What I want to do is read all my email using Google. I like Gmail, I like Inbox, I like their spam filtering. Cool. I also want to receive email for my various domains. Thus, all these domains have an MX record pointing to my Raspberry Pi. It runs Exim 4 and Dovecot, and my accounts have .forward files pointing to kensanata@gmail.com. This ought to be cool, too. If I remove that .forward file, I can read my email on the Raspberry Pi using IMAP.
I want mail to `alex@schroeder.ch` to be sent to `mail.schroeder.ch`. This is my Raspberry Pi where I run Dovecot IMAP. This requires a *MX* record that points to the `mail` subdomain. The IP number for this subdomain is dynamic and gets updated every now and then. It’s the IP number for my router at home. I use port forwarding on that router to pass SMTP and IMAP through to the Raspberry Pi. Kallobombus has the IP `192.121.170.192`.
In order to reduce spam, I also have a TXT record with some *SPF1* information. There is some info by Google on what they suggest (`include:_spf.google.com ~all`) and there is the SPF Record Syntax documentation which shows you how to indicate who else can send mail for your domain (`mx` means “the MX records” and `a` means “the current domain”). I also want to authenticate emails with DKIM therefore I need the `dkim._domainkey` subdomain.
the SPF Record Syntax documentation
And finally, the `keybase-site-verification` record is for Keybase. It is totally unrelated to mail.
This is the zone file I’m using for various domains of mine:
@ 10800 IN A 192.121.170.192 mail 10800 IN A 77.57.27.11 rpg 10800 IN A 192.121.170.192 www 10800 IN A 192.121.170.192 @ 10800 IN MX 10 mail.alexschroeder.ch. @ 10800 IN TXT "keybase-site-verification=NOn_FM3TDgDDKE1EMeu8jpTf43G0c_RvzlCYeKh8evg" @ 10800 IN TXT "v=spf1 mx a include:_spf.google.com ~all" dkim._domainkey 10800 IN TXT "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGMDmbDQEk62j5n8pcHsWNAkrnvhes2g+c2O/gXEytr40E7nqX21YuIDj1e6S07+A8aM/0TSV5nIiWEhOocJtG91wNeM7ypqAgR5zihYoolkXk4FWsdIPbuwZbIEbLBLkgJdD2qbgLLOe/OFMIF3/MQROrfVh+rrxHun2RFJLKDwIDAQAB"
Testing:
alex@Megabombus:~$ nslookup -querytype=MX alexschroeder.ch Server: 10.0.1.1 Address: 10.0.1.1#53 Non-authoritative answer: alexschroeder.ch mail exchanger = 10 mail.alexschroeder.ch. Authoritative answers can be found from:
Setting up the zone is not enough.
I’m missing *port forwarding* for SMTP on the router from the Internet to my Raspberry Pi. Only the router is being reached, not the Raspberry Pi. Fire up the utility to configure the router. Right now only “IMAP Mail with SSL” is being forwarded. Adding “SMTP Mail”, click Update...
Transport Layer Security makes sure nobody can eavesdrop on your emails. Here’s the problem you’ll be seeing:
pi@raspberrypi ~ $ sudo tail -f /var/log/exim4/mainlog ... 2014-06-29 00:34:11 TLS error on connection from 178-83-163-103.dynamic.hispeed.ch ([10.0.1.4]) [178.83.163.103] (cert/key setup: cert=/etc/exim4/exim.crt key=/etc/exim4/exim.key): Error while reading file.
