This is one of two pages discussing different ways to configure a computer to send email from the CUDN without encountering problems. They discuss the choice of outgoing SMTP server, and some implications of our security policies. They are concerned only with outgoing mail (SMTP) settings and not with incoming mail (IMAP or POP).
Information for individual users, covering:
- Hermes users
- Using other addresses with Hermes
- Users of college or department email systems
- Sending email from home or when travelling
- Users of non-University mail systems
is found in this page.
The sections on the other page cover email sent manually by individual users. It is also common for email to be sent in a way which is not manual, or which is not associated with a particular individual. This includes:
- Email from college or department email servers which provide service to many people;
- Email sent from a form on a web server, or some other multi-user application;
- Email from networked photocopiers, scanners, printers etc.;
- Email sent by automated jobs, such from the "cron" program on Unix.
Some examples from the Computing Service's own systems include email from the help-desk ticket system and from nightly maintenance jobs on many of our computers.
In all these cases, email should be sent via the smart host
ppsw.cam.ac.uk port 25, without TLS or authentication, unless arrangements have been made to send directly to the public Internet.
If you have a device which requires an IP address to send email to, or which cannot use the DNS correctly, you can use 18.104.22.168. This IP address behaves the same as
ppsw.cam.ac.uk, but it is static whereas
ppsw.cam.ac.uk's IP addresses change. Please do not use this IP address unless absolutely necessary - use
ppsw.cam.ac.uk if possible.
If the volume of email from a computer is likely to be large - peak rates of more than 60 messages per hour - you should contact us so that we can ensure that our rate limiting system doesn't interfere. For more information, see bulk email and rate limiting.
Restrictions on sending email
Although we don't restrict your choice of email address, the central email systems are quite strict about it being technically correct. This is to ensure that if there is an error it is detected as soon as possible, and that if a message cannot be delivered its sender gets a failure report. Furthermore, we require that email domains within Cambridge are registered in the DNS with an MX record; a
cam.ac.uk host name may not be used in an email address (see Managed mail domains). We are happy to provide advice on configuring your software to work with these rules.
The maximum size of messages sent via
ppsw.cam.ac.uk is 100MB. Note that binary attachments must be encoded which increases their size by 1/3, so the maximum size of un-encoded binary attachments is about 70MB. The message size limit for Hermes is smaller: 50MB, which gives a maximum un-encoded attachment size of about 35MB.
The CUDN routers block port 25, which is the port used to send email between organizations across the Internet. This means that computers on the CUDN cannot send email directly to computers outside the University, but must instead send it via a message submission server (SMTP server) or smart host as described in the preceding sections. This block helps us to ensure that email from the University is of a reasonably good quality, from the point of view of conformance to technical standards. In particular, it makes it considerably harder for insecure computers on the CUDN to be exploited to send spam or viruses.
There is also a mechanism to limit the rate of outgoing email in order to protect the central email systems against the consequences of spews of junk email sent through
ppsw.cam.ac.uk. Although this mechanism should not affect normal email, it may affect bulk email, so you should contact us if you need to send a lot of email. We will be happy to adjust the limits to accommodate your requirements. There is more information about the rate limiting system.
Finally, the central email systems filter outgoing email for viruses and other potential security problems. This includes certain file types that may include executable code. You can avoid the file type restrictions by zipping files before sending them as email attachments; this also reduces the size of the message. The scanner is documented at the central email scanner.
Institutions that wish to impose their own restrictions on sending and receiving email should configure their firewalls as follows:
- Allow connections to and from 22.214.171.124/27 (and 2001:630:212:8::e:0/112 if you use IPv6) which are the address ranges used by the central email systems, including
- Allow outgoing connections to anywhere on ports 110, 143, 465, 587, 993, 995 which are used by roaming MUAs.
- Do not use host names to configure any blocks, since this causes problems when the DNS changes.
Beware of firewalls built in to anti-virus software which can interfere with sending email.