Secure Mail Gateway

Introduction

With the “Secure Mail Gateway” (SMG), Relution offers the possibility to connect to an Exchange server without making it available on the internet. Relution works as a proxy for the communication via Exchange Active Sync (EAS). The use of SMG requires the availability of basic auth on the Exchange server. Modern auth is not supported.

It is recommended to configure the restrictions options only after the connection has been successfully tested to exclude possible errors. Once the connection has been successfully tested and one can work with the endpoints, the permissions can be configured accordingly.

Configuration of the Secure Mail Gateway

Exchange configuration

  • Exchange URL The address where the Exchange server can be reached.

  • Exchange Domain The corresponding domain of the Exchange server to be accessed.

  • All parameters under Permissions for enrolled devices Configure them at the beginning as it can be seen in the screenshot. A connection should be established first and the function tested before any restrictions are configured.

  • Permissions for unknown devices This function allows communication for unknown devices.

Technical overview

For exchange configurations using SMG, https://<Relution host>/Microsoft-Server-ActiveSync is configured as EAS endpoint. The exchange domain is set to the unique name of the corresponding organization. Relution uses the domain to identify the corresponding SMG settings.

If SMG is enabled and configured in these settings, the request headers DeviceId and DeviceType are evaluated to identify the device triggering the request. Depending on the SMG settings, if the device could be identified at all, and the properties and status of the device (see prior section), the request is denied or forwarded to the Exchange host configured in the SMG settings and the response is delivered back to the device. The domain is adjusted to the one configured in the SMG settings if present.

Hints

Password

Exchange and SMG use BasicAuth, here it is possible that account errors may occur on the end device when using special characters such as $ # / * ü ö ä and space.

To check this, a simple password consisting of letters and numbers should be used for testing.

macOS

MacOS uses the Exchange connection via EWS. However, the SecureMailGateway can only forward ActiveSync. Therefore, it is currently not possible to use macOS devices with SMG.