Loupe - Log - Monitor - Resolve
Loupe / Developer's Guide / For .NET Framework / For ASP.NET MVC / Agent Configuration / Through the Web.Config file / Developer's Guide - Email Configuration
In This Topic
    Developer's Guide - Email Configuration
    In This Topic

    The email section configures how the agent will communicate with an email server to send email.  This configuration is used by the Packager when it needs to send sessions via email. 

    Option Description Default Value Required
    server The full DNS name of the server to use for exchanging email "" false
    user Optional.  The user to authenticate to the server with.  If provided a password is required "" false
    password Optional.  The password to authenticate to the server with.  Only used if a user is provided. "" false
    port Optional.  The TCP/IP port to connect to the server on.  If not specified the default (25) will be used.  Set to zero to use the default 0 false
    useSsl When true any connection to the email server will be encrypted with Secure Sockets Layer (SSL) false false
    maxMessageSize Optional. The maximum size an email message can be when submitted to this server. If not specified then 10MB will be assumed. 10 false


    Email Configuration
    Copy Code
        <sectionGroup name="gibraltar">
        <section name="email" type="Gibraltar.Agent.EmailElement, Gibraltar.Agent" />
       <email server="smtp.mydomain.com" />

    Message Size

    Most email servers will limit the total size of a message and the total size of an attachment that can be received.  To work with this, Loupe supports splitting packages on session boundaries to fit within the maximum message size allowed.  If an individual session is larger than the max message size it will not be sent.  You can disable this by setting the maximum message size to zero, but this is not recommended.  Instead, find out the maximum size configured for your email server and use that value.

    Security Considerations

    In most cases you will end up needing to provide a user and password to authenticate to the mail server.  You should then be concerned about:

    1. Secure Connections:  If you do not use SSL to connect to the mail server then your user and password information will be sent over the network in the clear and be accessible to any packet sniffer between you and the server.
    2. Protecting Credentials:  You should determine to what degree you should protect the credentials as they are distributed with your application.  If you store them in the configuration file they can be read by anyone that can run your application.  If you compile them into your software then they are available to anyone that can use common tools like Reflector to check your code.  Even if they are stored encrypted, you'll have to provide the means to decrypt them with the application so they can be made available at runtime.

    In the end, the issue comes down to the level of effort you want to make someone have to go through to discover these credentials.


    The main recommendation we have is to set up a server account that can only be used to relay mail to the destination mailbox.  This type of configuration is supported by many systems and doesn't rely on credentials to protect information.  In essence, the account functions like a drop box where email can be sent to it but can't be retrieved. 

    If this is not feasible and you are going to ship your application into an unprotected environment you should use credentials provided in code from within the application.

    As an alternative look at the Loupe Server which has been designed with this secure drop box approach.  It's available both on a subscription basis (Software as a Service) and as a licensed component of Loupe.

    Where To Next?

    See Also