Configuring an SMTP Settings for AppSpider Enterprise

Connecting your AppSpider Enterprise instance to an SMTP server can be really useful. It enables you to receive notifications when scans are started and when reports are ready to be viewed. You can also easily reset your password if you forget it.

You can add an SMTP server for AppSpider Enterprise:

  • During installation - The AppSpider Enterprise installer includes options for you to connect to an SMTP server. You'll need to provide the SMTP server address, the port that SMTP runs on, and the credentials to authenticate to the server.

  • Post installation - If you did not connect your SMTP server to AppSpider Enterprise during the installation process, you'll be able to set up SMTP post-installation by modifying the NTOE configuration file.

Connecting your SMTP server during installation

The easiest way to connect to an SMTP server is to do it when you install AppSpider Enterprise. The installer provides a guided interface that prompts you for the information required to set up AppSpider Enterprise, such as where you want to install your source files, the location to store your data files, and the information needed to connect to your database.

After you provide these details, you'll be able to provide the information for your SMTP server. To set up an SMTP server for AppSpider Enterprise during installation, you'll need to select the "Use SMTP server" option.

On the following screens after you set up the database connection, you'll need to provide the following details about your SMTP server:

  • SMTP server address - The address that your SMTP server runs on.
  • SMTP port - The port that SMTP runs on.
  • SMTP user name - The user name that can be used to authenticate to the SMTP server.
  • SMTP password - The password that can be used to authenticate to the SMTP server.
  • SSL encryption - You can choose to use SSL to encrypt your email communications.
  • Response email - The e-mail address that is used as the sender's address.

After you configure your SMTP settings, you can continue with the rest of the installation.

Connecting your SMTP server after installation

If you have already installed AppSpider Enterprise and you want to connect to your SMTP server, you'll need to modify the NTOE configuration file and add the information for your SMTP server. Some settings in NTOE.config correspond to the AppSpiderScheduler2 service which is the service that runs AppSpider Enterprise, while others correspond to IIS which is the web server for the AppSpider Enterprise portal. Hence, there are two versions of the NTOE configuration file under the AppSpiderScheduler2 and IIS directories. We recommend that you modify both files in order to maintain consistency. The two versions of NTOE.config are located in the following directories:

  • C:\Program Files(x86)\Rapid7\AppSpider Enterprise 3.x\IIS.NET\bin
  • C:\Program Files(x86)\Rapid7\AppSpider Enterprise 3.x\AppSpiderScheduler2

You'll need to replace "3.x" in the file path with the version of AppSpider Enterprise you are running. In order to avoid

To connect AppSpider Enterprise to an SMTP server post-installation:

  1. Open C:\Program Files(x86)\Rapid7\AppSpider Enterprise 3.x\IIS.NET\bin\NTOE.config with a text editor. You may need to have administrator privileges to edit the file.
  2. Find the system.net element.
  3. Within that element, find the line that starts with <smtp from="">.
  4. Within the quotes, provide the email address you want to use as the sender's address, such as no-reply@yourcompany.com.
  5. Find the line that starts with <network host ="">.
  6. Provide the information for the following options:
    • Network host - The address that your SMTP server runs on.
    • Port - The port that SMTP runs on. SMTP typically runs on port 25 or 2525.
    • UserName - The user name that can be used to authenticate to the SMTP server.
    • Password - The password that can be used to authenticate to the SMTP server.
    • enableSSL - You can choose to use SSL to encrypt your email communications. Enter a value of true to enable SSL or use the default value to disable SSL.
  7. Find the line that starts with <theNotifications />. Change the value of the “MailLink” property from “localhost!!!” to the URL of the AppSpider Enterprise portal. The line has 3 other attributes, ScanAgainstHost, ScanCompletion, and ScanExecution, that control the activities that can trigger notification emails.
    • ScanAgainstHost - In the Administration > Notification screen of AppSpider Enterprise, you can enter an email against a host FQDN. If you set ScanAgainstHost to True and a scan is started against the host, each email address in this list will receive an email.
    • ScanCompletion - If ScanCompletion is set to True, an email will be sent to the user who started the scan when the scan or regeneration of scan is finished.
    • ScanExecution - If ScanExecution is set to True and a scan is started, an email will be sent to the user who started the scan.

If you enable all the notifications, the line in the NTOE.config file will look as follows:

1
<theNotifications Enabled="True" MailLink="https://<ASE hostname or IP address>/AppSpiderEnterprise/" ScanAgainstHost="True" ScanCompletion="True" ScanExecution="True" />

Please note that if scan approval is required and the theEnhancedServices > theSAAS > email property is set, then scan execution and completion notification emails will also be sent to that email address. 8. Save the file.

Repeat these steps again for C:\Program Files(x86)\Rapid7\AppSpider Enterprise 3.X\AppSpiderScheduler2\NTOE.config.