The Sureview SMTP Receiver uses STARTTLS Protocol Command on port 587.
Many devices send alarms as SMTP (email) messages to Sureview for it to decode.
This is achieved by providing the IP of the Sureview server as the "SMTP Server IP" in the device, causing the device to connect directly to Sureview to send the alarm message.
SMTP Alarm Device Setup
For individual device setup instructions always refer to the device's support page. This information is just a general guide for the most common use case only.
|SMTP Server IP/Host Address||The "SMTP Server Address" is set up on the device itself and tells it where to connect when sending Email/SMTP alarms. Normally this address will be your Sureview Server's EXTERNAL IP address. Please speak to your IT Team to confirm this information|
|SMTP Sever Port||The "SMTP Server Port" is set up on the device itself and tells it which port to use when sending Email/SMTP alarms. Normally this is port 25 however it can be customised, so check with your Internal Sureview Administrator and/or IT Team|
|TO & From Email Address||The email addresses tell Sureview what Site/Device the alarm is for. It is important that this is accurate as any mistakes could mean the alarm get's missed. The EMAIL address will use the "S" number that's created when you setup the site and device in Sureview . It will be normally in the format S#@SureviewAlarms.com (e.g. S123@SureviewAlarms.com).This number cane be queried from the database. Ask you SureView spport person for assitance.|
|Attached Snapshot||Where possible you will normally want the device to send a "snapshot" image or short video with the email. Not all image or video formats are supported. recommend testing to confirm (you can also asking SureView spport.|
Configuring The Receiver
The SMTP Configuration file is located at C:\Program Files (x86)\Immix Cloud\SmtpReceiver\SVSmtpReceiver.exe.config The following options are configurable:
This is the port that the receiver listens for incoming connections, blank = port 25. Add multiple ports by separating with a comma.
NOTE: If you fulfil this value with anything other than 25, port 25 will no longer be used.
|SmtpTimeout||"300000"||This is the timeout before the receiver will drop the connection after not receiving a response (in milliseconds).|
|TracePort||"16010"||This is the port which we trace the service from|
|LogInvalidIPs||"false"||If this is set to true then the receiver will log to the event log whenever a connection is received from an unknown IP Address.|
|LogIPAddress||""||Set the value to be a specific IP and the trace output will only show data from this IP source|
|CheckIPs||"true"||If this is true then the receiver will drop connections from unknown connections (if there is no Device in the Sureview which matches this connection)|
|DeviceDDLDir||"C:\Program Files (x86)\Immix Cloud\Devices"||The folder location of the integration DLLs|
|CheckImageOrientation||"true"||If enabled then the receiver will check the orientation of attached images.|
|DoNotLogUnknownServerIDs||"false"||If enabled then the receiver will not log to the event log when an email with an unknown server id is received.|
|DoNotRaiseUnknownServerIDs||"false"||If enabled then the receiver will not raise a system alert when an unknown server id is received.|
|AcceptedEmailsDomains||""||This option allows for the filtering of emails to only accept emails to or from the domains listed .|
|OnlyAcceptSAE||"false"||If enabled the receiver will only accept the following combinations of email addresses S#@, S#.A#@, S#.E#@, S#.A#.E#@.|
|SaveWithAttachments||"false"||To be used in conjuction with the "Save incoming emails to Filestore" system setting. Set this to "true" to save the raw attachment with the raw email data.|
Will check to see if the site is disarmed and if it is, will drop the alarm.
Exemptions: High priority, Log Disarmed, Always Raise
|TraceEmailContent||"false"||Whether to have the email body logged out in the service trace|
To minimize the number alarms being received from devices that are either not setup correctly or are not from a device that is not being monitoring in Sureview we recommend the following settings:
- CheckIPs is set to "True"
- OnlyAcceptSAE is set to "True"
- SMTP Port is set to "25, 587"
Additionally we highly recommend using AcceptedEmailsDomains function as a whitelist to restrict only traffic from servers and network that you are monitoring.
* Note: Some Load Balancers mask the source IP and so in these cases we recommend setting up a whitelist of your firewall.
Sending test emails
In this test you will be connecting to the SMTP alarm service on your Sureview server and sending an email.
NOTE: Due to IP Filtering, the IP address of your computer you are using to run this test will need to exist in the Sureview database or the server will reject your connection instantly. To do this just add a device of any type with your computer's IP address to Sureview.
- Open a command prompt
- Type telnet IPOrNameOfYourSureviewServer 25 and press enter, you should get a welcome message. NOTE: If you get disconnected at this point it is because your IP does not exist in Sureview and IP Fitlering is turned on.
- Type HELO and press enter.
- Type MAIL FROM: email@example.com and press enter.
- Type RCPT TO: firstname.lastname@example.org and press enter.
- Type DATA and press enter.
- Type any data you wish to appear in the body of the email and when you are done type [Return].[Return] (return key, dot, return key) to end the data input.
- Type QUIT and press enter to end the session with the SMTP server.
Sureview does not support "TLS" emails. Normally if a device attempts to send a TLS email it will detect that the server does not support it and revert back to standard email sending.
As this is not a "Real" SMTP server username/password authentication is not required. If force you can enter any username and password i.e. "user" and "pass" and the SMTP service will accept them.
Sending email/smtp alarms using a "real" email/smtp server
In some special cases you may want or need to use a real email server, in which case you must do the following:
- Purchase a real domain such as "mySureviewalarms.com" (you cannot use an existing domain if you are already using that for corporate email, because making the changes below will cause all of your corporate email to be sent to your Sureviewserver and be decoded as alarms)
- Add a DNS Host (A) record for your domain which points to the public IP of your Sureview server, such as Sureview.mySureviewalarms.com pointing to xxx.xxx.xxx.xxx (for more information on DNS refer to the DNS support page)
- Add a DNS Mail Exchanger (MX) record for your domain which points to your Sureview server hostname you set up in step 2, such as mySureviewalarms.com pointing to Sureview.mySureviewalarms.com
- Now any emails sent to [anything]@mySureviewalarms.com will translate to a real internet host and will be sent to your Sureview server. Therefore you can configure the devices to send emails to the address S#.A#@mySureviewalarms.com and your Sureview server will receive the alarms
Both of these cases are shown in this diagram:
Emails get 'lost' so can my alarms too?
As per the diagram above, the connection is a direct point-to-point connection from the device to the Sureview server. The email does not go around the internet from mail server to mail server and the message can only be lost if the connection from the device to the Sureview server is down.
Could Sureview be used as a spam relay?
As per the diagram above, Sureview decodes any emails it receives as alarms. It does NOT contain the ability to send any emails it receives on to other people.
Could Sureview get spammed?
Sureview performs IP filtering so it only accepts connections from devices that you have entered into Sureview. Connections from unknown IPs are rejected. As of version 18.104.22.168 the system also has the ability to filter unknown email addresses, this means that even if the Sureview system had IP filtering turned off, spam emails would still be rejected.
Please sign in to leave a comment.