/secboard_admin/.
How Email Works in SecBoard
SecBoard uses a two-layer model: a Mail Server defines the SMTP/IMAP connection (host, port, TLS), and a Mail Account ties a sender address and password to that server. Multiple accounts can share one server.
| Layer | What it holds | Admin path |
|---|---|---|
| Mail Server | SMTP host, port, TLS/SSL · IMAP host, port, SSL (optional) | App Conf → Mail Servers |
| Mail Account | Sender address, encrypted password, link to a Mail Server | App Conf → Mail Accounts |
Step 1 — Add a Mail Server
Go to App Conf → Mail Servers → Add
(/secboard_admin/app_conf/mailserver/add/).
SMTP Settings
| Field | Purpose | Typical values |
|---|---|---|
Name | A display label for this server (internal use only) | Corporate SMTP, SendGrid |
SMTP Host | Hostname or IP address of your SMTP server | smtp.gmail.com, mail.example.com |
SMTP Port | Port number for the SMTP connection | 587 (STARTTLS) · 465 (SSL) · 25 (plain) |
Use TLS | Enable STARTTLS — recommended for port 587. Default: on | On for port 587 |
Use SSL | Enable direct SSL — required for port 465. Mutually exclusive with TLS | On for port 465 |
IMAP Settings (optional)
The IMAP section is collapsed by default and is optional. Fill it in only if a module needs to read incoming email (e.g. for reply-based workflows).
| Field | Purpose |
|---|---|
IMAP Host | Hostname of the IMAP server |
IMAP Port | Usually 993 (SSL) or 143 |
IMAP Use SSL | Enabled by default — keep it on for port 993 |
Step 2 — Add a Mail Account
Go to App Conf → Mail Accounts → Add
(/secboard_admin/app_conf/mailaccount/add/).
| Field | Purpose |
|---|---|
Server | Select the Mail Server created in Step 1 |
Username | The sender email address (also used as SMTP login) |
Password | SMTP password — stored encrypted in the database |
User | The Django user who owns this account (defaults to the first superuser) |
Active | Only active accounts are used by modules that pick the "first active account" |
Verify with "Send test email"
After saving the account, go back to the Mail Accounts list, select the new account's checkbox, choose "Send test email" from the actions dropdown, and click Go. The system sends a plain-text test message from the account to itself. Check the inbox to confirm delivery.
Step 3 — Assign Accounts to Features
Several places in the platform need to know which account to use for sending. Configure each one that applies to your deployment:
| Feature | Admin path | Field to set |
|---|---|---|
| System default — fallback sender for any module with no specific account | App Conf → Site Settings |
Default From Email |
| User invitations / magic-link login | App Cabinet → Cabinet Settings |
Mail Account |
| Contact form auto-reply | App Conf → Contact Settings |
Auto-Reply Email Account |
| Risk report emails | App Risk → Risk Report Email Config |
Mail Account |
| Access request notifications | App Access → Email Notification Config |
Mail Account |
Active and that it is the one you want these features to use.
Contact Form Auto-Reply
In App Conf → Contact Settings → Auto-Reply Settings:
- Toggle Enable Contact Auto-Reply to send an automatic acknowledgement when a visitor submits the contact form.
- Set Auto-Reply Email Account to the Mail Account that should appear as the sender.
- Customise Auto-Reply Subject and Auto-Reply Body
using the
{name}and{subject}placeholders.
# Example subject
Thank you for contacting {subject} support, {name}!
# Example body
Dear {name},
We received your message "{subject}" and will get back to you within one business day.
Best regards,
The SecBoard TeamRisk Report Emails
In App Risk → Risk Report Email Config
(/secboard_admin/app_risk/riskreportemailconfig/):
- Send Email — global on/off switch for all risk report emails.
- Use Default Email Settings — when enabled, Django's default sender
is used; when disabled, the
Mail ServerandMail Accountfields below it take effect. - Default Subject / Body — template text for report delivery emails.
Use the "Send test email to me" action in that admin list to verify delivery to your own address.
Individual Scheduled Reports can override the global config with their own
Mail Server and Mail Account fields.
Access Request Notifications
In App Access → Email Notification Config
(/secboard_admin/app_access/emailnotificationconfig/) you can create
one or more notification configurations (with priority ordering) that control:
- Which events trigger an email (request created, status changed, admin status changed)
- Who receives the notification (owners, administrators, requester, approver, third-party)
- Which Mail Account to use for sending
- Optionally, custom HTML email templates per event type
- Scoping to specific companies or information systems
Email Log
Every email sent or received through SecBoard is logged in App Conf → Emails
(/secboard_admin/app_conf/email/). Each record shows the account used,
sender, recipient, subject, body, date, and read status. Use it to troubleshoot
delivery problems.
Setup Checklist
| # | Task | Admin path |
|---|---|---|
| 1 | Create a Mail Server with SMTP host, port, and TLS/SSL | App Conf → Mail Servers → Add |
| 2 | Create a Mail Account linked to that server | App Conf → Mail Accounts → Add |
| 3 | Run "Send test email" on the account and check delivery | App Conf → Mail Accounts → (select) → Action |
| 4 | Set Default From Email in Site Settings | App Conf → Site Settings |
| 5 | Assign the account to Cabinet Settings (invitation emails) | App Cabinet → Cabinet Settings |
| 6 | Configure Contact form auto-reply (optional) | App Conf → Contact Settings |
| 7 | Configure Risk Report Email Config | App Risk → Risk Report Email Config |
| 8 | Create Access Notification Config(s) for access workflows | App Access → Email Notification Config |
Next Steps
Roles & Permissions
Define roles and invite your team members with the appropriate access levels.
SSL & Reverse Proxy
Secure your installation with HTTPS and configure Nginx or another reverse proxy.