to send emails to users. This is currently configured by adding the following advanced keys to the Advanced
section of the Management Center, alongside having setup attribute synchronization found in the Configuring MCE setup.
Key | Value | Description |
---|---|---|
mce.attributesynchronization.user.emailaddress.name | Specifies the attribute name used to synchronize the user email address. | |
mce.attributesynchronization.user.emailaddress.issuer | AD | Specifies the attribute issuer used to synchronize the user email address, defaults to the specified default attribute issuer if omitted. |
mce.attributesynchronization.user.activedirectory.properties | s, st, displayName, distinguishedName, msRTCSIP-PrimaryUserAddress, mail | Specifies the active directory properties to synchronize for users (ensure the distinguished name and primary user address are synchronized). Only string type AD properties are supported. Include the "mail" attribute if you are synchronizing email addresses from AD |
Email notifications
MCE groups support notifying users they have been invited to join a group, and that they have been mentioned.
The notification features can be enabled in the General
section of the Email
Management Center configuration page.
Group invitation notifications
When enabled, users will receive an invitation notification when they gain membership to an MCE group. The email contains the following information about the group:
- Display name
- Description
- Encrypted state
- Maximum supported classification
- Security Context(s)
- A link to the group
Further customisation of the email is available in the Email metadata and Email body formatting sections.
- Email subject: Specifies the subject of the invitation notification email.
- The subject supports using the
{GroupName}
template to inject the name of the group, to which the user is invited, into the subject. - If left blank, the subject is defaulted to
Invited to join '{GroupName}'
.
- The subject supports using the
- Valid invitation window (days): Specifies the length of time (in days) that an invitation notification is considered valid.
- The MCE email service will retry sending an invitation notification email if there is a failure to connect to the SMTP server or failure to send the email. In order to prevent the email being retried forever, the valid invitation window defines the maximum number of days this will be retried.
- When enabling the feature for the first time, the valid invitation window is used to determine if a historic invitation email should be sent.
- For example, the valid invitation window is set to
seven days
and the feature is enabled for the first time. Users that have gained membership to a group in the lastseven days
will receive the invitation email.
- For example, the valid invitation window is set to
- The default valid invitation window is
seven days
.
- Repeat invitation cooldown window (days): Specifies the length of time (in days) that invitations will not be resent to a user if they lose and regain membership to an MCE group.
- For example, the cooldown period is set to
30 days
and a user gains membership to a group for the first time, they receive an invitation notification email. If they lose and regain membership to that same groupseven days
later, they will not receive a second invitation notification email. If they lose and regain membership31 days
after the initial invitation notification email then they will receive a second invitation email. - The default repeat invitation cooldown window is
30 days
.
- For example, the cooldown period is set to
Email Mentions
When enabled, this feature sends a mention notification email to a user that is mentioned in an MCE group that they have the right to join. Users that are mentioned in an MCE group but do not have rights will not receive a mention notification email. The email contains the following information about the group:
- Display name
- Description
- Maximum supported classification
- Security Context(s)
- A link to the group
Further customisation of the email is available in the Email metadata and Email body formatting sections.
- Email subject: Specifies the subject of the mention notification email.
- The subject supports using the
{GroupName}
template to inject the name of the group, in which the user is mentioned, into the subject. - If left blank, the subject is defaulted to
Mentioned in '{GroupName}'
.
- The subject supports using the
- Valid mention window (days): Specifies the length of time (in days) that an mention notification is considered valid.
- The MCE email service will retry sending a mention notification email if there is a failure to connect to the SMTP server or failure to send the email. In order to prevent the email being retried forever, the valid mention window defines the maximum number of days this will be retried.
- When enabling the feature for the first time, the valid mention window is used to determine if a historic invitation email should be sent.
- For example, the valid invitation window is set to
seven days
and the feature is enabled for the first time. Users that have gained membership to a group in the lastseven days
will receive the invitation email.
- For example, the valid invitation window is set to
- The default valid mention window is
two days
.
Email metadata
- Sender email address The sender email address specifies the email address used to send notifications to users.
- Sender display name (optional) Sets an email address alias for the sender address.
- Email protocol headers
- Specifies a collection of protocol-level email headers.
- Supports adding security contexts of the exported group with the template string
{SecurityContext}
. - Supports adding the maximum classification token with the template string
{Classification}
.
Email body formatting
- Prefix (HTML)
- Specifies a template for the header of the email as HTML.
- Suffix (HTML)
- Specifies a template for the footer of the email as HTML.
- The suffix and prefix support the following templates:
- The security contexts of the exported group by including the template string
{SecurityContext}
. - The maximum classification token by including the template string
{Classification}
.
- The security contexts of the exported group by including the template string
- Group link base path (has a default of client path)
The group link should be in the following format:
http://domain:{port number}
Secure content copying and export
Information on this subject has been moved to MCE Content Copying and Export.