SMTP Servers

If an application or server you manage is on the Columbia Secure Network and lacks SMTP authentication, use smtp.mail.columbia.edu. The default settings for this server are port 25 with SSL off. Do not use SSL-enabled when sending outbound on smtp.mail.columbia.edu.

If your application or server is currently NOT on the Columbia Secure Network or is presently using SMTP Auth with send.columbia.edu, please see the information below on moving to the new Secure Email Relay (SER) service.

We would like to inform you of an important update to our Secure Email Gateway policy. Effective immediately, only emails ending with "@columbia.edu" will be permitted through our gateway. This measure is part of our ongoing commitment to enhance the security of our digital communications.

If you need assistance please reach out to the CUIT Email Systems Team.

It's essential for users to comply with these settings to ensure uninterrupted email service and adherence to Columbia University's email system guidelines.

Configure your application to connect to SER

This document describes the requirements and expectations for applications that would like to use the campus Authenticated Secure Email Relay (SER) service.

  • Applications or devices must be capable of SMTP authenticated sending on port 25, 587 or 465 using a Username/Password
  • Supports TLS 1.2
  • Known Envelope From and Header From
    Note: The From address must be valid and Columbia University must be authorized to send as that address.
  • Messages less than 5MB in size
  • The authenticated relay is only available to systems or services that are under contract with Columbia University and sending email in support of Columbia University, Research or Administrative activities.
  • Follow the Columbia University System guidelines for Acceptable Use of Information Technology Resources.
  • Use of the service is explicitly prohibited for sending spam, phishing or email with offensive content.

You can request access to the authenticated secure email relay service using our Secure Email Relay Request Form. We will review your use case and determine whether it is a good fit for the SER service. Please be prepared to supply the following information:

  • Name of the School, College, Division, Group, or Service requesting credentials.
  • Columbia University Service Owner
  • Envelope From address(es) used in the mail messages.
  • Header From if it will be different from the Envelope From.
  • Name of the application or device that will use the credentials.
  • Who is the audience for the email sent from your application/service?

Once the form is submitted, we will contact you within 3 business days.

Once your request is approved you will receive an email with username/password and configuration information on how to set up your application.

The Authenticated Secure Email Relay service is provided by Proofpoint and we do not have direct access to the authentication logs. If you are unsuccessful in sending mail through Proofpoint SER you should validate the setup by checking the following:

  • Are connections being initiated via Ports 25, 465, or 587?
  • Is TLS v1.2 (or better) being used?
  • Are the authorized Envelope and Header FROM Addresses being used?
  • Is the email coming from the authorized IP(s)?
  • Are the emails too big? Messages must be less than 5MB in total size.
  • Is the software that is generating the email attempting to TLS-encrypt the SMTP connection with an unsupported cipher?
    Support Ciphers

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA

AES256-GCM-SHA384
AES128-GCM-SHA256
AES256-SHA256
AES128-SHA256
AES256-SHA
AES128-SHA
RC4-SHA
DES-CBC3-SHA
 

 

Any abuse of this service will result in removal of relaying privileges for the offending application.

If you have any questions or would like to discuss relaying options, please contact CUIT by calling (212-854-1919) or sending an email to [email protected].