[Wayback/Archive] Use GMail as secondary/fallback MX for self-hosted mail server? : selfhosted
I would like to set up a secondary MX to make sure my emails will never get lost because of connectivity issues.
Can I abuse GMail for that? Or are there any other ways?
โฆ
Also look at Amazon SES, I believe you should be able to setup it as your secondary MX and it will fit your needs. https://aws.amazon.com/ses/pricing/
Also be forwarned while I donโt consider hosting your own email extremely complicated, many seasoned IT professionals canโt seem to figure it out. You need to have a good understanding of the fundemental concepts of email or everyone else will flag you as spam.
[Wayback/Archive] Amazon Simple Email Service Pricing | Cloud Email Service | Amazon Web Services
โฆ
Yes OP, dealing with spam and not getting blocked is the main problem. Definitely do SPF and DKIM. Use RBLs and greylisting. Otherwise youโre gonna have a bad time.
โฆ
10 Years ago I would have agreed totally, but lately greylisting is becoming harder since more and more people are using companies with large email infrastructure (google, amazon, microsoft), and the retries seldom come from the same server (or even IP range) as the first try, heck, sometimes the retry might be over IPv4 instead of IPv6.
Right now I only greylist email that soft failed SPF (or any other check that might indicate the mail is wonky, but didnโt trigger a hard fail).
โฆ
There is a free backup MX service that you can use, note that they use inbound requests to help train their spam filtering service.
This is an interesting implementation as they do a call forward to your server and if your server is online they return a temporary failure so the sender knows to retry and will hopefully hit your main server. Only if your server is offline will they actually accept mail.
No affiliation, in fact Iโve butted heads with the operator a few times, but it does what it says on the label.
โJunk Email Filterโ was started by Marc Perkel who passed away summer 2018 [Wayback/Archive] Remembering Marc Perkel ยซ Dvorak News Blog, so be aware there might be risk involved using the service (which could be a lot less risk than running all your mail servers by yourself):
- [Wayback/Archive] Junk Email Filter Spam Blocking Service: Free MX EMail Server Backup Service
โฆ All you have to do is sign up, change your MX records, and itโs ready to go.
Hereโs how it works. Suppose your domain is โexample.comโ and your MX record is โmail.example.comโ. You would add two more MX records as follows:
mail.example.com 10mxbackup1.junkemailfilter.com 20mxbackup2.junkemailfilter.com 30โฆ
Implementation Details
In order for this to work we have to see our backup server in your MX records. DNS propagation often take several hours and because of that this service canโt be used immediately upon changing your MX records. You should wait for several hours before testing.
Additionally we do forward callout testing to make sure your server is actually down and we donโt pass email if your server is running. The reason for this is that we donโt want to be a back door spam source for your domain. So if your server is running we will return a 4xx error so that email will retry to your server.
โฆ
Our system is not compatible with SPF so if you reject your good email based on SPF then you will lose it. SPF breaks email forwarding. All our servers however have RDNS set to*.junkemailfilter.com so you can white lists us to avoid bouncing your good email.
Although we try to do it right sometimes things donโt work for any number of reason within and not within our control. Weโre not responsible for anything lost from using our service.
โฆ
So โ how do we sign up?
Signing up is easy and automatic. First we need you to join our announcement list so that we can let you know important issues and changes that we might make in the future. Then all you need to do is change your MX records.
- [Wayback/Archive] Mxbackup Info Page
This is an announcement list for people who are using our MX Mailserver backup system. We want you to join this list so that if we have important information to send to users of this service you will be included in the announcement. We might very rarely send you an invitation to use our spam filtering or hosted email services.
- [Wayback/Archive] The Mxbackup Archives
The Mxbackup ArchivesNo messages have been posted to this list yet, so the archives are currently empty.
It is important that these two be the highest numbered two MX records and it is very important not to make our MX the lowest numbered as that is for our spam filtering customers only and our MX Backup service requires your servers be the lowest numbered MX.
โฆ
In order to be compatible with our system you should disable SPF checking because SPF breaks email forwarding. You should also whitelist and avoid rate limiting on email with a reverse IP address of*.junkemailfilter.com.
We store email up to 4 days and is rate limited to a reasonable amount so if you have a huge domain you should let us know for special arrangements. If your server goes offline then once your server comes back online we will usually detect it within minutes and transfer your email as fast as your server will accept it.
You should also experience some spam reduction even when your server is online. Many spammers try to send spam through the backup servers. Although we donโt apply full filtering to our backup MX we do apply out light filtering rules and behavior traps and if you notice a drop in spam let us know about it. We think you should notice a significant difference. And if you like what you see you might be interested in full filtering.
โฆ
Technical Details
Our servers automatically detect your MX configuration and it verifies that we are in your high numbered MX but that we are also not lowest. That allows us to accept email for MX backup. The mxbackup1 entry points to a ring of servers in a variety of locations ready to accept and process email. The mxbackup2 MX record is really a dummy entry and it point to other servers that will always return a 421 temporary error after the DATA command. This is used for spam bot detection and feeds our blacklists after significant spam bot verification. Since spam bot donโt retry the spam is essentially blocked because they donโt come back to the real email servers.
โฆ
- [Wayback/Archive] Junk Email Filter Spam Blocking Service
- [Wayback/Archive] Junk Email Filter Spam Blocking Service: How it Works!
โSo Perkelโ, you might ask, โWhat the hell do you do that makes your spam filter so damn good? How can you block spam better than anyone else can block spam?
- [Wayback/Archive] Spam DNS Lists โ Computer Tyme Support Wiki (even if you are not using Junk Email Filter, their Wiki is very interesting)
โฆ
And in general you canโt just crate a MX record to someoneโs server.
You can buy G Suite subscription https://gsuite.google.com/learning-center/#!/ that will allow you to use gmail with your own domain once done you can follow this https://support.google.com/a/answer/33915?hl=en
โฆ
Get a cheap VPS, install Debian with Postfix, and set it up to relay to your domain (donโt forget to test to make sure it only relays your domain). relay_domains = example.com #domains you want to store and forward mail forsmtpd_helo_required = yessmtpd_tls_received_header = yessmtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, permitsmtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client sbl-xbl.spamhaus.orgmydestination = $myhostname, localhost#set to a time that you will get your mailserver back up within if it goes downmaximal_queue_lifetime = 4wsoft_bounce = yes This will accept all email for your domains including invalid users (which will fail when it tried to forward them, but it will still accept messages for them), use relay_recipient_maps if you want to only accept a certain set of addresses instead. โฆ
I have used for my domain. So far no issues
improvmx.com
โฆ
Iโve done this before with success. Thatโs partly why they have google apps for domains (aka G Suite). Take a look at support.google.com/a/answer/140034 to get an idea of how to setup the mx records.
Ideally one would set them up as secondary to your primary mail exchangers but one could also set this up as the primary (thus getting the benefit of googleโs antispam network plus 100.1% uptime) and having your mail servers as the secondary to handle within your own domain.
[Wayback/Archive] Set up MX records for Google Workspace email โ Google Workspace Admin Help
Stef's Picks
The Wiert Corner - irregular stream of stuff
๐ค The Metal Dog ๐ค
