Any opinions and advice about running Citadel? -- server specs, disk space, RAM, security, and general experiences? Thnx.

I use a Linode 360 running Citadel to handle mail for several domains. Haven't had any problems with it.

up and running just fine. it was easy, and works great.

Did you guys just follow the instructions on the wiki on how to get it running? I did, and citadel runs, but I can't seem to get any mail outside.. it just doesn't arrive.

Is there more things to set besides that stuff? I'm using ubuntu 9.04.

You can't send mail, or can't receive it?

Can't send mail.. and I get this ni the outbound smtp queue view:

XXXXXX@gmail.com
4.7.0 [67.18.XXX.XXX] Our system has detected an unusual amount of

Any ideas?

GMail has detected an unusual amount of. Ask them.

Actually, it seems that they're taking my mail as junk. I've set the proper mx records and smtp subdomain to point at my linode, not sure why this is happening..

anyone had this problem before?

Are your messages particularly "junk-like"? (HTML, particularly with embedded images, or using an address from a different domain than your server, etc...)?

Do you have your DNS PTR record (the "Reverse DNS" section on the network tab in Linode Manager) set up to properly translate the IP address of your Linode to its forward (A) record hostname. If that doesn't match, it might be taken as a strong indicator of spam.

Also, if you don't have it already, adding an SPF record to DNS for the domain sending the message may improve your odds - it can provide a stronger indication that your Linode is authorized to send mail for that domain.

-- David

So the reverse DNS have to match the domain? Right now, the IP is already being used for another .com.. and I'm trying to send mails using a second .com.

Do I have to set up a second linode, or should I just get an extra IP for my current linode? I wonder if Citadel supports something like this..

SPF is another matter I have to attend to I guess, but yeah.

Yes:
http://www.google.com/search?q=gmail+re ... +amount+of

I would check the most obvious explanation - have you been sending an unusual amount of unsolicited email to gmail users? You can check your logs, or if it is a new IP for you then you can check it against spam databases and see if it has a bad history.

Ideally, your rDNS should match up with an A record and also match the HELO name of your email server. Not everyone checks for all these to agree though, so YMMV.

You do NOT need a separate IP address for every domain you want to send mail from. The sending domain need not match the hostname of the server. In other words, you could send mail from user@example.com using a host named something.linode.com. You would want to set your SPF record appropriately, but in general this is a normal and accepted situation.

I use debian 5.0 and Citadel configured per the linode library instructions and a PTR record for my IP that reflects the domain Citadel is sending mail from. Gmail accepts messages from my server every time, but would not until I configured reverse DNS.

"have to" is a bit strong, but yes, if they don't match you have significantly increased the odds your mail may be identified as spam, depending on the destination provider. From the receiving server's perspective, your current configuration appears identical to a random Internet host trying to originate mail on behalf of some other server/domain (which is, after all, what you are doing, albeit legitimately).


A second IP could certainly work, if you aligned its A and PTR records for the domain in question, but certainly doesn't scale very well.

An SPF entry should help alleviate the issue with the PTR record, since it's designed to say "host www" is permitted to send mail on behalf of domain "xxx.yyy". So if your forward A lookup matches your PTR for your mail host (whatever the domain), and you have an SPF indicating that mail host can send mail for the other domain in question, you're more likely to be trusted.

-- David

Awesome, thanks for the answers. I still feel a bit confused though..

What do you mean with:
"A second IP could certainly work, if you aligned its A and PTR records for the domain in question, but certainly doesn't scale very well. " ?

I have a lot of .coms and I want to do something like providing an email forwarding service eventually...

The thing is, since I only have one server (and that means one hostname), this means that all those systems trying to match the domain's .com to my hostname won't work would it? (namely, reverse DNS, and my hostname set under linux)

I'm setting my SPF record like this (based on godaddy's wizard):
v=spf1 mx mx:67.18.XXX.XXX -all
(where the above is my linode IP).

Is that enough?

Just that each individual IP address can have it's own reverse lookup (PTR), so if you have two addresses, each could be dedicated to a different domain. But you'd need a different address per domain (you can only have one PTR for an address), so it doesn't scale to something like:


This case


I'm pretty sure that the "mx:" prefix is for domain names (it approves all MX servers for those domains) and not IP addresses. For that I think you want an "a:" prefix. Of course, if your Linode's 67.18.XXX.XXX address is in fact the MX for the domain in question, your earlier "mx" takes care of it already.

You might also want to start with ~all, which is a soft failure, progressing to -all (hard failure) if things are good. There's some debate about using -all (in lieu of ?all), since there's a small risk that an SPF check occurs somewhere other than at the external boundary where it's supposed to be applied (e.g., right after your server hands it off) and may incorrectly get bounced, but nowadays I think you should be fine.

You might want to take a peek at http://www.openspf.org for further resources. It can also help you create an SPF, as well as test one that you have published.

Also, with respect to GMail, if you view full headers you can find the SPF check header GMail adds, along with the determination it made.

-- David