/
Using smtp.uwaterloo.ca as an Email Relay for Internal Applications

Using smtp.uwaterloo.ca as an Email Relay for Internal Applications

Purpose

This article describes how to configure internal applications to send email using the University of Waterloo email infrastructure via smtp.uwaterloo.ca. It also outlines requirements and the process for external (cloud-based) applications.

Scope

This guidance applies to:

  • Internally hosted applications and services that need to send email

  • Approved external (cloud-based) applications that require an email relay

Anything that does not meet the requirements below must be reviewed by IST via the Service Desk.

 SMTP Relay Configuration Requirements

To use smtp.uwaterloo.ca as an email relay, all of the following conditions must be met.

Sender Address

  • The From / sending email address must exist in Microsoft 365

    • This can be a user mailbox or a shared mailbox

SMTP Settings

Configure your application with the following settings:

  • SMTP Server: smtp.uwaterloo.ca

  • Port: 587

  • Encryption: SSL / TLS (STARTTLS)

  • Authentication: Required

Authentication Credentials

  • Authenticate using Nexus credentials

  • The Nexus account used must have “Send As” permission on the sending mailbox in M365

The authenticated account does not have to be the mailbox owner, but it must explicitly be granted Send As access.

 Internal Applications

For internally hosted applications, ensure that:

  • The application supports SMTP authentication

  • The credentials used meet the requirements listed above

  • Email volume and usage are consistent with normal business operations

If all requirements are met, no additional approval is required.

 External (Cloud-Based) Applications

For external or vendor-hosted applications, the use of smtp.uwaterloo.ca is not available. An M365 Application Registration is required.

Vendor Documentation Requirement

The vendor must provide documentation describing:

  • How the application integrates with Microsoft 365

  • What permissions, scopes, or secrets are required

  • Whether an Azure / M365 Application Registration is needed

Service Desk Request

Once vendor documentation is available:

  1. Submit a ticket to the IST Service Desk

  2. Include:

    • Application name

    • Business purpose

    • Sending email address

    • Vendor documentation

    • Required permissions or scopes

  3. IST will review the request and, if approved, create the M365 Application Registration

External applications are not permitted to use basic SMTP authentication.

 Requests Outside This Process

If your use case does not meet one or more of the requirements in this article, you must:

  • Create a ticket with the IST Service Desk

  • Provide:

    • Application details

    • Hosting location

    • Authentication method

    • Sending patterns and volume

    • Any relevant vendor documentation

IST will review and advise on an appropriate solution.

Getting Help

For questions, exceptions, or new implementations:

  • Submit a request through the IST Service Desk

  • Reference this article in your ticket to help expedite review

 Related articles