SMTP
Settings > System Settings > Application Settings > Email and Notifications > SMTP
Kion sends in-app notifications as well as email notifications for specific operations in the application. In order for the application to send email notifications, you must configure an SMTP server.
Since these configurations change the application for all users in your organization, these settings can only be changed by users with the Global Manage Kion System Settings permission.
Requirements
To configure Kion to send emails from your corporate SMTP server, you will need the following information:
- The FQDN, Hostname, or IP address of your SMTP server.
- The port that will be used to connect to the SMTP server.
- The from email address, from which Kion emails will be sent.
- Credentials for your SMTP server (if your SMTP requires authentication).
It is likely that your corporate mail or firewall administrator will need to whitelist the IP address(es) of your Kion installation. The exact IPs depend on your network configuration, but the most common will be the elastic IPs associated with your private subnet's NAT gateways.
Configuring SMTP
- Host. Enter the FQDN, IP address, or hostname of the SMTP server.
- Port. Enter the port to use to communicate with the SMTP server. Typically, SMTP ports are 25, 465, 587, 2525, and 2587.
- From. Enter the email address you want messages to be sent from. Ensure you have permission to send from this email address if you are using AWS SES.
- Username. Enter the username to use when authenticating with the SMTP server.
- Password. Enter the password to use when authenticating with the SMTP server.
- Skip SSL Verification (not recommended). Do not verify the server's SSL certificate before communicating.
AWS SES Password Rotation
There are 2 options for Updating/Rotating the Kion SMTP password for SES setups.
Options:
New SMTP User:
In the AWS Account where SES is set up, go to SES -> SMTP settings.
Create a new SMTP user using the "Create SMTP credentials" in SES setup:
OR
Generate new IAM User Password:
Using the Python script below to generate a new IAM Password for the SMTP User using a new Access Key Secret:
Create a new Access Key for the configured SES SMTP IAM User.
In IAM find the User linked to the SES setup.
Go to "Security credentials" and select "Create access key".
Choose "Other"
Enter a Description
Create access key
Store the created Access Key and Secret Access Key.
- In the same AWS Account, open the AWS Cloud Shell to generate the new password using the Python script below.
- If you are using a differnet region endpoint in Kion's SMTP settings then you will need to update the script accordingly. The region us-east-1 is already in the script.
- Example:
email-smtp.us-east-2.amazonaws.com=us-east-2
- Example:
- The script will prompt for the IAM User Access Key Secret to generate a new password.
- This is the "Secret Access Key" from Step 1 Above.
- Update Kion's SMTP settings:
- Username = The new Access Key ID.
- Password = The password generated from the Python script.
python3 - <<'PY'
import hmac, hashlib, base64
def sign(key: bytes, msg: str) -> bytes:
return hmac.new(key, msg.encode("utf-8"), hashlib.sha256).digest()
def smtp_password_from_secret(secret_key: str, region: str) -> str:
version = b"\x04"
date = "11111111"
service = "ses"
terminal = "aws4_request"
message = "SendRawEmail"
k_date = sign(("AWS4" + secret_key).encode("utf-8"), date)
k_region = sign(k_date, region)
k_service = sign(k_region, service)
k_terminal = sign(k_service, terminal)
k_message = sign(k_terminal, message)
return base64.b64encode(version + k_message).decode("utf-8")
# Hardcoded to your region
region = "us-east-1"
# Visible input (NOT hidden)
secret = input("Enter IAM Secret Access Key: ").strip()
print("\nDerived SES SMTP password for use in Kion:\n")
print(smtp_password_from_secret(secret, region))
PY