The primary connection and configuration settings for the Email Gateway Service are listed below:
| Server Name: | relay.nhs.uk |
| Authentication: | Anonymous |
| TLS: | Opportunistic supported |
| SMTP port: | 25 |
| SSL: | Not supported |
| Plain text: | Supported |
| IP Addresses: | Variable to support high availability. Currently 155.231.210.221, 155.231.210.222, 155.231.210.253 and 155.231.210.254 Note these must not be hard coded into applications, host names should always be used. |
| DNS: | Reverse DNS entries checked against sending systems. Where a reverse DNS check fails email will not be accepted. Please register your DNS entry with dnsteam@nhs.net |
HSCN Organisation use Static IP addresses for MTA configuration
The use of static IP addresses is not supported by the Email Gateway for NHSmail. All configuration should be done based on HSCN DNS pointing to relay.nhs.uk. It is possible that organisations can point directly to the end points of ‘relay.nhs.uk’, but these may change with little or no notice, and therefore availability of any/all IP’s cannot be guaranteed. It is equally important that the Email Gateway should not directly be restricted by connecting IP, connecting IP’s may change over the service lifetime.
Organisations helo/ehlo responses for the Email Gateway
As the Email Gateway services multiple interfaces (HSCN, NHSmail and internet), the Email Gateway does not provide corresponding helo/ehlo responses to HSCN DNS. Therefore, HSCN organisations should not use the helo/ehlo response as a form of validation against the Email Gateway.
Testing HSCN connectivity to the Email Gateway?
To use the Email Gateway, local organisations must ensure inbound/outbound connectivity to the following IP addresses is available from the organisation’s sending/receiving Message Transfer Agents (MTAs):
- 155.231.210.221
- 155.231.210.222
- 155.231.210.253
- 155.231.210.254
To test the connection to the Email Gateway IP’s, logon to the local MTA, and run the command ‘telnet <IP> 25’. The response should come back with: 220 SMTP-S or 220 SMTP-H. Below is an example of the successful output:
# telnet 155.231.210.221 25
Trying 155.231.210.221…
Connected to 155.231.210.221.
Escape character is ‘^]’.
220 SMTP-S
What if testing fails?
Ensure the test is being executed from your MTA on HSCN, and an appropriate PTR record exists.
Confirm your organisation’s firewalls contain the following full IP ranges used for NHSmail (not just the IP addresses listed) which are: 155.231.210.192/26 and 10.222.62.0/24
If testing still fails contact the NHSmail support, as listed in the Where can I get help? section.
What are the message restrictions?
Messages restictions across the Email Gateway service are:
| Message Size Limit: | 35MB |
| Permitted/Restricted Attachment Types: | See Attachments Guide for complete details attachments. |
| Rate Limiting: | The Email Gateway service monitors and restricts/limits message transfer if large volumes of messages are unexpectedly seen. This restriction can be placed at the IP level, or on specific accounts. |
| Last Reviewed Date | 13/03/2024 |
