Configuring Mail Server

Vulnerability Manager Plus has an option to send a notification by email when the patches are downloaded and are ready to be installed. Email Alerts are also sent for notifying the Inventory related events. To send email, the mail server has to be configured. Mail Server Settings can be configured in two ways:

  • OAuth Authentication
  • Basic Authentication

OAuth Authentication

OAuth is a standard authorization protocol that uses web tokens instead of passwords to allow delegated access to a protected resource. OAuth allows limited access to the users data, that is, the ability to share data for users without disclosing personal information. Therefore, we can choose to configure using OAuth authentication for sending mails from Vulnerability Manager Plus server securely.

How to Configure OAuth Authentication for Mail server?

  1. To configure OAuth Authentication, 

    • Navigate to Admin tab->Mail Server Settings.

    • Choose OAuth under authentication type.  

    • Specify the name and port of the mail server. 

    • Provide the name of the sender, along with the sender's mail address and a test mail address. 

    • Choose the email type. (Note: SMTPS is recommended since the connection to the mail server is encrypted.

    • Enable TLS if required. 

    • Obtain Client ID, Client Secret, Authorize URL, Access Token URL and Scope from the authorization server using the Redirect URL. 

    • You may choose to connect to the authorization server using a proxy if required. 

    • Click Save. The user consent window of the mail server pops up.

    • Enter your login credentials and consent to the permissions requested.

    • You have configured OAuth authentication for mail server successfully. 

Basic Authentication

  1. Click the Admin tab to invoke the Admin page.

  2. Under Server Settings, click the Mail Server Settings link.

  3. Specify the name and port of the mail server.

  4. Email Type : Indicates the type of mail email despatching (For example: SMTP, SMTPS).

  5. TLS Enabled : Option to enable Transport Layer Security (TLS).

  6. If it requires authentication, select the Requires Authentication check box and specify the user name and password.

  7. Click Save to save the configuration.

Frequently Asked Questions

  • Why should I move to OAuth2.0? 
  • Google and Microsoft will soon withdraw basic authentication support for mail servers by 30 May 2022 and 1 October 2022, respectively. Therefore, it is advisable for users to switch to OAuth authentication.

  • What are the supported mail servers in OAuth?
  • We have tested OAuth authentication with Microsoft Outlook(office365) and Gmail(Gsuite).

  • Can I configure OAuth for an existing mail account? 
  • Yes. You can configure OAuth for an existing account. 

  • What is Redirect URL and where should I configure it?
  • Redirect URL or Reply URL is the URL to which the Authorization Server sends confidential response data. Copy-paste the Redirect URL to the application details in the Authorization Server and save it.

  • On clicking Save, I am getting an error stating "Redirect URL or reply URL invalid/mismatch". What should I do?
  • Check if you have added the application server's redirect URL to your authorization server's list of redirect URLs. Ensure that you have saved the settings.

  • What will happen if my access token expires?
  • When your access token gets expired, a new access token will be automatically generated using the refresh token.

For more details on configuring mail server settings using Gmail Account, visit this page.

To learn more about configuring Office 365 in mail server settings, click here.