We need to generate a certificate!
sudo /usr/share/doc/exim4-base/examples/exim-gencert
And with that, things seem to working! Mails are being delivered:
2014-06-29 00:50:49 1X11SL-0005dt-Lt DKIM: d=gmail.com s=20120113 c=relaxed/relaxed a=rsa-sha256 [verification succeeded] 2014-06-29 00:50:49 1X11SL-0005dt-Lt <= kensanata@gmail.com H=mail-we0-f169.google.com [74.125.82.169] P=esmtps X=TLS1.0:RSA_ARCFOUR_SHA1:128 S=1971 id=CAORWZRffQ=vEkxVMdN2h+iOaNeStiPENFofMzbrv9gk6Uah7sw@mail.gmail.com 2014-06-29 00:50:50 1X11SL-0005dt-Lt => alex <alex@alexschroeder.ch> R=local_user T=mail_spool 2014-06-29 00:50:50 1X11SL-0005dt-Lt Completed
I’ve also managed to send some test emails into Limbo:
2014-06-29 00:49:05 Start queue run: pid=21629 2014-06-29 00:49:05 1X10tx-00054i-O1 Message is frozen 2014-06-29 00:49:05 End queue run: pid=21629
Here’s how to examine and delete them:
pi@raspberrypi /etc/exim4 $ sudo exim -bp
39m 1.2K 1X10tx-00054i-O1 <> *** frozen ***
claudia@empty
pi@raspberrypi /etc/exim4 $ sudo exim -Mrm 1X10tx-00054i-O1
Message 1X10tx-00054i-O1 has been removed
See Exim Cheatsheet.
In order to let Claudia send mail from claudia@orientalisch.info without setting actually setting up mail sending on the Raspberry Pi, I had to visit her Gmail account, add claudia@orientalisch.info as an alternate, verify it, and use the correct Gmail account in her SMTP Server settings of Mail. It seems to work.
Configure Exim using `sudo dpkg-reconfigure exim4-config`. This generates the file `/etc/exim4/update-exim4.conf.conf`. This is what it says:
dc_eximconfig_configtype='internet' dc_other_hostnames='mail.alexschroeder.ch ; alexschroeder.ch ; orientalisch.info ; communitywiki.org ; oddmuse.org ; campaignwiki.org; emacswiki.org' dc_local_interfaces='' dc_readhost='alexschroeder.ch' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='fencepost.gnu.org::587' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='true' dc_mailname_in_oh='true' dc_localdelivery='mail_spool'
(The `dc_smarthost` is not going to get used because the `dc_eximconfig_configtype` was switched from `smarthost` to `internet` in the past.)
Also make sure your hostname is setup correctly:
pi@raspberrypi ~ $ hostname -f mail.alexschroeder.ch
In my `/etc/hosts` file:
pi@raspberrypi ~ $ cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 mail.alexschroeder.ch raspberrypi.local raspberrypi
The Raspberry Pi is going to get a lot of email. If we forward it all to my Gmail address, Google is going to start rate limiting me. So I need to start some preliminary spam filtering. Time to start greylisting with Exim 4.
sudo apt-get install greylistd sudo greylistd-setup-exim4 add
Don’t forget to `sudo greylistd-setup-exim4 remove` before `sudo apt-get remove greylistd`.
What if Kallobombus itself needs to send email? We need to configure its Exim, too. Do that using `sudo dpkg-reconfigure exim4-config`. This generates the file `/etc/exim4/update-exim4.conf.conf`. This is what it says:
dc_eximconfig_configtype='internet' dc_other_hostnames='kallobombus' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='alexschroeder.ch' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='mail.alexschroeder.ch' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='true' dc_mailname_in_oh='true' dc_localdelivery='mail_spool'
(The dc_smarthost is not going to get used because the dc_eximconfig_configtype was switched from smarthost to internet in the past.)
Also make sure your hostname is setup correctly:
alex@kallobombus:/etc/exim4$ hostname -f alexschroeder.ch
In my `/etc/hosts` file:
1. removed localhost.localdomain from the list below and rearranged it 127.0.0.1 alexschroeder.ch kallobombus localhost 1. Auto-generated hostname. Please do not remove this comment. 192.121.170.192 kallobombus www.emacswiki.org communitywiki.org emacswiki.org campaignwiki.org rpg.alexschroeder.ch oddmuse.org alexschroeder.ch