# Email Setup Guide

This guide explains how to configure Amazon SES (Simple Email Service) as the email provider for your Nected deployment. Using Amazon SES, Nected can securely send notifications and emails through your AWS account.

{% hint style="success" %}
📌 **Note:**\
For setting up an SMTP service account, you can refer to the following guides for popular cloud providers:

* **Azure Communication Services** – [Send Emails via SMTP Relay with Azure Communication Services](https://techcommunity.microsoft.com/blog/azurecommunicationservicesblog/send-emails-via-smtp-relay-with-azure-communication-services/4175396)
* **AWS SES** – [Send Email Using the SMTP Interface](https://docs.aws.amazon.com/ses/latest/dg/send-email-smtp-software-package.html)
* **AWS SES Programmatically** – [Send Using SMTP Programmatically](https://docs.aws.amazon.com/ses/latest/dg/send-using-smtp-programmatically.html)

These resources provide detailed steps to configure SMTP service accounts for sending emails securely from your self-hosted Nected instance.
{% endhint %}

### Configure Amazon SES

#### Prerequisites

Before configuring Amazon SES in Nected, ensure the following:

* **A deployed Nected instance.** If not installed, refer to the [Installation Guide](https://www.notion.so/New-Installation-1f2c784e906f8071985dda1856e971db?pvs=21).
* **An active AWS account.** [Create an AWS account](https://aws.amazon.com/) if you don’t already have one.
* **Amazon SES setup completed**:
  1. **Enable SES** in your AWS account.
  2. **Generate the IAM user’s access key and secret key**.

> 💡 Amazon SES enforces sending limits and sandbox restrictions. Refer to Managing your Amazon SES sending limits and Moving out of the sandbox for details.

To enable Amazon SES in your Nected deployment, update the configuration values in your `nected-values.yaml` Helm file (for Docker Deployment, the file will be `nectedconfig/nalanda.env`) as described below:

```yaml
# Replace all the placeholder values with actual values
# Enable email functionality
SEND_EMAIL: "true"

# Set SES as the email provider
EMAIL_PROVIDER: "ses"

# AWS SES credentials
AWS_ACCESS_KEY: "<your_aws_access_key>"
AWS_SECRET_KEY: "<your_aws_secret_key>"
AWS_REGION: "<your_aws_region>"          # e.g., us-west-2

# Sender information
SENDER_EMAIL: "<your_verified_ses_email>"
SENDER_NAME: "Nected Notifications"
```

### Configure Email using SMTP Server

#### Prerequisites

Before configuring SMTP email settings, ensure the following:

* Your self-hosted Nected instance is installed. Refer to the Cloud Deployment Guide if not yet set up.
* You have an active account with an SMTP email service provider (e.g., Gmail, SendGrid, Outlook, etc.).
* Your email/domain is verified with your chosen SMTP provider.

You can configure your email provider in Nected using the following steps in your Helm deployment:

Edit your Helm values file (`nected-values.yaml`) (for Docker Deployment, the file will be `nectedconfig/nalanda.env`) and add the following SMTP email configuration block:

```yaml
# Replace all the placeholder values with actual values
SEND_EMAIL: "true"
EMAIL_PROVIDER: "smtp"
SENDER_EMAIL: "<your_verified_email@example.com>"
SENDER_NAME: "Nected Notifications"
EMAIL_HOST: "<smtp_host>"
EMAIL_PORT: "<smtp_port>"
EMAIL_USERNAME: "<smtp_username>"
EMAIL_PASSWORD: "<smtp_password>"
```

### Testing the Email Setup

To confirm that your Amazon SES configuration works correctly:

* Trigger an email notification (e.g., password reset) from your Nected instance.
* Verify receipt in the recipient inbox.
* Check the spam/junk folder if the email doesn't appear in the primary inbox initially.

> ⚠️ Important:
>
> To avoid emails being flagged as spam, ensure your DNS settings include a valid [SPF record](https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-spf.html) for Amazon SES.

### Configure Azure Communication Services (ACS)

You can also configure Azure Communication Services (ACS) as the SMTP email provider for your self-hosted Nected deployment. ACS offers a stable SMTP relay that works smoothly with Nected’s email workflow, including authentication and notification emails.

#### Prerequisites

Before configuring ACS, confirm the following:

• Your Nected instance is deployed.\
• Your Azure Communication Services resource is created.\
• SMTP is enabled in the ACS resource.\
• You have a verified domain inside ACS Email Communication.\
• You have created the Entra application and service principal credentials (client secret).

During internal testing, ACS worked reliably with Nected once SMTP relay was configured.

#### Configure ACS in Nected

After ACS is ready, update the SMTP block in your `nected-values.yaml` (for Docker, update `nectedconfig/nalanda.env`) with the ACS SMTP details.

```yaml
SEND_EMAIL: "true"

# Set SMTP as provider
EMAIL_PROVIDER: "smtp"

# Sender information
SENDER_EMAIL: "DoNotReply@your-domain-used-in-azure-email-service"
SENDER_NAME: "Support"

# Azure Communication Services SMTP relay configuration
EMAIL_INSECURE_TLS: "true"
EMAIL_HOST: "smtp.azurecomm.net"
EMAIL_PORT: "587"

# Azure Communication Services credentials
EMAIL_USERNAME: "<ACSResourceName>.<EntraApplicationID>.<EntraTenantID>"
EMAIL_PASSWORD: "<your_service_principal_secret>"
```

The `EMAIL_USERNAME` format is derived from the ACS configuration and follows this structure:

```
<ACSResourceName>.<EntraApplicationID>.<EntraTenantID>
```

Make sure the service principal secret is active and not expired.

#### Apply Updated Configuration

Once the values are updated, redeploy Nected:

```bash
helm upgrade -i nected nected/nected -f nected-values.yaml
kubectl rollout restart deploy nected-nalanda
```

#### Note on SSL Certificate Updates

If your deployment uses HTTPS ingress, update your ingress certificate as usual.\
Since Nected also relies on the scheme defined in the Helm values file, the chart needs to be redeployed after modifying the scheme from `http` to `https`.

If the certificate is ready and you want help verifying the configuration, feel free to reach out to the support team.

### Troubleshooting

If you encounter any issues:

* Verify SES identity status (email/domain) in your AWS SES Console.
* Check AWS SES sending quotas (sending rate, daily sending limit).
* Review Kubernetes pod logs for Nected backend service (`kubectl logs <nected-backend-pod>`).

If you still have issues or require further assistance, please contact our support at <assist@nected.ai>.

#### Deploy Updated Configuration

Apply these updated values using Helm:

```bash
helm upgrade -i nected nected/nected -f values/nected-values.yaml
kubectl rollout restart deploy nected-nalanda
```