Send-Only Email Strategy (Questions)
Basically, my goal is simple. I only want to send emails out (e.g.
Im coding my website with codeigniter and I really like their Email class. It supports: mail, sendmail, or smtp.
The two programs that seem to be the weapons of choice are postfix and ssmtp.
My current set-up is Arch Linux with Nginx, php-cgi, mysql. And I have my domain name in the Linode DNS manager.
So my questions are this:
What email method is the most reliable: mail, sendmail, or smtp?
Since I have my domain name on the ns1…ns6.linode.com server does this mean it is a a valid FQDN?
What role does a reverse DNS play in this? is it relavent?
what is a domain SPF and how is it relevant?
Given postfix, or ssmtp , would nginx need any sort of modification? or is the email server stand alone?
Note: I have my /etc/hosts file set up like this:
# <ip-address><hostname.domain.org><hostname>127.0.0.1 localhost.localdomain localhost
xx.xxx.xxx.xxx mywebsite.com isaac
yyyy:yyyy::yyyy:yyyy:yyyy:yyyy mywebsite.com isaac</hostname></hostname.domain.org></ip-address>
My main concern is that I can install postfix and get at the config file, however I am really lost with the set-up and the role my domain name has in it so that it can properly work.
Thank you for your time, Isaac.
7 Replies
@nthvision:
What email method is the most reliable: mail, sendmail, or smtp?
Sorry, that question doesn't make any sense. mail is a command-line program that allows you to compose e-mail messages. sendmail is another program that handles sending those messages to their proper destinations. SMTP is the protocol that underlies everything. So you actually need all of them, though you can easily replace sendmail with postfix or some other program.
@nthvision:
Since I have my domain name on the ns1…ns6.linode.com server does this mean it is a a valid FQDN?
A valid FQDN, in the context of e-mail, is usually a subdomain of your domain. This subdomain must have an A record in the DNS manager that points to your Linode's IP address. In other words, if you typed this subdomain into your browser, it should conenct to your Linode (rather than getting a "server not found" or other error message.)
@nthvision:
What role does a reverse DNS play in this? is it relavent?
Many e-mail services refuse to accept messages from IP addresses that do not have a valid reverse DNS entry associated with it. This is because most spam comes from hijacked PCs in homes and small offices, and these consumer devices usually don't have reverse DNS. So e-mail services use reverse DNS to filter spam. Unless you have very specific reasons to deviate, you should either leave your reverse DNS as it is (liXX-YYY.members.linode.com) or replace it with the FQDN mentioned earlier. Whatever you put in there, it should be something that connects to your Linode if typed into a browser. Don't just make something up.
@nthvision:
what is a domain SPF and how is it relevant?
SPF is a special type of TXT record in the DNS. It begins with "v=spf1". It is a list of servers that are allowed to send e-mail on behalf of the domain. This prevents unauthorized people from sending e-mail (usually spam) pretending to be from your domain. You don't always need SPF to send e-mail, but it's good to have, because SPF makes it easier for other services to trust e-mail from your domain.
@nthvision:
would nginx need any sort of modification? or is the email server stand alone?
nginx doesn't care whatever you do with mail. PHP might care.
@nthvision:
Note: I have my /etc/hosts file set up like this:
The hosts file itself has little to do with any of this. What matters is your hostname, which is usually set in /etc/hostname. In this case, your hostname seems to be "isaac". That's not a valid FQDN, so at least you should make it "isaac.mydomain.com" in /etc/hostname.
@hybinet:
@nthvision:What email method is the most reliable: mail, sendmail, or smtp?
Sorry, that question doesn't make any sense. mail is a command-line program that allows you to compose e-mail messages. sendmail is another program that handles sending those messages to their proper destinations. SMTP is the protocol that underlies everything. So you actually need all of them, though you can easily replace sendmail with postfix or some other program.
@nthvision:Since I have my domain name on the ns1…ns6.linode.com server does this mean it is a a valid FQDN?
A valid FQDN, in the context of e-mail, is usually a subdomain of your domain. This subdomain must have an A record in the DNS manager that points to your Linode's IP address. In other words, if you typed this subdomain into your browser, it should conenct to your Linode (rather than getting a "server not found" or other error message.)
@nthvision:What role does a reverse DNS play in this? is it relavent?
