1. Home
  2. Guidance
  3. Relay
  4. Relay Configuration

Relay Configuration

The primary connection and configuration settings for the Email Gateway Service are listed below. Please note it is your organisation’s responsibility to ensure the following connection and settings are monitored in case of future changes.

Important Note

We recommend adding this page and our Announcements page to an RSS feed, so you are up to date with any important updates.

Server Name: relay.nhs.uk
Authentication: Anonymous
TLS: Opportunistic supported
SMTP port: 25, 587
SSL: Not supported
Plain text: Supported
IP Addresses: Please note, the host name relay.nhs.uk should always be used.

If your configuration does not support the use of host names, please contact helpdesk@nhs.net for more information on IP addresses. Please ensure you use the subject line ‘NHS Email Relay – Static IP Request’ and provide a reason for requesting the use of static IP addresses. Otherwise, your request may be rejected.

DNS: Reverse DNS entries are checked against sending systems. Where a reverse DNS check fails, email will not be accepted. A PTR (Pointer) record will be required to perform the reverse DNS lookup of the sending IP and associated domain. Please register your DNS entry (sending IP and associated domain) with the dnsteam@nhs.net.

HSCN Organisation use Static IP addresses for MTA configuration

The use of static IP addresses is not supported by the Email Gateway for NHSmail. All configuration should be done based on HSCN DNS pointing to relay.nhs.uk.

It is possible that organisations can point directly to the end points of ‘relay.nhs.uk’, but these may change with little or no notice, and therefore availability of any/all IP’s cannot be guaranteed.

If your organisation is explicitly accepting IPs from particular relays/MTAs, it is important to understand that the IP addresses are subject to changes over the service lifetime and there may be a need to allow new IP addresses.

Organisations helo/ehlo responses for the Email Gateway

As the Email Gateway services multiple interfaces (HSCN, NHSmail and internet), the Email Gateway does not provide corresponding helo/ehlo responses to HSCN DNS. Therefore, HSCN organisations should not use the helo/ehlo response as a form of validation against the Email Gateway.

Testing HSCN connectivity to the Email Gateway?

To test the connection to the Email Gateway IPs, logon to the local MTA, and run the command ‘telnet <IP> 25’. The response should come back with ‘220 ESMTP’.

Below is an example of the successful output:

#telnet relay.nhs.uk 25

Trying relay.nhs.uk…

220 mail1.nhs.net ESMTP

Please note, ‘220 mail2.nhs.net ESMTP’ is also a valid response.

If you are using IP ranges, you must ensure inbound/outbound connectivity to the relevant IP addresses is available from the organisation’s sending/receiving Message Transfer Agents (MTAs). If you require information on testing HSCN connectivity for IP addresses, please contact helpdesk@nhs.net.

What if testing fails?

Ensure the test is being executed from your MTA on HSCN, and an appropriate PTR record exists.

If you need to confirm the IP ranges for your organisation’s firewalls, please contact helpdesk@nhs.net.

If testing still fails, please raise a ticket with helpdesk@nhs.net.

What are the message restrictions?

Messages restrictions across the Email Gateway service are:

Message Size Limit: 35MB
Permitted/Restricted Attachment Types: See Attachments Guide for complete details attachments.
Rate Limiting: The Email Gateway service monitors and restricts/limits message transfer if large volumes of messages are unexpectedly seen. This restriction can be placed at the IP level, or on specific accounts.
Last Reviewed Date 16/01/2025
Updated on 16/01/2025

Related Articles

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support
back to top