The <accountSettings> section has the following functions:
- To specify which email addresses/domains are permitted to use mkryptor.
- To specify whether outbound messages should be delivered directly to the recipient mail server or via an SMTP relay/smart-host.
- To specify any authentication requirements for connection to an SMTP relay/smart-host.
- To specify if a ‘known facts’ database is to be used
The accountSettings section may consist of one or more <accountSetting> elements. For example,
<accountSetting email="*@company.com" host="" port="25" authType="None" encryption="None"
username="" password="" databaseId="2" direction="external" />
<accountSetting email="*@company.com" host="mail1.company.com" port="25" authType="Auto"
encryption="SSL" domain="company.com" username="John.Doe" password="P@ssw0rd"
databaseId="2" direction="internal" />
The <AccountSettings> can also be configured using the mkryptor configuration manager GUI. All relevant settings can be found on the Mail Out tab:
If a ‘host’ has been specified then you can set the authentication method required to connect to the host.
Available options are:
Specifies which Known Facts database to use for the matching ‘email’ sender address(es)..
Must match a valid Database ID from the DatabaseSettings Section.
If blank, no database will be used and all known facts must be specified inline or attached to the email.
It is possible to have different host settings depending on if the email is going to an external recipient or an internal recipient. This is useful in combination with the ‘trusted’ attribute (above), to ensure that replies get passed directly to an internal host, over a secure network.
Available values are:
If an ‘authType’ of “NTLM” has been specified then you will need to supply a windows Domain here.
This attribute is not used for any other authTypes.
|Serves to limit which senders can use mKryptor. Specified as an email address. Any messages received by mkryptor from a sender that does not match at least 1 ‘email’ attribute will be rejected;
Business and Enterprise editions accept both * and ? wildcards before the @ symbol. This allows an entire domain to be specified at once. E.g:
Note:wildcards after the @ are not allowed. E.g., *@*.domain.comwould be invalid.
Personal edition does not allow wildcards. This means that exact addresses must be specified. Up to 5 full addresses are allowed in Personal edition. This is because people often have accounts with multiple email providers. E.g:
Only 1 email address/domain can be specified per accountSetting element. All settings specified in the other attributes of the same accountSetting element will apply to this address only.
It is possible to have one setting for a whole domain, but override the settings for specific users of the domain. To do this you would specify 2 (or more) accountSetting elements and specify the email address(es) that each element refers to.
The best reason for this would be if you had one special user that required their own known facts database. As an example let’s say company.com uses mkryptor for all their staff and has a known facts database that all staff use, except the accounting department, who wish to use a different known facts database with extra facts in. In this example you would create 2 accountSettings elements, one for the general users and one for the accounts mailbox. E.g:
<accountSetting email=”*@company.com” databaseid=”1” />
<accountSetting email=”firstname.lastname@example.org” databaseid=”2” />
Note: Mkryptor will always use the closest matching setting available, so the sender ‘email@example.com’ would match the accountSetting element for email=”firstname.lastname@example.org” and ignore the settings for email=”*@company.com”.
If a ‘host’ has been specified then you can use this attribute to specify the level of encryption that should be used to connect to the ‘host’.
Valid options are:
IP address or FQDN of an SMTP relay
Specifies that all messages for the matching ‘email’ should be sent to the specified SMTP relay for onwards delivery.
If left blank, messages will be delivered directly to the recipients’ mail server (using DNS)
If an ‘authType’ other than “None” has been specified then you will need to supply a password here
If a ‘host’ has been specified, then you can set which TCP port to connect over. Default is port 25 if left blank.
Popular ports are:
|Trusted||[Optional – default “false”]
This setting is only relevant for secure replies.
If set to “true”, mkryptor will treat your internal network as a secure network, and will automatically decrypt replies for you. The replies will turn up in the sender’s mailbox as a standard email message.
If set to “false”, mkryptor will encrypt replies into a secure PDF. The sender will have to use their ‘ReplyPassword’ to open and read the reply.
If an ‘authType’ other than “None” has been specified then you will need to supply a username here