mail hosted at Google, web server elsewhere

This post aims to cover two sets of questions that frequently appear on Serverfault:

“I have the email of my organization hosted at Google and the web server at a hosting provider. When the web server sends email (when a form is completed for example), email is received by everyone except when the recipient is in our domain. Then sendmail tries to deliver locally and not over at Google”. Or, “certain recipients, including Google, reject email from the web server (or servers withing our LAN) as spam”.

There are answers at Serverfault recommending the use of ssmtp in order to forward all sending email via Google, but this requires SMTP authentication and a password saved in a file.

For the purposes of this post the domain example.com will be used.

Configure SPF for example.com

SPF is framework that allows the domain name owners notify the world who they believe the appropriate servers sending mail on behalf of their domain are. Google support pages note that the SPF record should at least be in the form of v=spf1 include:_spf.google.com ~all. However, it is also needed that server.example.org be able to send email on behalf of example.com. So the appropriate record becomes:

v=spf1 a:server.example.org include:_spf.google.com ~all

Note: example.org is not the same domain as example.com

Configure sendmail for server.example.org

example.com is included in /etc/mail/local-host-names, which means that server.example.org treats this a local domain and will try to deliver locally, instead of Google. The following additions to the sendmail configuration file (sendmail.mc) take care of this:

LOCAL_CONFIG
Kbestmx bestmx -T.TMP

LOCAL_RULE_0
R $* < @ example.com. > $*
    $#esmtp $@ [$(bestmx example.com. $)] $: $1 < @ example.com. > $2

The line is broken in two for readability. As always remember that the LHS and the RHS of the rule are separated with tabs and not spaces. So do not copy-paste. Build and install sendmail.cf, restart sendmail and check.

I would welcome additions on how the same can be achieved with postfix or exim.

Never press the “Send” button

This is one of the most useful pieces of advice ever given to me, and it happened 15 years ago:

– Never press the “Send” button when you are angry. Get up from your chair and take a walk instead.

15 years ago I pressed the button. Then N.P. came to me with the advice above. Thank you N.P.

How to install Zimbra with Operating System in less than an hour ..

After reading my “Installing Exchange 2010 SP1 on a Windows 2008 R2 – A typical installation” post, @nzaharioudakis responded:

Got lost already. #Zimbra would end up in 40-50 min including a fresh OS install. Thnx 4 noticing

I asked Nikos whether he could write up a similar Zimbra guide. And so he did!

– How to install Zimbra with Operating System in less than an hour ..

Thank you Nikos.

Installing Exchange 2010 SP1 on a Windows 2008 R2 – A typical installation

The complexity of Exchange makes even the typical setup a long (and laborious if done for the first time) task. But with a little bit of help from “Exchange 2010 – A practical approach” (thank you XLA for this), a bit of guesswork and the installer of Exchange itself these are the steps that worked for me:

Install Windows 2008 R2 64bit on the machine. Remember, Exchange 2010 does not run on 32bit.
Install all operating system updates.
Via the Features wizard add .NET 3.5.
Download and install the ASP.NET Ajax extensions.
Download and install the Office 2010 Filter Pack.
Check Windows Update (again).
Although it is recommended that the Exchange Server is not installed on the Domain Controller, this is not a luxury I have in the current setup. Run dcpromo then.
Install the following hotfixes from Microsoft:
- 979099
- 982867 (Download the Windows 7 64bit version)
- 979744
- 983440
- 977020
Check Windows Update (again).
The ISO image for the Exchange 2010 SP1 is bigger than the typical DVD disk. WinCDEmu to the rescue. Mount the image and copy its contents to a USB stick. Use this to install Exchange.
Prepare the server for a typical setup. Change to the SCRIPTS directory and via the command line issue ServerManagerCmd.exe -InputPath Exchange-Typical.XML.
Run SETUP.EXE to start the Exchange installer. If there are any prerequisites missing the installer will inform you about them. You can stop the process, install the missing components and then run SETUP.EXE again. It will give you the option to continue from where you stopped the previous time.
I chose to perform a typical install, allowed the installer to automatically install any needed server roles and features and chose not to split the administration groups for Exchange and Active Directory since this was a relatively small installation.
Check Windows Update (again).

Thanks to Catastrophic Failure, for a set of notes that I’ve kept from a course she’s given on the subject reduced my installation time.

If you have any questions / suggestions that will help refine this document, please do so in the comments.

An alternate take:

Due to an 8007EE2 windows update error, I performed the following steps:

Install Operating System
Install ASP.NET Ajax extensions
Install the Office 2010 Filter Pack
Install Windows 3.5 .NET
Install the hotfixes
Run DCPROMO
Run ServerManagerCmd -InputPath Exchange-Typical.XML
Run the Exchange installer
Perform updates afterwards. Be careful to include non-operating system updates too.

c-client callbacks

* This is mostly for personal copy-paste reasons

Those who take the time to develop applications using UW-IMAP (or Panda IMAP) know that there are a number of callbacks that need to be defined. What follows is the simplest (do nothing) version of them.

