SMTP Relay
Route outgoing email through a third-party provider like Amazon SES, SendGrid, or Mailgun for improved deliverability.
SMTP relay routes your outgoing email through a third-party email delivery provider instead of sending directly from your server. This can significantly improve deliverability, especially if your server's IP doesn't have an established sending reputation.
Pro feature
SMTP Relay is available on the Pro plan and above.
Supported providers
CeyMail includes pre-configured templates for six major providers, plus a custom option for any SMTP server:
| Provider | Host | Notes |
|---|---|---|
| Amazon SES | email-smtp.{region}.amazonaws.com:587 | 19 AWS regions available |
| SendGrid | smtp.sendgrid.net:587 | Username is always "apikey" |
| Mailgun | smtp.mailgun.org:587 | US and EU endpoints |
| Brevo | smtp-relay.brevo.com:587 | Formerly Sendinblue |
| Postmark | smtp.postmarkapp.com:587 | Server API Token used for auth |
| SparkPost | smtp.sparkpostmail.com:587 | US and EU endpoints |
| Custom SMTP | Your choice | Any SMTP server with custom host and port |
Setting up a relay
- Navigate to Settings > Integrations
- Select your provider from the grid
- Fill in the provider-specific credentials:
Amazon SES
- Select your AWS Region from the dropdown
- Enter your SMTP Username and SMTP Password (generated in the AWS SES console under SMTP Settings)
SendGrid
- Enter your API Key (the username is automatically set to "apikey")
Mailgun
- Enter your SMTP Username and SMTP Password
- Select your region: US or EU
Brevo
- Enter your SMTP Login Email and SMTP Key (found in your Brevo account under SMTP & API)
Postmark
- Enter your Server API Token (used as both username and password)
SparkPost
- Enter your API Key (the username is automatically set to "SMTP_Injection")
- Select your region: US or EU
Custom SMTP
- Enter the Host (fully qualified domain name)
- Select the Port (25, 465, 587, or 2525)
- Choose the TLS Security level (encrypt, may, or secure)
- Enter your Username and Password
Testing the connection
Before activating, click Test Connection to verify your credentials work. CeyMail sends a test email through the relay and reports success or failure. This helps catch credential issues before they affect live mail delivery.
Activating the relay
Once testing passes, click Activate Relay. CeyMail configures Postfix to route all outgoing mail through the provider's SMTP server. The relay status card shows your active provider, host, TLS level, and configuration date.
Changing or removing the relay
- Change provider -- click Change on the active relay card to select a different provider
- Remove relay -- click Remove to switch back to direct delivery. A confirmation dialog explains that outgoing mail will be sent directly from your server
DNS records
Some providers require you to verify your sending domain or add specific DNS records (SPF, DKIM, DMARC) in their dashboard. Check your provider's documentation to ensure deliverability after activating the relay.
When to use relay vs direct sending
Use a relay when:
- Your server IP is on a blocklist or has low sender reputation
- You need delivery analytics and bounce tracking from a provider
- Your hosting provider blocks port 25 (common with cloud VPS)
- You want to benefit from a provider's established sending infrastructure
Use direct sending when:
- Your server IP has a clean reputation
- You've configured SPF, DKIM, and DMARC correctly
- You want full control over the delivery pipeline
- You don't want to depend on a third-party service
Security
Relay credentials are stored securely in Postfix's SASL authentication tables on the server -- they are never stored in the CeyMail dashboard database or configuration files. The dashboard only stores non-sensitive metadata like the provider name and configuration date.