GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI MailEssentials
  2. GFI MailEssentials - Install/Uninstall/Migration/Upgrade
  3. Articles

Configuring the SMTP Relay in GFI MailEssentials 22

Overview

GFI MailEssentials 22.0 introduces a built-in SMTP Relay to eliminate dependencies on the legacy IIS SMTP server. This provides a modern, secure, and integrated approach to email processing.

This guide will help you:

  • Set up the SMTP Relay
  • Enable secure transmission (TLS/STARTTLS)
  • Verify correct operation
  • Troubleshoot common issues

Deployment & Initialization

When Is the SMTP Relay Installed?

The SMTP Relay is deployed automatically during installation if no existing SMTP server (IIS/Exchange) is detected.

If an IIS SMTP or Exchange server is already present, the SMTP Relay will not be installed.

How to Verify If the GFI SMTP Relay Is Active

On 64-bit Windows systems (e.g., Windows Server 2016):

  1. Open the Registry Editor (regedit)
  2. Navigate to: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\Config
  3. Locate the key: 
    use_local_smtp
    • 1 = Built-in SMTP Relay is active
    • 0 = IIS or Exchange SMTP is in use

Configuration Files & Folder Structure

Key Folder

All configuration and log files for the SMTP Relay are located at:

C:\Program Files (x86)\GFI\MailEssentials\smtprelay\

Configuration File

  • smtprelay.ini — Main configuration file

Executable

  • smtprelay.exe — SMTP Relay service executable

Essential Configuration Parameters (smtprelay.ini)

1. Listen – Server Address and Port

Specifies where the SMTP Relay accepts incoming connections:

listen = 0.0.0.0:25

For encrypted connections:

listen = tls://0.0.0.0:465 starttls://0.0.0.0:587 
local_cert = smtpd.pem local_key  = smtpd.key

2. allowed_nets – Authorized Networks

Controls which IP addresses are allowed to relay mail:

allowed_nets = 192.168.1.0/24 10.0.0.0/8
  • Use CIDR notation for network ranges
  • Separate multiple networks with spaces
  • Do not use "" in production — this allows any IP to relay

3. Mail Processing (webhook_url)

Do not modify this setting. It is required for MailEssentials to scan and process emails:

webhook_url = http://localhost/api/email/scan

4. remotes – Forwarding Destinations

Defines where scanned emails are forwarded:

Syntax:

remotes = <protocol>://[user[:password]@]host[:port][/sender][?options]

Supported protocols:

  • smtp:// – Plain SMTP
  • starttls:// – SMTP with STARTTLS
  • tls:// – SMTP over TLS (implicit)

Query parameters:

Parameter Description
auth=login Use LOGIN auth instead of default PLAIN
skipVerify Disable TLS certificate verification
recipient Filter based on recipient address (regex)

Examples:

remotes = smtp://mail.domain1.com:25 smtp://mail.domain2.com:25 smtp://smtp.outbound.com:25 remotes = starttls://user:pass@smtp.gmail.com:587 remotes = smtp://user:pass@server:25?skipVerify=true&auth=login remotes = smtp://user:pass@server:25/sender@domain.com remotes = smtp://user:pass@mail.internal:25?recipient=.*@internal\.domain\.com smtp://outbound.relay:25?recipient=.*@external\.com

Additional Configuration Options

Logging

logfile    = logs/smtprelay.log     # File path for logs (blank = stderr)
log_format = default                # Options: default, plain, json
log_level  = info                   # panic, fatal, error, warn, info, debug, trace

Security and Authentication

local_cert     = certs/tls.crt
local_key      = certs/tls.key
local_forcetls = true               # Require encryption on STARTTLS ports

allowed_users = /path/to/users.txt             # File with usernames and bcrypt passwords
allowed_sender = ^(.*)@yourdomain.com$         # Regex for valid FROM addresses
allowed_recipients = ^(.*)@yourdomain.com$     # Regex for valid TO addresses

Server Behavior

hostname         = mail.yourdomain.com   # Used in SMTP greeting
welcome_msg      = Welcome to SMTP       # Greeting message
max_connections  = 100                   # Max concurrent connections (-1 = unlimited)
max_message_size = 10240000              # Max message size in bytes (10MB default)
max_recipients   = 100                   # Max recipients per message

Timeout Settings

read_timeout  = 60s   # Socket read timeout
write_timeout = 60s   # Socket write timeout
data_timeout  = 5m    # Timeout for DATA command

Best Practices

  • Restrict allowed_nets to trusted internal networks only
  • Use TLS/STARTTLS for all external communications
  • Enable local_forcetls = true to enforce encrypted connections
  • If using authentication, ensure strong passwords and bcrypt encryption
  • Monitor smtprelay.log for activity, errors, and unauthorized access attempts
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Syed Haider

  2. Posted
  3. Updated

Comments