SMTP Servers

The send.columbia.edu SMTP cluster handles outbound mail from CUIT-managed systems. Individual users should use Lionmail or Microsoft 365 as described above.

Mail automatically generated by other kinds of devices or software is usually not handled on send.columbia.edu.

You should never store a username and password in software as a way to use send.columbia.edu. Please see the next section about mx.columbia.edu, and if you don't see how to accomplish what you need to do, please contact CUIT.

CUIT provides the mx.columbia.edu system as an SMTP server for a wide array of devices and software that need an SMTP server to send mail. Mail is accepted by mx.columbia.edu without SMTP authentication. The recipient address must end "@columbia.edu" or "@" another domain hosted by CUIT. No special permission is needed to use mx.columbia.edu. Any host on the Columbia's secure network. If you need to relay mail to outside addresses, please contact CUIT to make arrangements.

On the Morningside campus, you are not required to route outgoing mail through an SMTP server run by CUIT. If your computer has mail transport software, it is allowed to send mail directly to the destination. The SMTP servers are provided for software and devices that need the assistance of a separate SMTP server. If your application runs on a Linux host run by CUIT, use the host's own SMTP server . Configure the application to connect to localhost (literally the word "localhost") at port 587.

Configure your application to connect to SER

This document describes the requirements and expectations for applications that would like to use the campus Authenticated Secure Email Relay (SER) service.

  • Applications or devices must be capable of SMTP authenticated sending on port 25, 587 or 465 using a Username/Password
  • Supports TLS 1.2
  • Known Envelope From and Header From
    Note: The From address must be valid and Columbia University must be authorized to send as that address.
  • Messages less than 5MB in size
  • The authenticated relay is only available to systems or services that are under contract with Columbia University and sending email in support of Columbia University, Research or Administrative activities.
  • Follow the Columbia University System guidelines for Acceptable Use of Information Technology Resources.
  • Use of the service is explicitly prohibited for sending spam, phishing or email with offensive content.

You can request access to the authenticated secure email relay service using our Secure Email Relay Request Form. We will review your use case and determine whether it is a good fit for the SER service. Please be prepared to supply the following information:

  • Name of the School, College, Division, Group or Service requesting credentials.
  • Columbia University Service Owner
  • Envelope From address(es) used in the mail messages.
  • Header From if it will be different from the Envelope From.
  • Name of the application or device that will use the credentials.
  • Who is the audience for the email sent from your application/service?

Once the form is submitted, we will contact you within 3 business days.

Once your request is approved you will receive an email with username/password and configuration information on how to set up your application.

The Authenticated Secure Email Relay service is provided by Proofpoint and we do not have direct access to the authentication logs. If you are unsuccessful in sending mail through Proofpoint SER you should validate the setup by checking the following:

  • Are connections being initiated via Ports 25, 465, or 587?
  • Is TLS v1.2 (or better) being used?
  • Are the authorized Envelope and Header FROM Addresses being used?
  • Is the email coming from the authorized IP(s)?
  • Are the emails too big? Messages must be less than 5MB in total size.
  • Is the software that is generating the email attempting to TLS-encrypt the SMTP connection with an unsupported cipher?
    Support Ciphers

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA

AES256-GCM-SHA384
AES128-GCM-SHA256
AES256-SHA256
AES128-SHA256
AES256-SHA
AES128-SHA
RC4-SHA
DES-CBC3-SHA
 


 

Any abuse of this service will result in removal of relaying privileges for the offending application.

If you have any questions or would like to discuss relaying options, please contact CUIT by calling (212-854-1919) or sending an email to [email protected].