Configure SMTP Setup

Tableau Server can email server administrators about system failures, and email server users about subscribed views and data-driven alerts. First, however, you need to configure the SMTP server that Tableau Server uses to send email. After configuring SMTP, complete the steps to configure notifications (Configure Server Event Notification), then when you start or restart the server, it will trigger an email notification, which confirms that you have set up notifications correctly.

Configuring SMTP requires that you restart Tableau Server services.

Secure SMTP

To enable and configure TLS for SMTP, you must use the TSM CLI as described in this topic. Tableau Server only supports STARTTLS (Opportunistic or Explicit TLS).

If your organization does not use public certificates for verifying TLS connections, then you can upload a private certificate to Tableau Server to verify trusted connections. For more information, see the tsm security custom-cert add command.

You may also configure SMTP TLS for encryption-only by disabling the certificate validation process. For more information, see the section, Configuration file reference,in the Use the TSM CLI tab below.

  1. Open TSM in a browser:

    https://<tsm-computer-name>:8850. For more information, see Sign in to Tableau Services Manager Web UI.

  2. Click Notificationson the Configuration tab and click Email Server.

  3. Enter the SMTP configuration information for your organization:

  4. Click Save Pending Changes after you've entered your configuration information.

  5. Click Pending Changes at the top of the page:

  6. Click Apply Changes and Restart.

  7. Run the tsm email test-smtp-connection to view and verify the connection configuration. See tsm email test-smtp-connection.

For the initial configuration of SMTP, we recommend that you use the configuration file template below to create a json file. You can also set any single configuration key listed below with the syntax described in tsm configuration set.

  1. Copy the following json template to a file.

    Important: The template below includes common options for most deployments. After you copy the template to a text file, you must edit the option values for your SMTP server requirements. You may need to remove or add options. See the reference section that follows for more information about all supported SMTP key options.

    {
    “configKeys”: {
    	"svcmonitor.notification.smtp.server": "SMTP server host name",
    	"svcmonitor.notification.smtp.send_account": "SMTP user name",
    	"svcmonitor.notification.smtp.port": 443,
    	"svcmonitor.notification.smtp.password": "SMTP user account password",
    	"svcmonitor.notification.smtp.ssl_enabled": true,
    	"svcmonitor.notification.smtp.from_address": "From email address",
    	"svcmonitor.notification.smtp.target_addresses": "To email address1,address2",
    	"svcmonitor.notification.smtp.canonical_url": "Tableau Server URL"
    	}
    }
  2. Run the tsm settings import -f file.json to pass the json file with the appropriate values to Tableau Services Manager to configure Tableau Server for SMTP. Tableau Services Manager will validate the entity values.

  3. Run the tsm pending-changes apply command to apply the changes. See tsm pending-changes apply.

  4. Run the tsm email test-smtp-connection to view and verify the connection configuration. See tsm email test-smtp-connection.

SMTP CLI configuration reference

This table lists all of the options that can be used to configure SMTP with TSM CLI.

Option Description
svcmonitor.notification.smtp.server Address of SMTP server.

Example:

"svcmonitor.notification.smtp.server": "mail.example.com"

svcmonitor.notification.smtp.send_account User name for SMTP account.
svcmonitor.notification.smtp.port Port number for SMTP server. The default is 25.
svcmonitor.notification.smtp.password Password for SMTP server account.

Example:

"svcmonitor.notification.smtp.password":"password"

svcmonitor.notification.smtp.ssl_enabled Specifies whether the connection to the SMTP server is encrypted. The default is false.
svcmonitor.notification.smtp.ssl_required

If enabled, Tableau Server will refuse to connect to SMTP servers without using TLS. The svcmonitor.notification.smtp.ssl_enabled option must also be set to true.

The default is false.

svcmonitor.notification.smtp.ssl_check_server_identity

If set to true, Tableau Server will check the SMTP server identity as specified by RFC 2595(Link opens in a new window). These additional checks based on the content of the server's certificate are intended to prevent man-in-the-middle attacks.

The default is false.

svcmonitor.notification.smtp.ssl_trust_all_hosts

When using TLS, trust certificates from all mail servers, ignoring the validity of the certificate's chain of trust. By setting this key to true, TLS will be used only to encrypt the traffic to the SMTP host.

The default is false.

svcmonitor.notification.smtp.ssl_ciphers

The default and supported sets of cipher suites is defined by the version of JDK that is installed with Tableau Server. See the section below, TLS ciphers, for a list of supported and default ciphers.

To update the cipher suites used by Tableau Server for SMTP TLS connections, enter a white space-separated list of cipher suites for this value. For example, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384".

svcmonitor.notification.smtp.ssl_versions

The default TLS versions enabled on this version of Tableau Server are TLSv1, TLSv1.1, TLSv1.2 and TLSv1.3.

TLS version support is defined by the version of JDK that is installed with Tableau Server.

Supported versions of TLS are SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3.

To update the versions used by Tableau Server for SMTP TLS connections, enter a white space-separated list of versions for this value. For example, "TLSv1.2 TLSv1.3".

svcmonitor.notification.smtp.from_address Email address that will send an notification if there's a system failure. The email address must have valid syntax (for example, ITalerts@bigco.com or noreply@mycompany), but it does not have to be an actual email account on Tableau Server. (Some SMTP servers may require an actual email account, however.)

Note: You can override the system-wide email address on a per-site basis. For more information, see What is a site.

Example:

"svcmonitor.notification.smtp.from_address": "donot-reply@example.com"

svcmonitor.notification.smtp.target_addresses Email address to receive notifications. If email notifications are enabled, you need to include at least one address. Separate multiple addresses with commas.

Example:

"svcmonitor.notification.smtp.target_addresses": "iluvdata@example.com"

svcmonitor.notification.smtp.canonical_url URL of the Tableau Server. Enter http:// or https://, followed by the name or IP address of the Tableau server. Used in the footer of subscription email.

Example:

"svcmonitor.notification.smtp.canonical_url": "http://myserver.example.com"

TLS ciphers

The following is a list of TLS ciphers that are supported by the JDK that is included with Tableau Server. In this version of Tableau Server, all of these ciphers are enabled by default. You can specify a custom list of ciphers for your SMTP configuration by entering a white-space separated list with the option, svcmonitor.notification.smtp.ssl_ciphers, as described in the table above.

TLS_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_DSS_WITH_AES_256_GCM_SHA384

TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

TLS_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_256_GCM_SHA384

TLS_EMPTY_RENEGOTIATION_INFO_SCSV

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

TLS_RSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384
TLS_AES_128_GCM_SHA256  
Thanks for your feedback!Your feedback has been successfully submitted. Thank you!