Back to the main page

OCI Email Delivery service

Intro

This page explains how to send an email using OCI Email Delivery service. This has been successfully tested with certain condition (who sends and from where), your case may be different!?

Email Service components

Approved sender

You must set up an approved sender for all "From:" addresses sending mail via OCI or mail will be rejected. An approved sender is associated with a compartment and only exists in the region where the approved sender is configured. That is, if you create an approved sender in the Phoenix (PHX) region, you cannot send email through the Ashburn (IAD) region.
Best Practice: Approved senders should not be created in the root compartment.

Hamburger menu (for specific region) - Email Delivery - Email Approved Senders - Create Approved Sender - first.last@domain.com

SPF authentication

The Sender Policy Framework (SPF) is method to prevent sender address forgery. The SPF protects the envelope sender address, which is used for the delivery of messages.

Compare this with traditional post office mailing. The sending address on an envelope is who sending it (say your friend), and it's also return address. But when you open envelope, letter inside can read that it's sent from someone else who want to sell you something. This means that unknown person/seller somehow "stole" your friends address and using it now. So SPF will try preventing forgery of your friends address.

For approved sender, select " View SPF ".

Email configuration

SMTP Sending Information

Server Name: smtp.us-ashburn-1.oraclecloud.com (this is Regional SMTP endpoint, used in this test)
Port: 25, 587 (Email Delivery supports TLS on port 25 or 587)
Use Transport Layer Security (TLS): Yes

Suppresion list

You can manually add an email address to the suppression list to prevent it from being part of your sending list.

SMTP credentials

An email sender (OCI user) will need to have SMTP credentials in order to authenticate to OCI SMTP server (SMTP endpoint) and sends an email.

To create credentials, go to :

Identity - Users -User Details - SMTP Credentials

After creating credentials, save username and password. The password cannot be recovered if not saved here.

The local account (member of tenancy admin group) is used for creating SMTP credentials. Likely SMTP credentials of a federated (SSO) account can be used, but that account must have certain privileges, otherwise emails fails with error like "471 Authorization Failed: Envelope From Address 'user' not authorized

Sending email

Sending email was successfully tested from OCI instance and from a host on external public network.
One test is with swaks (Swiss Army Knife SMTP, the all-purpose smtp transaction tester).
 

$ swaks -tls --header "Subject: This is test email" \ --server smtp.us-ashburn-1.oraclecloud.com:587 \ --from <approved-sender> \ --to <recipient-email> \ --auth-user '<oci_id_for_user_smtp_cred>' \ --auth-password '<'smtp_cred_password>' \ --body "some email body, oci email test"

And expect to see:
 

=== Trying smtp.us-ashburn-1.oraclecloud.com:587... === Connected to smtp.us-ashburn-1.oraclecloud.com. <- 220 smtpf6-ad1-02-usashburn1.oci.dynback.net ESMTP smtp-in -> EHLO .oraclevcn.com <- 250-smtpf6-ad1-02-usashburn1.oci.dynback.net <- 250-STARTTLS <- 250 Ok -> STARTTLS ..shortened .. <~ 250 Ok ~> QUIT <~ 221 Bye === Connection closed with remote host.

The second test is with mailx command.
 

$ echo "oci delivery test from myself" | \ mailx -v -r <approved-sender> -s "OCI Ashburn test from myself" \ -S smtp="smtp.us-ashburn-1.oraclecloud.com:587" \ -S nss-config-dir="/etc/pki/nssdb/" \ -S ssl-verify=ignore \ -S smtp-use-starttls \ -S smtp-auth=plain \ -S smtp-auth-user="<smtp-cred-username>" \ -S smtp-auth-password="<smtp-cred-password>" <recipient-email>



Back to the main page