Changing SMTP User when sending E-Mails

Go to solution
benjamin_exner
Tera Expert

‎07-09-2024 05:47 AM - edited ‎07-09-2024 05:48 AM

 

Hello ServiceNow community,

 

My company is facing an issue in ServiceNow due to the current SMTP setup and I wanted to ask for your opinion.

 

Our setup:

 

We have multiple domains that we want to use from Service Now.

 

We have managed to create an application in our Microsoft space that has application access so it is not restricted to a single user and would be able to send to literally anyone, but we have restricted it to 4 addresses/mailboxes (in total it will be around 6).

 

service@domain1

servicedesk@domain1
service@domain2
service@domain3

 

Each of our notifications will have the From field set to the user for each mailbox.

 

In SMTP we have a normal setup as explained here and we use oauth2.


Now the problem:
I need to change the username for each notification used. Or rather I would need the SMTP to use the From field provided by the notifications.

 

What I tried:
1. If I manually change the username inside the SMTP, the sending works with multiple domains.
2. If I add a script inside the notification that changes the SMTP username, this also works BUT if we have a huge amount of mails going out at the same time, it breaks (I expected this as I believe my approach is far from best practice).

 

Is there any way to achieve the suggested change or is it completely bad practice to do this in the email area?

 

I should add that I have a different approach, but it would cost us extra money and would mean implementing an additional system, which I would like to avoid if possible.

 

I hope this question is in the right place and if you have any further questions, please do not hesitate to ask.

Any help would be greatly appreciated.

 

Best regards

Benjamin

0 Helpfuls
  • 1,787 Views
1 ACCEPTED SOLUTION

Go to solution
benjamin_exner
Tera Expert

‎07-25-2024 08:07 AM

Hi all,

 

we have been doing a bit of testing and stumbled upon a solution that fitted our need and I would like to explain it here to a) maybe get opinions and b) help others who are running into the same problem.

 

So in general we send mails with Microsoft and in Microsoft you can grant application rights. This is what we have done on our Microsoft side and on top of that we have created 3 shared mailboxes from which we want to send mails. This is the Microsoft part of the story.

 

The ServiceNow part of the story is now solved and works with 2 items:

An SMTP account using oauth. The only problem, as explained above, is that ServiceNow always requires a username, even though our application has application rights, ServiceNow still requires it.
To solve this, we work with a business rule that changes the SMTP username. To do this, I use the script part of the business rule and simply change the username with a simple if else.
As I was not sure if this solution would be fast enough, I also added the same script to the notifications we send out. Further testing will show if we need to keep them or not. I would like to get rid of it if possible.
As we wanted to work with shared mailboxes and only those, we also had problems on the IMAP side of things.
This was very easy to fix as we just followed this documentation ->Product Documentation | ServiceNow


We tested this approach and triggered 30 different emails to the 3 different addresses in parallel. The speed was really good and all the mails were sent with the correct headers, so no spoofing.

 

If you are running a similar setup, please note that you would also have two other options, at least from what we stumbled across, but they were not an option for us:

 

  1. Amazon SES.
    1. Using and paying for Amazon SES is a solution and currently the fastest approach I would say BUT you pay extra.
  2. Exchange Server (not Exchange Online)
    1. If you still have a machine with Exchange you can set up similar rules to Amazon SES. Unfortunately our company has decided to move to Exchange Online and we have not found a solution there :-/.


I still appreciate any feedback as we are quite new to ServiceNow and like to learn a lot and of course if you want to see the script I can add it but it is really not that complex to be honest.

 

Regards and have a nice day

Benjamin

View solution in original post

5 REPLIES 5

Go to solution
benjamin_exner
Tera Expert

‎07-25-2024 08:07 AM

Hi all,

 

we have been doing a bit of testing and stumbled upon a solution that fitted our need and I would like to explain it here to a) maybe get opinions and b) help others who are running into the same problem.

 

So in general we send mails with Microsoft and in Microsoft you can grant application rights. This is what we have done on our Microsoft side and on top of that we have created 3 shared mailboxes from which we want to send mails. This is the Microsoft part of the story.

 

The ServiceNow part of the story is now solved and works with 2 items:

An SMTP account using oauth. The only problem, as explained above, is that ServiceNow always requires a username, even though our application has application rights, ServiceNow still requires it.
To solve this, we work with a business rule that changes the SMTP username. To do this, I use the script part of the business rule and simply change the username with a simple if else.
As I was not sure if this solution would be fast enough, I also added the same script to the notifications we send out. Further testing will show if we need to keep them or not. I would like to get rid of it if possible.
As we wanted to work with shared mailboxes and only those, we also had problems on the IMAP side of things.
This was very easy to fix as we just followed this documentation ->Product Documentation | ServiceNow


We tested this approach and triggered 30 different emails to the 3 different addresses in parallel. The speed was really good and all the mails were sent with the correct headers, so no spoofing.

 

If you are running a similar setup, please note that you would also have two other options, at least from what we stumbled across, but they were not an option for us:

 

  1. Amazon SES.
    1. Using and paying for Amazon SES is a solution and currently the fastest approach I would say BUT you pay extra.
  2. Exchange Server (not Exchange Online)
    1. If you still have a machine with Exchange you can set up similar rules to Amazon SES. Unfortunately our company has decided to move to Exchange Online and we have not found a solution there :-/.


I still appreciate any feedback as we are quite new to ServiceNow and like to learn a lot and of course if you want to see the script I can add it but it is really not that complex to be honest.

 

Regards and have a nice day

Benjamin

Go to solution
camerongo_ph
Kilo Contributor
In response to benjamin_exner

‎10-02-2024 06:01 AM

Out of curiosity, you mentioned using Amazon SES, how would that solution work? I haven't found that mentioned elsewhere so far.

0 Helpfuls

Go to solution
benjamin_exner
Tera Expert
In response to camerongo_ph

‎10-02-2024 06:29 AM - edited ‎10-02-2024 06:30 AM

Hi @camerongo_ph ,

 

Amazon SES would mean th following:

  1. You follow the Set-Up from Amazon SES for a sandbox or production Setting up Amazon Simple Email Service - Amazon Simple Email Service
    1. Unfortunately I did not do this, our Microsoft/Outlook people did, so I ended up with a finished account.
  2. Now you create the SMTP email account in ServiceNow and it could look like this (see attached image)
  3. What you also need to do in ServiceNow is change the notification and add a From and a Reply To.
    1. ServiceNow uses this for the Sendout.
  4. In Amazon you will also need to have the emails added and validated so that you own them. This should be explained in the setup process in point one.

 

Once you have all that in place and you send an email, ServiceNow will tag it with the correct address, authenticate with Amazon and just send it. We have not seen any spoofing or other spam indicators, so if the extra money is not an issue, this process is easy and spam proof I would say. For example, we eventually managed to do it with Microsoft, but it required additional scripting and I'm not sure how future proof it is.

 

I hope this helps, but if you have any further questions feel free to DM me :-).

 

BR

Benjamin

Preview file
20 KB
0 Helpfuls

Go to solution
camerongo_ph
Kilo Contributor
In response to benjamin_exner

‎10-02-2024 07:30 AM

Definitely helpful, thank you! I'd used SES using their API interface, but didn't realize it could be used as an SMTP relay as well, which is interesting. I'm still exploring options, but this is a helpful overview of the handful of options available.

0 Helpfuls