1. Home
  2. Guidance
  3. Relay
  4. Relay Configuration

Relay Configuration

The primary connection and configuration settings for the Email Gateway Service are listed below:

Server Name: relay.nhs.uk
Authentication: Anonymous
TLS: Opportunistic supported
SMTP port: 25, 587
SSL: Not supported
Plain text: Supported
IP Addresses: Variable to support high availability. Currently 155.231.210.221, 155.231.210.222, 155.231.210.253, 155.231.210.254, 10.13.31.0/26 and 10.13.29.0/26
Note these must not be hard coded into applications, host names should always be used.
DNS: Reverse DNS entries checked against sending systems. Where a reverse DNS check fails email will not be accepted. Please register your DNS entry with dnsteam@nhs.net

HSCN Organisation use Static IP addresses for MTA configuration

The use of static IP addresses is not supported by the Email Gateway for NHSmail. All configuration should be done based on HSCN DNS pointing to relay.nhs.uk. It is possible that organisations can point directly to the end points of ‘relay.nhs.uk’, but these may change with little or no notice, and therefore availability of any/all IP’s cannot be guaranteed. It is equally important that the Email Gateway should not directly be restricted by connecting IP, connecting IP’s may change over the service lifetime.

Organisations helo/ehlo responses for the Email Gateway

As the Email Gateway services multiple interfaces (HSCN, NHSmail and internet), the Email Gateway does not provide corresponding helo/ehlo responses to HSCN DNS. Therefore, HSCN organisations should not use the helo/ehlo response as a form of validation against the Email Gateway.

Testing HSCN connectivity to the Email Gateway?

To use the Email Gateway, local organisations must ensure inbound/outbound connectivity to the following IP addresses is available from the organisation’s sending/receiving Message Transfer Agents (MTAs):

  • 155.231.210.221
  • 155.231.210.222
  • 155.231.210.253
  • 155.231.210.254
  • 10.13.31.0/26
  • 10.13.29.0/26

To test the connection to the Email Gateway IP’s, logon to the local MTA, and run the command ‘telnet <IP> 25’. The response should come back with: 220 SMTP-S or 220 SMTP-H. Below is an example of the successful output:

# telnet 10.13.29.6 25
Trying 10.13.29.6…
Connected to 10.13.29.6.
Escape character is ‘^]’.
220 SMTP-S

What if testing fails?

Ensure the test is being executed from your MTA on HSCN, and an appropriate PTR record exists.
Confirm your organisation’s firewalls contain the following full IP ranges used for NHSmail (not just the IP addresses listed) which are: 155.231.210.192/26, 10.222.62.0/24, 10.13.29.0/24 and 10.13.31.0/24

If testing still fails contact the NHSmail support, as listed in the Where can I get help? section.

What are the message restrictions?

Messages restrictions across the Email Gateway service are:

Message Size Limit: 35MB
Permitted/Restricted Attachment Types: See Attachments Guide for complete details attachments.
Rate Limiting: The Email Gateway service monitors and restricts/limits message transfer if large volumes of messages are unexpectedly seen. This restriction can be placed at the IP level, or on specific accounts.
Last Reviewed Date 20/11/2024
Updated on 20/11/2024

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top