Skip to main content

Hi LeanIX Community,

We’re experiencing activation issues with one of our LeanIX clients due to their security system blocking LeanIX-related emails (e.g., workspace invites, password reset notifications).

LeanIX Support informed us that these emails are sent via the Mailjet system, which uses the domain *.mailjet.com (e.g., bnc3.mailjet.com). While the IP address (hidden) is exclusive to SAP LeanIX, Mailjet’s use of multiple subdomains for email delivery complicates matters.

The suggested solutions include:

  1. Configuring the client’s firewall or DLP to allow emails from the specific IP and *@mailjet.com.
  2. Setting up a custom SMTP server (https://docs-eam.leanix.net/docs/notifications-center#setting-up-a-custom-smtp-server-for-email-delivery).

However, our client is highly security-conscious and reluctant to open their firewall for the *@mailjet.com domain due to its association with spam.

Have other LeanIX users encountered similar challenges? If so, how have you managed to resolve them without compromising security?

We’re particularly interested in hearing about any best practices, alternative approaches, or configurations that have worked in similar situations.

Looking forward to your insights!

Hi ​@Almero 

In high-security environments, we usually configure the company’s SMTP server as a custom SMTP server in LeanIX and create a technical user on that custom SMTP server. This technical user will then only be used for sending LeanIX-related e-mails.

With this solution, you don’t need to open up your firewall for the entire mailjet domain.

Additional benefit of this scenario: You will be able to use an internal address for sending, which adds credibility to your e-mails because they will not have an external sender like support@leanix.net .

Hi ​@Almero , Thomas is suggesting option 2, which may be a possibility to configure directly or through LeanIX support.

However, another option is to dispense with e-mail entirely:

User access and password resets should be covered by a utilising an alternative identity provider Single Sign-On (SSO)

Notifications can be sent through the LeanIX App for Microsoft Teams instead of e-mail.

Hi all

Thanks for your insights, ​@Almero. Ocasionally, we experienced the same issue and now I know why :) However we haven’t rolled out LeanIX to the whole company yet and didn’t investigate any further for now.

The custom SMTP-server solution would be good, but the the authentication methods supported by LeanIX (basic auth) are no longer supported anymore for Microsoft 365. Additionally they will be decommissioned by September 2025. So that’s a no go as well for us.

I will raise a ticket to LeanIX regarding authentication methods to MS 365. It’s the best solution when LeanIX’ mails come from an internal mail address

@Justin Swift Great, thanks! 😀 I didn’t know a dedicated App existed and thought it’s going through webhooks. Perhaps we can omit the mail-notifications completely this way. That’d be fantastic.

Hi ​@Jochen , ​@Justin Swift , ​@Almero 

Getting rid of e-mail notifications will only work if you use SSO for user login. As far as I know, the message type “Invitation” is only supported for e-mail messages, not for Teams messages.

 

Message types for e-mail:

 

Message types for Teams:

 

@Jochen It’s a possibility, especially if an organisation has an aversion to responding to e-mail in a timely manner! 📥 I understand it covers comments (but not surveys) as well.

As this is a development roadmap item new features are added to the app like search and view:

 

Reply


Terms & ConditionsCookie settings