Hi!

I have successfully installed a few web sites at my Linode, with 5 or 6 different domains. It worked!

Now I need some basic processing of emails:

- My web server should be able to send emails. I have a newsletter system installed that would some 2000 emails to clients once in a while.

- I need to have email alias associated with my domains. For example, itsme@mydomain.com should be redirected to itsme@gmail.com.

I don't need to store emails, to filter spam, etc. I just need to redirect emails and be able to send emails from a web server.

Could you please give me a hint on how to do this the simplest way?
I've read about Postfix and Google Apps. Is this the way?

Thanks a lot!

I was going to suggest postfix before even reading thats what you thought.

I have postfix in a very basic config, using a static virtual file to forward stuff to google. I do have zen.spamhaus.org as a blacklist, because google seems to have a harder time catching spam that i forwarded, and this is a very cheap solution.

If you use Google Apps, you don't even need Postfix. You can just sign up at Google, add some MX records in your DNS Manager, and have your emails delivered directly to Google's servers.

If you do choose to forward the emails using your own server, make sure that you catch all the spam before sending it off to Google servers. Not only is Google rather bad at catching "forwarded spam" as mwalling said, but you also run the risk of having your IP blacklisted by somebody if spam habitually gets routed through your machine.

In this case (which sounds simpler), can my web server (I'm using Zope) send emails by just pointing to Google's servers? That sounds really simple and suited for me...

I'm thinking on doing that. I'm currently using a company to host my email as they have a feature which I depend 100% and is the use of regular expressions to forward email to email boxes based on the TO or CC or BCC.


is there a way to that with Postfix and let me use use regular expressions on the TO of an email so I can forward email to the google email boxes?

This is what I'm looking:

If email_TO = Regular_Expression_1 then forward to google_emailbox_1

If email_TO = Regular_Expression_2 then forward to google_emailbox_2

If email_TO = Regular_Expression_n then forward to google_emailbox_n

Any info is appriciated.


Thx

In the outbound case, there's really no need to use anyone else's servers for forwarding. Unlike, for example, a typical home connection where ISP filtering often requires you use your provider's smart SMTP relay host (or a secured external gateway like Google), your Linode is a fully functioning internet host that can directly connect to any receiving mail gateway that may be needed to deliver a message.

After installing a local MTA (mail transfer agent), such as Postfix, it can take care of all the details of transmitting outbound messages, in terms of DNS lookups to identify the appropriate recipient host and actual transmission of the message. The default configuration (which you should check) will probably limit trusted clients ("mynetworks" for Postfix) strictly to localhost, so you won't be exposing an open relay to the network, though you can also filter inbound traffic to port 25 or instruct the MTA not to listen for outside connections ("inet_interfaces" for Postfix) if you want outbound only.

Messages will queue up locally, and then be delivered directly to the target system (depending on where DNS says to deliver each destination). Additionally, you'll have the benefit of a local mail queue (see the "mailq" command) for messages that are delayed or temporarily refused so you have more visibility into the state of outbound mail.

From an application's perspective, just have it use local services to generate the mail (e.g., your localhost is the smart host). This can either be by sending messages through a local "mail" or "sendmail" process, or by setting "localhost" as the SMTP gateway.

Outbound and inbound mail are distinct operations, so you can still choose to have some other machine responsible for receiving/storing inbound messages, as in previous responses. Outbound messages can be sent directly, while you control what happens in the inbound case through the DNS configuration for the domain used in the email address(es) involved.

This takes longer to write about than to actually do. Not sure of your distribution, but with Debian/Ubuntu for example, after installing postfix you'll be asked for a configuration type. If you pick "Internet site", and enter your host name, you can take the defaults for the other questions and you're done. Just point your Zope app at localhost and set Zope to use appropriate email address(es) and domain(s). There's plenty of knobs in the configuration that you can later investigate, but your initial config will be fine and won't allow relaying through your host.

-- David

PS: As an aside, in terms of simplicity, sending mail through Google isn't necessarily all that simple - it requires a secured connection and you have to authenticate with a valid Google account, which you then have to decide how to store securely in your application. Not massively difficult, but probably not quite as simple to configure as a local SMTP server.

