Configuration of Oracle Cloud Email Delivery Service for Emailing with APEX

Configuration of Oracle Cloud Email Delivery Service for Emailing with APEX

Matt Mulvaney's photo
Matt Mulvaney
·

4 min read

There are similar blogs on this subject, however this one gives you:

  • Up to date OCI steps, as of 2024 & APEX 23.2

  • A separate OCI User dedicated to email sending

  • Separate OCI Group & Policies for Email Management

  • Custom Domain configuration with DKIM & SPF

  • Cloudflare / DNS Configuration

  • Configuration of the Email Server in APEX Instance Settings

  • Testing of Emailing with APEX

Steps

The following steps steps are required

Create a Group, Policy, User & SMTP Credentials

  1. Search for Groups

  2. Click Groups > Create Group > Email-Senders

  3. Search for Policies. Click Services > Policies

  4. Click Create Policy

  5. In the Name, type Email-Senders-Policy

  6. In the Description, type Email-Senders-Policy

  7. In Policy use cases select Email Management

  8. In Groups, select group Email-Senders.

  9. In Location, Select Root

  10. It should look like this

  11. Click Create

  12. Search for Email and click on Services > Users (yes. Users, not email)

  13. Click Create User

  14. Create a User with these Details

  15. Click on Groups > Add User to Group > Email-Senders and Click Add

  16. Click on SMTP Credentials

  17. Click Generate SMTP Credentials and complete the form as below

  18. Click Generate SMTP Credentials button

  19. Copy both the Username and Password to your password manager

  20. Click Close

Configure Email Delivery

  1. Search for Email and click on Services > Email Delivery

  2. Click Create Configuration

  3. Copy the details displayed to notepad

  4. Click Email Domain > Create Email Domain

  5. Enter your Domain Name and click Create Email Domain

  6. Click Add DKIM

  7. Step 1: Enter a DKIM Selector of your prefix-tenancy-yyymm e.g luf-leedsunited-202401

  8. Step 2: Click Generate DKIM Record

  9. Step 3: Copy the CNAME Record and CNAME Values to notepad

  10. Click Create DKIM

  11. Add the following CNAME record to your DNS setup for your Domain. Here is a picture from my Cloudflare dashboard. IMPORTANT: If using Cloudflare, the Proxy Status needs to be off . i.e as per the picture below and not orange.

  12. Create a TXT with the value from this link for your region. e.g. I'm choosing the europe link below.

  13. Back in OCI, it'll look like this

  14. Make a cuppa ☕ whilst everything propagates. It's a lovely day out there 🌤️

  15. Move to the next step when DKIM in OCI looks like this...

  16. Move to the next step when SPF in OCI looks like this...

  17. Click Approved Senders > Create Approved Senders

  18. Create a Sender Email address, e.g

  19. Click Create Approved Sender and check the email was created correctly

Configure APEX

  1. Log on to Internal Workspace in APEX

  2. Click on Manage Instance > Instance Settings > Email

  3. In SMTP Host Address type in the Public Endpoint you noted from the Configuration Step earlier e.g smtp.email.eu-frankfurt-1.oci.oraclecloud.com

  4. In SMTP Host Port type in the Port you noted from the Configuration Step earlier e.g 587

  5. In SMTP Authentication Username type in the Username you copied when you created the SMTP_USER e.g ocid1.user.oc1..aaa

  6. In SMTP Password type in the Password you copied when you created the SMTP_USER e.g EllandRoad

  7. Enter the Password again into Confirm SMTP Password

  8. Keep the TLS setting as After connection is established or as otherwise advised in the Configuration Step earlier

  9. In Default Email From Address enter the Approved Sender email address

Testing APEX

  1. In APEX Create a simple Send E-Mail Process to test email. Configure as below, however use a From Email Address as the Approved Sender email address

  2. Create a Button to submit the page.

  3. Run the page, click the submit button

  4. Check in Internal Workspace > Manage Instance > Mail Queue

  5. Check your email. Check your spam too.

Troubleshooting

Below are the typical issues encountered setting this up

  1. Cloudflare Proxy needs to be off otherwise the DKIM Signing Status will never turn to Active

  2. ORA-29279: SMTP permanent error: 535 Authorization failed: Envelope From address not authorized. This was due to the Policy not been in place and assigned to the email-senders group

  3. ORA-29278: SMTP transient error: 421 Too many auth failures, try again later or SMTP permanent error: 533 Authorization failed: Envelope from address <address> not authorized can be attributed to not adding the SMTP_USER to the Email-Senders Group. Try adding the user to the group, then wait about an hour for the 421 error to go away and try again.

ENJOY!

Of course, I don't' manage the cloud account for The Peacocks. It was just a simulation.

What's the picture? It's St. Andrews Church at Blubberhouses. Yes, there is an actual place called Blubberhouses. Visit Yorkshire!

orclapexOCIemail