So, anyone here administrating/deploying Google Apps for their clients? Primarily, (g)mail?

I'd like to migrate email solutions for my clients to Google Apps, but I'd like to do that with minimum hassle for the clients. Most are small businesses that really don't need Google Apps for Business, ie. have less than 10 users, and they don't use Google Docs or any of the other fancy cloud stuff provided by Apps.

So I have several options:

1. Maintain a forward only MTA and forward to their gmail accounts. Easiest to setup, but fails on SPF (my MTA IP is checked against sender domain SPF = fail). I looked into remailing but that doesn't seem like viable alternative (envelope sender rewrite with Postfix = GAH!).

2. Use Gmail's fetch mail (and maintain domain/inbox/POP3 accounts on my MTA). I'm currently using this solution, and I have a boilerplate HOW-TO guide for clients which they all seem to follow just fine. The only drawback is some complain about the delay overhead.

This option is better than, and not really the same as running my own solution because Gmail still applies superb spam filtering and web based interface (which are basically the only* reasons I'm migrating, as opposed to maintaining cpanel, webmin, whatevermin, whateverwebmail, spamninjaassassin with Bayes-whatever-imap-HAL-What-are-you-doing-Dave nightmare, etc...). Supplying a really strong POP3 password once and with SSL (for gmail -> my POP3 communication, not user -> gmail) is really much more secure than the weakest link: their own weak gmail passwords which they almost certainly reuse everywhere else.

3. Use Google Apps and with that Google's MX. Cleanest solution, but toughest to set up. I can't expect them to create their own accounts and maintain them (the google apps accounts, aside to their gmail accounts), and they're not paying me enough to do that for them (and they refuse price increase).


Thoughts? Advices?


*) EDIT: Actually the third reason is outgoing mail from my MTA still tends to end up in junkmail on Yahoo and Hotmail, even some local ISPs, in spite of the 2-year clean record (never been blacklisted) of the MTA's IP.

Most of my clients use google apps, using option 3.

If they don't need the business account, then they can't have many email accounts so they won't need to worry about learning to create them, it's not hard for you to create it for them you can do it in 10 minutes, if they need more help than that and they're not willing to pay push them towards google's self help tools they're not bad.

Google apps tends to be a setup and forget solution, takes a few days to setup and migrate mail (yay for dns propagation) once it's up and running there's no need to log in. The last time I did any admin work on there was to disable an account for someone that got fired.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I'm using option 3. I even switched the DNS of one of my domains off of Linode and back to my domain registrar, and there wasn't any hiccup aside from emails not going through for a couple hours because I had a dyslexic moment adding the MX record to the registrars DNS (stupid TXT records!).

Probably the hardest part was waiting for the Google-provided DNS records to propagate. As long as you're careful to follow the setup, it's quite easy. If they won't do it themselves and you're going to insist that they pay you to do it, tell them it's a small one-time fee. You can then tell them that they can pay you per support request, include on flat support rate, or use Google's self-help.

One last thing is to add the SRV and DKIM records to the DNS.

_________________
Kris the Piki Geeker

FYI I use linode's DNS and yes Piki makes a good point setting up DKIM is a good idea (and easy) also SRV records for google talk if they want to use it outside of their domain

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

You don't have to, whether or not to use Linode's DNS is purely a matter of personal choice

_________________
Kris the Piki Geeker

Clients that aren't willing to pay for services rendered aren't clients, they're freeloaders and your business would be way better off losing them.

Explain the reason to migrate to Google Apps, create a usable "howto" for simple user management in Google Apps (mainly just pointing to the existing Google Apps help, and perhaps a step-by-step example), include a price list of your services if they don't want to manage it themselves, and be done with it.

Even in this economy, letting pinch penny clients coast just isn't worth it. Your time is valuable, if your clients don't see that, why are they still your clients? Use the time you gain from cutting off the freeloaders to find PAYING clients.

Same here. In my case, it's for our franchisees (each of whom gets a subdomain of our main domain for email).

I handle all the DNS for the accounts, and I've found that if you establish the DNS MX records in advance of configuring the Google Apps account (and just say you'll "do it later" during the initial dialogs), it'll notice on its own and enable email without any further actions, so no explicit or separate verification steps needed.


My problem in recent history is that Google has become more annoying about injecting security verifications when you get to the stage of creating user mailboxes in a Google Apps account. I've run out of phone numbers to use since they block them after a few uses. Not sure what rules Google uses to control this.

So it looks like in future cases I can do the basic account setup (which is still a big win for the typical franchisee) and the initial admin account, but will have to leave the per-user mailbox creation to the franchisee. Not a killer, but it was nicer when I could also create the first few mailboxes for them.

-- David

Thanks for all your replies.


@Piki

Good point, I totally forgot about DKIM!


@ vonskippy

I hear ya.