#include "c-client.h"

void
mm_flags(MAILSTREAM *stream,unsigned long number) {
}

void
mm_status(MAILSTREAM *stream,char *mailbox,MAILSTATUS *status) {
}

void
mm_searched(MAILSTREAM *stream,unsigned long number) {
}

void
mm_exists(MAILSTREAM *stream,unsigned long number) {
}

void
mm_expunged(MAILSTREAM *stream,unsigned long number) {
}

void
mm_list(MAILSTREAM *stream,int delimiter,char *name,long attributes) {
}

void
mm_lsub(MAILSTREAM *stream,int delimiter,char *name,long attributes) {
}

void
mm_notify(MAILSTREAM *stream,char *string,long errflg) {
}

void
mm_log(char *string,long errflg) {
}


void
mm_dlog(char *string) {
}

void
mm_login(NETMBX *mb,char *user,char *pwd,long trial) {
}

void
mm_critical(MAILSTREAM *stream) {
}

void
mm_nocritical(MAILSTREAM *stream) {
}

long
mm_diskerror(MAILSTREAM *stream,long errcode,long serious) {
}

void
mm_fatal(char *string) {
}

A Unix guy dives into MS Exchange 2010

Here are a two starting points:

Exchange 2010 – A Practical Approach. Thank you XLA for locating this.
Microsoft Exchange Server 2010 Administrator’s Pocket Consultant. Easily the “bat book” equivalent for Exchange.

re: See the Messages that Matter

After reading Facebook’s blog on Messages, I thought I should write down some thoughts:

“Messages is not email. There are no subject lines, no cc, no bcc, and you can send a message by hitting the Enter key. We modeled it more closely to chat and reduced the number of things you need to do to send a message. We wanted to make this more like a conversation.”

Initially I thought of write(1). This feels like unix communiation (ytalk, irc, etc) done the Web 2.0 way. Or as some pointed out on twitter, like Wave without collaboration tools.

As for the Social Inbox, this is an implementation of a concept similar to Gmail’s Priority Inbox. Messages from people I know go into the Inbox, the rest go to the Other Inbox. Pretty simple classification mechanism (and quite effective).

“We are also providing an @facebook.com email address to every person on Facebook who wants one. Now people can share with friends over email, whether they’re on Facebook or not.”

Messages is not email, but it builds a walled garden. And like I once read (and frequently repeat) in the Internet walled gardens are doomed to communicate via SMTP.

The other side

Δεν έχω συχνά την τύχη να βρίσκομαι μαζί με αρκετό κόσμο που δουλεύει με τον Exchange. Όταν όμως συμβαίνει αυτό, πάντα φεύγω έχοντας μάθει κάτι παραπάνω, όπως π.χ. την ύπαρξη των παρακάτω “ποστμαστερικών” blog που αφορούν κυρίως το συγκεκριμένο εργαλείο:

Παιδιά! Έχουμε mail;
Catastrophic Failure – Ιωάννα Βάθη (στα Αγγλικά)
Catastrophic Failure – Ιωάννα Βάθη (στα Ελληνικά)

Please do not mix CNAME and MX RRs

From time to time I observe the following email setups, from web hosting providers mostly:

$ host -t mx example.com
example.com mail is handled by 5 mail.example.com.

$ host mail.example.com
mail.example.com is an alias for www.example.com.
www.example.com has address 192.0.2.2

In other words this is a single server that provides web and mail services, The devil is in the details though: mail.example.com is an alias for http://www.example.com. This is a mistake as when something is declared as a CNAME, it cannot have other resource records bound with it. I copy from DNS for Rocket Scientists:

CNAME RRs cannot have any other RRs with the same name, for example, a TXT – well that was true until DNSSEC came along and in this case RRSIG, NSEC and certain KEY RRs can now occupy the same name.

So the above setup is wrong. The correct setup would be the following:

$ host -t mx example.com
example.com mail is handled by 5 mail.example.com.

$ host mail.example.com
mail.example.com has address 192.0.2.2

$ host www.example.com
www.example.com is an alias for mail.example.com.
mail.example.com has address 192.0.2.2

That is if you want to use a CNAME at all. Personally I am using A RRs instead of CNAMEs whenever possible. But why cannot a CNAME carry any other information? I copy from RFC1034 (section 3.6.2):

A CNAME RR identifies its owner name as an alias, and specifies the corresponding canonical name in the RDATA section of the RR. If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. This rule also insures that a cached CNAME can be used without checking with an authoritative server for other RR types.

So please people, correct your defaults. Your clients will benefit from that.

“Yahoo.com hates us. Suggestions”

There’s an interesting thread (“Yahoo.com hates us. Suggestions“) over at the mailop mailing list. I’ve encountered almost every behavior from Yahoo! Mail servers that is documented there. Unfortunately the mailop archives are not open to the public, so you need to subscribe first.

In our case, when we deal with Yahoo! Mail delivery problems, it is almost always a case of infected machines (sometimes even a handful) sending spam …everywhere. So whenever we observe long delays while delivering to Yahoo! Mail or many many messages waiting to be delivered, we always seek for the infected. Thanks to feedback loops that are implemented by the (really) big email hubs, we also get early warning on such matters. As a matter of fact, Yahoo! Mail also runs a feedback loop, but it requires DKIM, and since we’ve stopped using DKIM (dkim-filter crashed frequently on our systems) we rely on the rest of the loops to be kept …in the loop. It seems to be working OK so far.