HRZ operates TU Darmstadt's email infrastructure by use of central email gateways, through which all emails leaving or entering TU Darmstadt's network are routed. Within its framework of IT security at TU Darmstadt, all incoming and outgoing emails are checked for viruses and incoming spam emails are filtered.
Service features: TU Darmstadt's email infrastructure
Our email gateway consists of:
- a MailOut server for sending emails via decentralized email servers (central outgoing mail server),
- a MailOut internal server exclusively for sending emails internally (this is an internal outgoing mail server; for example for printers, faxes or servers which are not mail servers and which must or should send emails without authentication),
- and a MailIn server for receiving emails coming in from outside our campus.
As part of TU Darmstadt's IT security policy, a Sophos Puremessage Server scans all incoming and outgoing emails for viruses and filters incoming spam.
In addition to HRZ's central email servers, decentralized email servers can be operated locally by institutions. These are bound to HRZ's email gateways and can therefore use the central MailOut server, after being registered accordingly.
Framework conditions and use
Decentralized email servers must be entered in the TrustedServerList (TSL) in order to be able to send emails via our central outgoing mail server at TU Darmstadt. This registration is necessary for all emails to be sent using authentication.
- The sending device or machine must be registered to the network database or entered into the central DNS servers (DNS entry with IP address and name).
- The email address of a sender must be accessible. Emails that cannot be delivered without a valid sender will block the mail gateway.
- Transmission must be encrypted.
Entry in the TrustedServerList
The initial registration of a decentralized server for MailOut in the TrustedServerList (TSL) is done using a web form:
Important: If an entry for the TSL does not show any valid TU-IDs of the admins anymore, the entry will be removed within a short time. Similarly, e-mail domains that do not have valid entries in the central DNS servers will be removed.
- The sending device or machine has a fixed IP address within TU's campus network (18.104.22.168/16) and is directly or indirectly connected to TU's network via VPN.
- The email addresses of the recipients (destination addresses) have a mail domain associated with TU Darmstadt (in the form of email@example.com).
- The sending device or machine is registered to the network database or entered in the central DNS servers (DNS entry with IP address and name).
- The email address of the sender must be reachable. Emails that cannot be delivered without a valid sender will block the mail gateway.
- Transmission must be encrypted.
In addition, HRZ is entitled to temporarily block individual servers in the event of misuse or to secure its IT infrastructure.
All email addresses of a mail domain that are to be accessible from outside must be added to the central WhiteList (WL). Incoming emails are only accepted (by the MailIn server) if the addressee is on the WhiteList of TU Darmstadt and therefore is an official email address. The WhiteList prevents emails from outside the university from reaching the mail gateway and the university, which cannot be delivered past the mail gateway. Internal addresses that should not be accessible from outside the university do not have to be added to the WhiteList.
All email addresses are automatically added to the WhiteList if the server is operated by HRZ. For decentralized email servers, institutions must independently add email addresses to the WhiteList.
- Shipment must be encrypted.
Entry in the WhiteList
The registration for MailIn in the WhiteList takes place via web form:
Application for entry of an e-mail domain in the WhiteList (WL)
Important: If an entry for the WhiteList no longer has a valid TU-ID from the administrator, this entry will be removed within a short period of time. Similarly, email domains that do not have valid entries in the central DNS will be removed as well.
A cost contribution is not charged.