SynaMan » SynaMan KB

Document information

Document ID: 4949
Subject: Delegate Authentication in SynaMan's Embedded SMTP Server
Creation date: 6/27/16 4:15 PM
Last modified on: 11/6/18 2:49 PM

Authentication/Recipient Delegate

By specifying an Authentication Delegate, you enable SynaMan to query another SMTP server before it accepts incoming emails. The Delegated server is responsible for two things: authenticating user credentials (user id and password) and the recipients email address.

Benefits of using this feature

The Embedded SMTP Server in SynaMan allows companies to send and receive emails containing large attachments. As with any SMTP server, administrators have to specify:
  1. Valid domains and email addresses that are acceptable when receiving in-bound emails from the Internet
  2. List of valid user accounts that are allowed to relay through this SMTP server when sending out-bound emails to a recipient on the Internet
There are couple of ways to solve these problems:

Solution 1 Open Relay

One way to solve this problem is to run SynaMan as an open relay, which works for outbound emails but not for inbound. You do not want any SMTP server configured as an open relay facing the Internet.

Solution 2 Create local users in SynaMan

Creating local users in SynaMan is definitely better than opening the server for relay. However, it is a tedious task, particularly when you have hundreds and thousands of users.

A Better Approach Authentication Delegate

The Authentication Delegate feature in SynaMan's Embedded SMTP server has the ability to consult another SMTP server on your network to see if that will accept an email's recipient with or without authentication. Consider the following two scenarios. First for outbound emails and another for inbound:

Outbound emails Sent from a local user to someone on the Internet

Delegation to Exchange
The local user must use a user ID/password before sending messages to recipients outside your domain. By specifying your Exchange server as a delegate, SynaMan will consult Exchange when the user's email client checks for authentication. If Exchange accepts the credentials, so will SynaMan. Note that the actual email will NOT go through your Exchange. After authenticating the user through Exchange, email will get forwarded to your Spam filter.

Inbound emails Sent from a user on the Internet to a local user

Delegation to Exchange
When receiving messages from the Internet, SynaMan will accept or reject an incoming email based on the recipient's address. If you specify your MS Exchange server as the delegate, SynaMan will consult with Exchange before receiving any email from the Internet. In this case, Exchange is contacted twice:

  • First, to validate the recipient - no email is sent at this point. If Exchange rejects the recipient, so will SynaMan
  • After it has been processed and approved by the spam filter


SynaMan will communicate with your actual server (MS Exchange in the above example) to validate recipients and authenticate users but will not send any emails. Some SMTP servers may consider this as an attack and can block connections. Therefore, check the documentation of your email server to see if it treats this as an attack.

For example, if you are using Xeams as the Delegate, you will have to specify SynaMan as a gateway.

Steps to enable this feature

  • Login as admin to SynaMan's web interface
  • Click Configuration and then, Advanced Configuration
  • Select the tab for Embedded SMTP Server
  • Scroll download to the section for Authentication Delegate
  • Specify the host name or IP address of the SMTP server that can validate users and recipient's email address
  • Specify TCP/IP port and security mechanism

Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users?

Important: This area is reserved for useful tips. Therefore, do not post any questions here. Instead, use our public forums to post questions.


Social Media

Powered by