Configuring outbound email settings

To set the outbound email settings

1. In Web Client, go to Administration > Full Administration Menu > System Configuration > Settings > Outbound email.
2. From the Configuration tab, select the email protocol you will use. Four protocol options are supported:
   1. Microsoft 365,
   2. SMTP - Basic authentication, encrypted,
   3. SMTP - No authentication, encrypted,
   4. SMTP - No authentication, no encryption.

For most customers the choice is simple. Choose Microsoft 365 if you use this product or choose SMTP - Basic authentication, encrypted if you do not. The other two options would likely only be used in special cases such as a development or test server.

Image

SMTP protocol settings

The options are similar for all SMTP protocol options.

Many email services disable SMTP by default. Check with your provider to confirm their necessary settings to support SMTP.

• SMTP server address - The address provided by your email provider, like smtp.gmail.com, smtp.emailsrvr.com, etc.
• SMTP server port - The TCP port needed to communicate with your email server. SMTP generally uses port 25 for unencrypted messages and 587 for encrypted messages. Please check with your email server, internal firewall and network System Administrator for more details. Some email servers may support port 465 for encrypted messages. This port is used for implicit encryption. FileHold only supports explicit encryption as described in RFC3207 used with port 587.
• User/password - The user and password for the email account.

If you are using Google for email, the following may be helpful. https://support.google.com/a/answer/176600

Microsoft 365 protocol settings

You will need to configure your Microsoft 365 tenant to enable sending email using the Graph API.

• Client ID - Your Microsoft 365 client ID.
• Tenant ID - Your Microsoft 365 tenant ID.
• Certificate - The PFX file with the public and private certificates you created for authenticating your email connection that matches the public certificate in the CER file that you loaded to your Microsoft 365 account. When there is no value in this field, you can press the button on the right to select a file. If a certificate has alrady been loaded, you will simply see a message "Certificate is loaded". Press the X on the right to clear the certificate if you would like to load a new one.
• Certficate password - The password you used to encrypt your certificate when you created it. The eyeball icon is a button that will toggle between hidden and visible password text.

Treat the certificate and certificate password as you would for any password.

Settings for all protocols

• Reply-to email address - This email address will appear as the reply-to in the email messages that are sent. If this address is different from the email address associated with the account, you will likely need to configure permission for sending emails with this reply-to address in your email server.
• Use this reply address only for system generated emails - Check this box if users will be sending email from the FileHold email client and you would like their personal email address to appear as the reply-to email. See the notes above about permissions necessary to send email using a different address.

This check box is a convenient way of setting the managed option Email.FromGlobalUser. It is subject to the caching rules associated with all managed option changes.

3. Click Save at the bottom of the page.

Testing the email configuration

The testing tab provides a tool for confirming that your configuration is correct.

1. Enter the destination email address where the test message should be sent.
2. Add an option test message body. This will be sent in addition to the system generated email body.
3. Press Send test message.

If there are no issues with the configuration, the recipient in step 1 should receive an email. If not, an error message will be displayed and logged. The last 10 test messages will be displayed. If an error occured you can press Show error details to see the original error message. These messages are typically sent by the configured email server and usually are due to a misconfiguration in the email server.

Configuring Microsoft 365

To use the Microsoft Graph API, you need to register the FileHold application in Entra ID. Authentication requires a reference to a dedicated Azure application that has the appropriate permission. This needs to be done in the Azure portal by an Azure user with sufficient rights.

Start with registering your app by following the steps below:

The person completing the application registration process needs to be an Azure Administrator with sufficient privileges.  If you have already created an App Registration for use with an external identity provider or Teams 365 with FileHold then you can continue to configure that App Registration for Microsoft 365 email using Graph.

1. Open your Azure Portal.
2. Navigate to the App registrations page.
3. Click New Registration to display the Register an application page.
4. Enter an application name in the Name field.
5. Select Accounts in this organizational directory only as the supported account type.
6. Click Register.

For more information on registering an application in Azure, see Microsoft's documentation or Microsoft's authentication documentation.

Adding permissions

Next, from the application's page, add permissions to the web API by following the steps below:

1. Click API permissions.
2. Click Add a permission.
3. Click Microsoft Graph.
4. Select Application Permissions.
5. Select the following options from the Application Permissions section:
   • Mail – Mail.Send, Mail.ReadWrite
   • User – User.Read.All
6. Click Add Permission.
7. Click Grant Admin Consent and then click Yes.

Authentication certificate

Email authentication works by placing a matching certificate on the FileHold server and in your application definition for FileHold. This certificate can be created on any workstation. You do not need to acquire a certificate from a third party.

Creating a certificate

There are many ways to create a certificate. You need one certificate in two different formats. CER with the public key for Azure and PFX with the public and private keys for FileHold.

In the following example, you can open a Powershell prompt and execute the following statements to create a 1 year certificate in both formats. You can change the subject, length of time, password, etc. to your local requirements.

# Create a self-signed certificate
$cert = New-SelfSignedCertificate -FriendlyName "FileHold email" -Subject "localhost"
# Export the public key to a CER file
Export-Certificate -Cert $cert -FilePath C:\azurecert.cer
# Export the public and private keys to a PFX file
$mypwd = ConvertTo-SecureString -String "mypassword" -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath "C:\filehold.pfx" -Password $mypwd

Use the procedure below to add the CER certificate to Azure and the procedure in the FileHold email configuration tab to add the PFX certificate to FileHold.

Upload your CER certificate to Azure

1. Open your Azure Portal.
2. Navigate to the App registrations page.
3. Navigate to Manage > Certificates & secrets.
4. Click Certificates.
5. Click Upload certificate.
6. Click Upload a certificate and select the certificate containing the public key. C:\azurecert.cer in the example above.
7. Click Description and provide some descriptive text such as "Email Certificate".