Skip to content

Requirements & deliverability settings

Cloud

  • Included in Solution Cloud Shared
  • If isolated application: - you need to add the lime-newsletter dependency to the customer solution.

On-premise

Solution needs to be based on lime-crm 2.308.3 or later (Server version 2022.2 - Hoverla)

General

The integration is dependent on being able to communicate from our Newsletter cloud environment to the on-premise Lime Server in order to be able to get persons to send emails to and write back status updates on actions in emails. The Newsletter integration is built as an addon that is installed into the Lime Web Server and the Lime Webclient must be enabled for that to work.

Since most on-premise solutions are behind the customer firewall the customer need to take actions in order to let the newsletter environment connect to their Lime server. The customer doesn't have to open up the Webclient to the whole world. It can be limited to the Newsletter environment IPs or a hostname from outside their hosting environment. This requires changes from their IT department.

The image shows how the Newsletter environment communicates with the on-premise solution in most cases. Either direct through the firewall to the Lime Server or through the firewall and then via a reverse proxy to the Lime Server.

lime newsletter communication

Security

The communication from the Newsletter environment to the on-premise Lime environment is secured via HTTPS/TLS.

Every request from the Newsletter environment to the on-premise Lime server needs to be authenticated. That is done by passing a unique secret (API-key) in the header (x-api-key). The API-key can only be generated by an administrator on the on-premise Lime server with the Lime administration tools (or the command line tool limefu). The API-key is bound to an existing Lime user and all requests using that API-key will impersonate that Lime user. The API-key is then stored in the Newsletter environment for the customer and used to authenticate with the Lime-newsletter API.

Actions

  1. Make sure the Webclient is enabled.
  2. The customer needs to set up a publicly available IP/hostname for us to use to connect to the on-premise Lime server.
  3. The integration doesn't require a hostname - a IP address is enough.

  4. The certificate for HTTPS does not have to been issued by a trusted CA but its recommended (self-signed certificates is supported).

  5. The customer IT need to allow HTTPS traffic (port 443) from at least the newsletter environment through the firewall to the Lime server.

Source IP Destination IP Destination Port Description
any or 84.19.149.64/27 IP from step 2 443 Rule to allow traffic via the publicly available IP to the Lime server from any or the Newsletter environment
  1. Some on-premise solutions also have a reverse proxy solution in front of their servers which the IT need to configure as well to direct traffic through to the Lime Server.

Deliverability settings

For every domain that will be used as the from email address (noreply@company.com) for the Newsletter emails you need to complete the following steps to increase deliverability. If you plan to use company.se, company.no etc. you need to follow these steps for each domain. The examples below are based on company.com and need to be changed to the actual domain.

Set up sending domains

To be able to use the sending domain and verify that all settings are correct you need to add it as a sending domain in Newsletter administration. There you also need to verify domain ownership by adding a verification record. More info here. After the sending domain has been added you need to make three changes in your DNS. A TXT record to verify domain ownership, a CNAME record for DKIM and a TXT/SPF record. Instructions for this can be found when adding the sending domain. Below in is a brief explanation on what you can prepare.

Setup a domain verification record

This is done to verify that you are the owner of the domain. A TXT-record limeverify.(company.com) needs to be added with a unique code found on the sending domains administration page in Newsletter.

Setup a SPF record

A SPF record is a DNS setting made by the owner of the domain (company.com) which instructs receiving SMTP-servers which IPs that are allowed to send with company.com as the from email address. In the company.com DNS you need to add a SPF TXT record. If the company.com domain already has a SPF record you can extend that by adding:

"include:spf.bedrock.lime-technologies.com"

If you don’t have a SPF record you can create this standard SPF record which won’t disrupt other email services but include Newsletter services:

"v=spf1 a mx include:spf.bedrock.lime-technologies.com ~all"

To verify the settings you can use a service on MX Toolbox (change company.com to the actual domain).

Setup a DKIM record

With DKIM, Newsletter creates a digital signature based on the from information in the email with a private key stored on the newsletter servers. When the receiving SMTP-server receives a signed email from @company.com the SMTP-server can verify the signature by getting the public key from the company.com DNS. In the company.com DNS you need to create a CNAME record:

bedrock._domainkey(.company.com) CNAME dkim.bedrock.lime-technologies.com

To verify the settings you can use a service on MX Toolbox (change company.com to the actual domain).

Newsletter IPs

The IPs used by Newsletter is in the following range 84.19.149.64/27.