Many e-mail services refuse to accept messages from IP addresses that do not have a valid reverse DNS entry associated with it. This is because most spam comes from hijacked PCs in homes and small offices, and these consumer devices usually don't have reverse DNS. So e-mail services use reverse DNS to filter spam. Unless you have very specific reasons to deviate, you should either leave your reverse DNS as it is (liXX-YYY.members.linode.com) or replace it with the FQDN mentioned earlier. Whatever you put in there, it should be something that connects to your Linode if typed into a browser. Don't just make something up.
@nthvision:what is a domain SPF and how is it relevant?
SPF is a special type of TXT record in the DNS. It begins with "v=spf1". It is a list of servers that are allowed to send e-mail on behalf of the domain. This prevents unauthorized people from sending e-mail (usually spam) pretending to be from your domain. You don't always need SPF to send e-mail, but it's good to have, because SPF makes it easier for other services to trust e-mail from your domain.
@nthvision:would nginx need any sort of modification? or is the email server stand alone?
nginx doesn't care whatever you do with mail. PHP might care.
@nthvision:Note: I have my /etc/hosts file set up like this:
The hosts file itself has little to do with any of this. What matters is your hostname, which is usually set in /etc/hostname. In this case, your hostname seems to be "isaac". That's not a valid FQDN, so at least you should make it "isaac.mydomain.com" in /etc/hostname.
WOW! THANK YOU!! This Really cleared up ALOT. Thanks for the great response!
So I went and double checked to see if my FQDN (mail.mywebsite.com) and reverse DNS points to my website and it does! Im assuming I should be good to go with respect to that.
Then I went ahead and added a TXT Record in my DNS Manager:
Name: mail Value:v=spf1
Did I set that up correctly?
Also I went ahead and changed the hostname in /etc/hosts to mywebsite.com
This should be ok right?
I will now attempt to set up POSTFIX to function as a send-only mail server any suggestions on subtle settings I should be aware of?
@nthvision:
Then I went ahead and added a TXT Record in my DNS Manager:
Name: mail Value:v=spf1
Did I set that up correctly?
You should leave "name" blank. The value should begin with "v=spf1", but that shouldn't be the only thing in there. At the very least, you want it to be "v=spf1 a mx ~all" (without the quotes). This means "Permit the server that hosts mywebsite.com. Also permit any server that receives incoming mail for mywebsite.com. All other IPs are suspicious."
If you use Google Apps for your domain, it should be something like "v=spf1 a mx include:_spf.google.com ~all" (without the quotes).
@nthvision:
Also I went ahead and changed the hostname in /etc/hosts to mywebsite.com
mail.mywebsite.com or any-other-subdomain.mywebsite.com would be better. Bare domains make poor hostnames. But this matters less than the next part:
@nthvision:
I will now attempt to set up POSTFIX to function as a send-only mail server any suggestions on subtle settings I should be aware of?
Depending on your distribution, Postfix might ask you for a hostname during installation. You must tell it to use mail.mywebsite.com, since that's your valid FQDN. If that's already in /etc/hostname, Postfix will probably use it by default. If not, double-check that it got the right hostname, because sometimes it picks up the wrong hostname. Postfix is the program that actually communicates with other mail servers, so it is extremely important that it knows what its FQDN is.
I have another question that relates to this topic, When I was with my shared hosting company, I sent mail out with codeigniter with both the /usr/sbin/sendmail and smtp option, and the /usr/sbin/sendmail method always takes FOREVER to deliver mail(its happening on my linode as well), as oppose to the smtp method with a valid user, password..port number etc (ive yet to try using the username and password method on my linode, im still trying to figure out how to set it up).
what could be the cause of this?
Which SMTP service are you using for the username/password method? Gmail? Those well-established services are obviously very good at eliminating delays.
Why not simply use the 'mail' option in CodeIgniter? This usually works just as well as the 'sendmail' option, and sometimes even better, because the 'sendmail' option might be affected by security settings.
@hybinet:
What do you mean, "takes forever"? How long is "forever"? Does CodeIgniter take a long time to respond, or does it take a long time for the message to show up in the recipient's inbox? If the latter, e-mail headers might contain some useful information.
Which SMTP service are you using for the username/password method? Gmail? Those well-established services are obviously very good at eliminating delays.
Why not simply use the 'mail' option in CodeIgniter? This usually works just as well as the 'sendmail' option, and sometimes even better, because the 'sendmail' option might be affected by security settings.
mail WORKED! Thank You, Once again You have been invaluable in helping me understand this mail issue!
e.g:
iptables -A INPUT -p tcp -s 127.0.0.0/8 –dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j DROP