Something not touched on is the performance benefit for your application when talking to a local SMTP server that can accept the mail almost instantly, and having to establish a connection to a remote host, that may or may not be reachable (meanwhile likely blocking the web request).

If you depend on sending out a lot of email for your application, I'd configure a local SMTP. I've seen mentionings of ssmtp, but I've never used it (postfix is simple enough IMO)

Thanks, David, and thanks everyone else!

You are right. It took me one minute to configure it:

1- apt-get install postfix
2- Select "Internet site"
3- Set my machine name
4- Go to Zope and write localhost as the mail server.

And that's it!

Now, I'll go for the DNS changes for inbound mail with Google Apps. Seems easier than taking care of spam servers, etc.

Thank you very much for your help, all of you.
David

Oops. That's not it.

I can send mail from the shell using

Zope needs a From address. I have domain1.com (and others) pointing to my Linode, so that web pages for domain1.com (and others) are served from it. I'm using contact@domain1.com as the "From" field for the domain1.com site. However, the mails sent from here don't reach their destination.

If I use a different email address from a different domain (which is managed elsewhere), say, contact@domain2.com, for the "From" field, then the mails Zope sends do reach their destination. I guess that in this case the email address is validated by the mail server "elsewhere". Is my guess correct?

So, what should I do so that contact@domain1.com is considered a valid address and Zope can send emails with it?

Here is my guess, please tell me if I am right: I need to create contact@domain1.com at Google Apps and then go to Linode "DNS Manager" and set some Google's server as the MX server. Right now I have "mail.domain1.com" as the MX server, which I haven't defined anywhere.

Does this mean that the Postfix solution for outbound mail needs the Google Apps patch?

Hmm, do you get bounces for the messages and/or see any errors in your /var/log/mail.log file? If you're dealing with the same destination, it sounds odd that the second domain works but the first doesn't, since if anything else I'd expect checks on the destination side to fail more clearly in the second case. Does your mail from domain1.com fail to all destinations or just some?

Historically, a target server permitted the mail to arrive from anywhere as long as its destined for a locally deliverable user. But with the problems of spam, email relaying, and source address forgeries, servers may apply various techniques to attempt to validate the source of a message. I think all of them are subject to inaccuracy, so I'm not sure how prevalent rejections are (which risk false positives - even Google just adds an SPF header indicating its status, but doesn't actually reject a message if a domain has no SPF information in DNS).

But it's something under the control of the remote server, since it can choose whether to accept the message, so in theory anything can be done. Some mechanisms, like SPF, are controllable by you putting entries into DNS under the domain in question specifying which servers are permitted to generate mail on behalf of that domain.

But the majority of the checks I can think of that might fail for your domain1.com case would also fail for domain2.com since that's not something that maps to your server either.

That includes the possibility of bad luck of having your Linode's public address happen to be on a black list (email servers can subscribe to lists of addresses previously identified as an open relay). But if both of your tests were to the same destination server, then you'd have gotten blocked both times. BTW, you can run a check on your IP address against the major blacklists at http://www.anti-abuse.org/multi-rbl-check/ and if you happen to have gotten one, I believe Linode will allocate you a new address.



It depends on how the remote domain is performing its validation, which hopefully an error response or bounce message might indicate. Even if you don't receive a full bounce message, the status in mail.log (look for the "status=" field at the end of the final delivery log message) ought to have a textual message along with any failure code. Unless the receiving domain accepts the message cleanly, but still later drops it on the floor, which would be annoying.

At a minimum, it wouldn't be a bad idea to ensure that the domain1.com hostname used in the outbound messages have a DNS A record that maps to your Linode. That should help assure a destination server doing checking that the return address represents the actual host sending the message.


The MX records are primarily for inbound service, and it's very common they are are different than servers used for outbound mail. So while not impossible, I'd be surprised if the MX was the problem (providing that the A record is accurate). Of course, it wouldn't hurt to have the MX record refer to a name that can be resolved through DNS.


Not sure what the "patch" is, but no, I believe your outbound solution should be (or certainly can be) independent from how you decide to handle your inbound mail.

-- David