Configure SMTP Setup
Tableau Server can email server administrators about system failures, and email server users about subscribed views and data-driven alerts. First, however, you need to configure the SMTP server that Tableau Server uses to send email. After configuring SMTP, complete the steps to configure notifications (Configure Server Event Notification), then when you start or restart the server, it will trigger an email notification, which confirms that you have set up notifications correctly.
Configuring SMTP requires that you restart Tableau Server services.
Secure SMTP
To enable and configure TLS for SMTP, you must use the TSM CLI as described in this topic. Tableau Server only supports STARTTLS (Opportunistic or Explicit TLS).
If your organization does not use public certificates for verifying TLS connections, then you can upload a private certificate to Tableau Server to verify trusted connections. For more information, see the tsm security custom-cert add command.
You may also configure SMTP TLS for encryption-only by disabling the certificate validation process. For more information, see the section, Configuration file reference,in the Use the TSM CLI tab below.
-
Open TSM in a browser:
https://<tsm-computer-name>:8850. For more information, see Sign in to Tableau Services Manager Web UI.
-
Click Notificationson the Configuration tab and click Email Server.
-
Enter the SMTP configuration information for your organization:
-
Click Save Pending Changes after you've entered your configuration information.
-
Click Pending Changes at the top of the page:
-
Click Apply Changes and Restart.
-
Run the
tsm email test-smtp-connection
to view and verify the connection configuration. See tsm email test-smtp-connection.
For the initial configuration of SMTP, we recommend that you use the configuration file template below to create a json file. You can also set any single configuration key listed below with the syntax described in tsm configuration set.
-
Copy the following json template to a file.
Important: The template below includes common options for most deployments. After you copy the template to a text file, you must edit the option values for your SMTP server requirements. You may need to remove or add options. See the reference section that follows for more information about all supported SMTP key options.
{ “configKeys”: { "svcmonitor.notification.smtp.server": "SMTP server host name", "svcmonitor.notification.smtp.send_account": "SMTP user name", "svcmonitor.notification.smtp.port": 443, "svcmonitor.notification.smtp.password": "SMTP user account password", "svcmonitor.notification.smtp.ssl_enabled": true, "svcmonitor.notification.smtp.from_address": "From email address", "svcmonitor.notification.smtp.target_addresses": "To email address1,address2", "svcmonitor.notification.smtp.canonical_url": "Tableau Server URL" } }
-
Run the
tsm settings import -f file.json
to pass the json file with the appropriate values to Tableau Services Manager to configure Tableau Server for SMTP. Tableau Services Manager will validate the entity values. -
Run the
tsm pending-changes apply
command to apply the changes. See tsm pending-changes apply. -
Run the
tsm email test-smtp-connection
to view and verify the connection configuration. See tsm email test-smtp-connection.
SMTP CLI configuration reference
This table lists all of the options that can be used to configure SMTP with TSM CLI.
Option | Description |
---|---|
svcmonitor.notification.smtp.server
|
Address of SMTP server.
Example:
|
svcmonitor.notification.smtp.send_account
|
User name for SMTP account. |
svcmonitor.notification.smtp.port
|
Port number for SMTP server. The default is 25. |
svcmonitor.notification.smtp.password
|
Password for SMTP server account.
Example:
|
svcmonitor.notification.smtp.ssl_enabled
|
Specifies whether the connection to the SMTP server is encrypted. The default is false. |
svcmonitor.notification.smtp.ssl_required
|
If enabled, Tableau Server will refuse to connect to SMTP servers without using TLS.
The The default is false. |
svcmonitor.notification.smtp.ssl_check_server_identity
|
If set to true, Tableau Server will check the SMTP server identity as specified by RFC 2595(Link opens in a new window). These additional checks based on the content of the server's certificate are intended to prevent man-in-the-middle attacks. The default is false. |
svcmonitor.notification.smtp.ssl_trust_all_hosts
|
When using TLS, trust certificates from all mail servers, ignoring the validity of the certificate's chain of trust. By setting this key to true, TLS will be used only to encrypt the traffic to the SMTP host. The default is false. |
svcmonitor.notification.smtp.ssl_ciphers
|
The default and supported sets of cipher suites is defined by the version of JDK that is installed with Tableau Server. See the section below, TLS ciphers, for a list of supported and default ciphers. To update the cipher suites used by Tableau Server for SMTP TLS connections, enter a white space-separated list of cipher suites for this value. For example, |
svcmonitor.notification.smtp.ssl_versions
|
The default TLS versions enabled on this version of Tableau Server are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3. TLS version support is defined by the version of JDK that is installed with Tableau Server. Supported versions of TLS are To update the versions used by Tableau Server for SMTP TLS connections, enter a white space-separated list of versions for this value. For example, |
svcmonitor.notification.smtp.from_address
|
Email address that will send an notification if there's a system failure. The email address must have valid syntax (for example, ITalerts@bigco.com or noreply@mycompany), but it does not have to be an actual email account on Tableau Server. (Some SMTP servers may require an actual email account, however.)
Note: You can override the system-wide email address on a per-site basis. For more information, see What is a site. Example:
|
svcmonitor.notification.smtp.target_addresses
|
Email address to receive notifications. If email notifications are enabled, you need to include at least one address. Separate multiple addresses with commas.
Example:
|
svcmonitor.notification.smtp.canonical_url
|
URL of the Tableau Server. Enter http:// or https:// , followed by the name or IP address of the Tableau server. Used in the footer of subscription email.
Example:
|
TLS ciphers
The following is a list of TLS ciphers that are supported by the JDK that is included with Tableau Server. In this version of Tableau Server, all of these ciphers are enabled by default. You can specify a custom list of ciphers for your SMTP configuration by entering a white-space separated list with the option, svcmonitor.notification.smtp.ssl_ciphers
, as described in the table above.
TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 |
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
TLS_EMPTY_RENEGOTIATION_INFO_SCSV |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 |
TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 |
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 |
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
TLS_RSA_WITH_AES_128_CBC_SHA | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | TLS_AES_256_GCM_SHA384 |
TLS_AES_128_GCM_SHA256 |