skip to content

IT Help and Support

University Information Services

This is one of two pages discussing different ways to configure a computer to send email from the CUDN without encountering problems. They discuss the choice of outgoing SMTP server, and some implications of our security policies. They are concerned only with outgoing mail (SMTP) settings and not with incoming mail (IMAP or POP).

Other cases

The sections on the other page cover email sent manually by individual users. It is also common for email to be sent in a way which is not manual, or which is not associated with a particular individual. This includes:

  • Email from college or department email servers which provide service to many people;
  • Email sent from a form on a web server, or some other multi-user application;
  • Email from networked photocopiers, scanners, printers etc.;
  • Email sent by automated jobs, such from the "cron" program on Unix.

Some examples from UIS's own systems include email from the help-desk ticket system and from nightly maintenance jobs on many of our computers.

In all these cases, email should be sent via the smart host port 25, without TLS or authentication, unless arrangements have been made to send directly to the public Internet.

If you have a device which requires an IP address to send email to, or which cannot use the DNS correctly, you can use This IP address behaves the same as, but it is static whereas's IP addresses change. Please do not use this IP address unless absolutely necessary - use if possible.

If the volume of email from a computer is likely to be large - peak rates of more than 60 messages per hour - you should contact us so that we can ensure that our rate limiting system doesn't interfere. For more information, see bulk email and rate limiting.

Restrictions on sending email

All devices on the CUDN wishing to send mail via PPSW must be registered in DNS.

Although we don't restrict your choice of email address, the central email systems are quite strict about it being technically correct. This is to ensure that if there is an error it is detected as soon as possible, and that if a message cannot be delivered its sender gets a failure report. Furthermore, we require that email domains within Cambridge are registered in the DNS with an MX record; a host name may not be used in an email address (see Managed mail domains). We are happy to provide advice on configuring your software to work with these rules.

The maximum size of messages sent via is 100MB. Note that binary attachments must be encoded which increases their size by 1/3, so the maximum size of un-encoded binary attachments is about 70MB.

The CUDN routers block port 25, which is the port used to send email between organizations across the Internet. This means that computers on the CUDN cannot send email directly to computers outside the University, but must instead send it via a message submission server (SMTP server) or smart host as described in the preceding sections. This block helps us to ensure that email from the University is of a reasonably good quality, from the point of view of conformance to technical standards. In particular, it makes it considerably harder for insecure computers on the CUDN to be exploited to send spam or viruses.

There is also a mechanism to limit the rate of outgoing email in order to protect the central email systems against the consequences of spews of junk email sent through Although this mechanism should not affect normal email, it may affect bulk email, so you should contact us if you need to send a lot of email. We will be happy to adjust the limits to accommodate your requirements. There is more information about the rate limiting system.

Finally, the central email systems filter outgoing email for viruses and other potential security problems. This includes certain file types that may include executable code. You can avoid the file type restrictions by zipping files before sending them as email attachments; this also reduces the size of the message. The scanner is documented at the central email scanner.


Institutions that wish to impose their own restrictions on sending and receiving email should configure their firewalls as follows:

  • Allow connections to and from (and  2001:630:212:8::e:0/112 if you use IPv6) which are the address ranges used by the central email systems.
  • Allow outgoing connections to anywhere on ports 110, 143, 465, 587, 993, 995 which are used by roaming MUAs.
  • Do not use host names to configure any blocks, since this causes problems when the DNS changes.

Beware of firewalls built in to anti-virus software which can interfere with sending email.

Phone padded  Service status line: (01223 7)67999
Website  Sign up for SMS/email status alerts
Website  Read major IT incident reports

UIS bITe-size bulletin

A regular newsletter aimed at the University's IT community, highlighting service and project news from UIS.

Sign up >

Latest news

Your University GoogleDrive: 20GB quota limit from December 2022

19 January 2022

Google is replacing its G Suite for Education model licensing model in October 2022. As a result, there will be a new limit of 20GB on personal GoogleDrive spaces provided with G Suite@Cambridge accounts. If your GoogleDrive usage exceeds 20GB after 1 December 2022, your University account GoogleDrive will become read-only until your usage is brought below 20GB.

Moodle offline for upgrade during 06:00–12:00 on Tuesday 11 January

10 January 2022

Moodle will be unavailable from 06:00 to 12:00 on Tuesday 11 January while we upgrade it to version 3.9. During the upgrade, you won’t be able to view or upload sessions on Panopto because access is managed via your Moodle login. Assessment Moodle, ICE Moodle and Clinical School Moodle users will be unaffected. An outline...

HEAT authentication method changing to Azure on 13 January

7 January 2022

We're changing the authentication method for the IT service management system, HEAT, to Microsoft Azure on Thursday 13 January 2022. What is changing? You should continue to use the same URL for accessing HEAT: However, the 'Sign in' screen you'll be directed to will look slightly different,...