Skip to content

Requirements & deliverability settings

Cloud

  • Included in Solution Cloud Shared
  • If isolated application: - you need to add the lime-newsletter dependency to the customer solution.

On-premise

Solution needs to be based on lime-crm 2.437.0 or later (Server version 2022.3.1015 - Rysy)

General

The integration is dependent on being able to communicate from our Newsletter cloud environment to the on-premise Lime Server in order to be able to get persons to send emails to and write back status updates on actions in emails. The Newsletter integration is built as an addon that is installed into the Lime Web Server and the Lime Webclient must be enabled for that to work.

Since most on-premise solutions are behind the customer firewall the customer need to take actions in order to let the newsletter environment connect to their Lime server. The customer doesn't have to open up the Webclient to the whole world. It can be limited to the Newsletter environment IPs or a hostname from outside their hosting environment. This requires changes from their IT department.

The image shows how the Newsletter environment communicates with the on-premise solution in most cases. Either direct through the firewall to the Lime Server or through the firewall and then via a reverse proxy to the Lime Server.

lime newsletter communication

Security

The communication from the Newsletter environment to the on-premise Lime environment is secured via HTTPS/TLS.

Every request from the Newsletter environment to the on-premise Lime server needs to be authenticated. That is done by passing a unique secret (API-key) in the header (x-api-key). The API-key can only be generated by an administrator on the on-premise Lime server with the Lime administration tools (or the command line tool limefu). The API-key is bound to an existing Lime user and all requests using that API-key will impersonate that Lime user. The API-key is then stored in the Newsletter environment for the customer and used to authenticate with the Lime-newsletter API.

Actions

  1. Make sure the Webclient is enabled.
  2. The customer needs to set up a publicly available IP/hostname for us to use to connect to the on-premise Lime server.
  3. The integration doesn't require a hostname - a IP address is enough.

  4. The certificate for HTTPS does not have to been issued by a trusted CA but its recommended (self-signed certificates is supported).

  5. The customer IT need to allow HTTPS traffic (port 443) from at least the newsletter environment through the firewall to the Lime server.

Source IP Destination IP Destination Port Description
any or 84.19.149.64/27 IP from step 2 443 Rule to allow traffic via the publicly available IP to the Lime server from any or the Newsletter environment
  1. Some on-premise solutions also have a reverse proxy solution in front of their servers which the IT need to configure as well to direct traffic through to the Lime Server.

Deliverability settings

To get started sending emails with Lime Marketing, you will need to set up the deliverability settings listed below in order to use your organization's sending domains. Incorrect settings can lead to emails being rejected or marked as spam. The instructions are generated in Lime Marketing, more info on the Deliverbility toolbox.

Domain ownership

To start using a sending domain, you first need to verify that you own the domain.

DKIM

With DKIM, Lime Marketing creates a digital signature based on the "from" information in the email with a private key. When a signed email from company.com is received, the signature is verified with the public key from company.com DNS.

DMARC

DMARC is used to prevent phishing and spoofing attacks using your domain. DMARC is a standard for email authentication that builds on SPF and DKIM standards. DMARC specifies what happens to emails in the event they fail SPF or DKIM authentication. Since emails sent from Lime Marketing are signed with DKIM and have a valid SPF record, you can set up a DMARC policy for your domain that tells receiving SMTP-servers to reject emails that fail SPF or DKIM authentication. In order to pass the SPF alignment check, you need to set up a custom return-path domain that matches the domain in the "from" email address.

Custom return-path (optional)

A return-path/mail-from address is where the receiving server sends email bounce information. This email address also maintains its own reputation that can support deliverability. It is recommended to add your own return-path domain in order to build and control your own sending reputation and optimize deliverability. By default, Lime Marketing customers use a shared return-path domain.

Newsletter IPs

The IPs used by Newsletter can be found on the Deliverbility toolbox