Relay Configuration

The primary connection and configuration settings for the Email Gateway Service are listed below:

Server Name: relay.nhs.uk
Authentication: Anonymous
TLS: Opportunistic supported
SMTP port: 25
SSL: Not supported
Plain text: Supported
IP Addresses: Variable to support high availability. Currently 155.231.210.221, 155.231.210.222, 155.231.210.253 and 155.231.210.254
Note these must not be hard coded into applications, host names should always be used.
DNS: Reverse DNS entries checked against sending systems. Where a reverse DNS check fails email will not be accepted. Please register your DNS entry with [email protected]

 

N3/HSCN Organisation use Static IP addresses for MTA configuration

The use of static IP addresses is not supported by the Email Gateway for NHSmail. All configuration should be done based on N3/HSCN DNS pointing to relay.nhs.uk. It is possible that organisations can point directly to the end points of ‘relay.nhs.uk’, but these may change with little or no notice, and therefore availability of any/all IP’s cannot be guaranteed. It is equally important that the Email Gateway should not directly be restricted by connecting IP, connecting IP’s may change over the service lifetime.

 

Organisations helo/ehlo responses for the Email Gateway

As the Email Gateway services multiple interfaces (N3/HSCN, NHSmail and internet), the Email Gateway does not provide corresponding helo/ehlo responses to N3/HSCN DNS. Therefore, N3/HSCN organisations should not use the helo/ehlo response as a form of validation against the Email Gateway.

 

Testing N3 connectivity to the Email Gateway?

To use the Email Gateway, local organisations must ensure inbound/outbound connectivity to the following IP addresses is available from the organisation’s sending/receiving Message Transfer Agents (MTAs):

  • 155.231.210.221
  • 155.231.210.222
  • 155.231.210.253
  • 155.231.210.254

To test the connection to the Email Gateway IP’s, logon to the local MTA, and run the command ‘telnet <IP> 25’. The response should come back with: 220 SMTP-S or 220 SMTP-H. Below is an example of the successful output:

# telnet 155.231.210.221 25
Trying 155.231.210.221…
Connected to 155.231.210.221.
Escape character is ‘^]’.
220 SMTP-S

What if testing fails?

Ensure the test is being executed from your MTA on N3/HSCN, and an appropriate PTR record exists.
Confirm your organisation’s firewalls contain the following full IP ranges used for NHSmail (not just the IP addresses listed) which are: 155.231.210.192/26 and 10.222.62.0/24

If testing still fails contact the NHSmail support, as listed in the Where can I get help? section.

What are the message restrictions?

Messages restictions across the Email Gateway service are:

Message Size Limit: 35MB
Permitted/Restricted Attachment Types: See Attachments Guide for complete details attachments.
Rate Limiting: The Email Gateway service monitors and restricts/limits message transfer if large volumes of messages are unexpectedly seen. This restriction can be placed at the IP level, or on specific accounts.

Updated on 09/04/2019

Related Articles

back to top