Hashemian Blog
Web, Finance, Technology, Running

From Sendmail To G Suite Gmail

by @ 1:04 pm
Filed under: email,google — Tags: , ,

In a previous post I covered updating my self-hosted Sendmail program to the newest version with some additions such as TLS 1.2 and DKIM. The version 8.15.2 at the time of my update was nearly five years old.

Interestingly, less than two months after my update Sendmail released a new version 8.16.1 . Now it must have been a coincidence that after 5 years of hibernation Sendmail decided to release a new version only a few weeks after I had gone to the trouble of updating my install but I wasn’t about to go through the pain of building, testing and deploying the new version and all its supporting components again.

Sendmail is a rock solid MTA and I could have happily stayed with the 8.15.2 version, but as I had mentioned in that blog post there were bigger concerns about continuing to self-host an email server. I was simply burned out from combating spammers and hackers and since all my emails (including uncaught spam) were forwarded to Gmail, my server’s reputation with Google wasn’t exactly stellar.

The time had come to end self-hosting and migrate to cloud hosting and G Suite was the perfect platform. G Suite by Google is one of several cloud products that companies can migrate their online presence to, including email service for their entire organization.

In my case that decision was even easier since I already had an unused free legacy G Suite account that had been languishing for many years. The legacy account has many limitations compared to the paid versions but it was good enough to proceed with the migration.

I configured hashemian.com as an alias domain for the G Suite account and created two users to handle the 55 or so email addresses. Each user can have a maximum of 30 email aliases which is why two users were needed. After adding all the aliases to the users, I logged into Gmail with each user account and configured them to forward all incoming emails to my regular Gmail account and then to delete those emails.

The final step was to the configure the DNS MX records and emails bound for hashemian.com started to flow to the G Suite users and subsequently to my regular Gmail inbox.

Since my Sendmail install was no longer used to receive email, I blocked it from all outside traffic to stop all spam attempts from external hosts. Scanning the maillog file proved that all spam activity directed at my server had come to a halt which also had a nice side effect of significantly lowering the stress on my server.

Sendmail isn’t completely gone from my server. It’s still used to send out all internal and web page generated messages. At this point I can fully disable it and use a lightweight outbound SMTP program such as ssmtp, msmtp, or nullmailer to submit emails via Gmail’s SMTP relay service. Perhaps some day that may happen, but for now Sendmail is working fine sending outbound messages without much stress on the server, so there’s little reason for me to fully terminate it.

After over 10 years with Sendmail, it was time to hand the email service reigns over to the cloud and so far the only regret is not doing it sooner. My server isn’t the only one benefiting. I also have a lot less stress since the migration.

Does It Make Sense To Self-Host Mail Server?

by @ 9:51 pm
Filed under: email,internet — Tags: ,

I have operated hashemian.com for over 2 decades now, earlier on hosted servers and eventually on my own server. During that time the domain has also been email capable, accepting and delivering emails sent to/from addresses such as [email protected] This was also originally hosted but was eventually ported to my own server. The product of choice for hosting my own mail server (MTA) has been Sendmail. At one time Sendmail was the king of the hill. It's still in use today, albeit vastly eclipsed by other products such as Exim and Postfix, as can clearly be seen here.

Years ago I would use email clients such as Squirrelmail to read emails but eventually for the sake of convenience I configured Sendmail to forward all @hashemian.com emails to my Gmail account. With Gmail I also gained great spam detection but there are also potential adverse effects in forwarding emails. One drawback is Gmail could and in fact does block access from my server, especially if a few too many emails are forwarded. Gmail does not recognize that the forwarded emails are from various original senders and instead assume all the emails originate from my server and takes punitive measures against what it perceives to be an abusive server. This periodic blacklisting has been happening for years now and I’m sure it doesn’t bode well for my server’s reputation.

421 4.7.28 [XXX.XXX.XXX.XXX] Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been temporarily rate limited. Please visit https://support.google.com/mail/?p=UnsolicitedRateLimitError to review our Bulk Email Senders Guidelines. - gsmtp

There are steps I can take to correct or at least mitigate this issue. One would be to identify and block spammers from my server and I do that from time to time when I find egregious activities. It helps, but it’s a manual chore and hardly efficient. Another would be utilizing products such as Fail2ban and SpamAssassin to combat spammers at network and application levels. But that would mean more work for me in terms of configuring, tweaking, updating and patching, and I’m too lazy for that. Also instead of pushing emails to it, I can have Gmail pull emails utilizing IMAP or POP. But that means maintaining another product such as Dovecot and opening ports on my server inviting additional exploit activity. No thanks, not at this time, even if those ports can be restricted to Gmail’s IP addresses only.

Recently I undertook the effort to build from source and update Sendmail to its latest available version 8.15.2 on my ancient but functional Fedora 14 server. As can be imagined it wasn’t a simple task, especially since I wanted to bring as many features of ESMTP aboard as possible, including support for STARTTLS on TLS 1.2. In some cases that meant hunting around for newer library source codes to build into Sendmail. The effort was an eventual success, specially after I installed and started the service and mail began to flow. Then to build on that momentum, I also added DKIM authentication to Sendmail by building and installing dkim-milter.

I must admit that even though the effort was successful it wasn’t really cause for celebration. The latest version of Sendmail, while stable and rock solid, is nevertheless 5 years old now, not as ancient as the kernel it’s running on but still pretty aged as software goes these days. Still doubtful I would have felt any better had I switched the MTA to the more modern Exim or Postfix.

Fact is times have changed and with cloud services maturing and prices falling, there’s little reason to maintain a server. Sure, there’s the educational aspect to it and some pride and autonomy, but it can be exhausting to keep up with all the updates and patches when you can spin up a fully loaded droplet on Digital Ocean for $5 or get cheap domain email service on G Suite or Office 365 (soon called Microsoft 365).

And with that in mind, I am slowly warming up to moving my domain’s email setup to my G Suite account. It’s an account I registered for years ago and thankfully Google has kept it free so far. It’ll be a bittersweet moment when I shut down Sendmail for the last time (although I may continue to use it for a bit longer for outbound messages) handing over the reigns to G Suite. I suppose one concern would be if on that same day Google will flip the existing free G Suite accounts to paid versions.

To be continued…

Powered by


Read Financial Markets  |   Home  |   Blog  |   Web Tools  |   News  |   Articles  |   FAQ  |   About  |   Privacy  |   Contact
Donate Bitcoin: 1K9TzBvQ2oaEb4tX9t2vKDtZouMcpfV6QF
paypal.me/rhashemian
© 2001-2020 Robert Hashemian   Powered by Hashemian.com