Using Google Workspace or Zoho email

tassietiger · November 29, 2024, 11:47am

SYSTEM INFORMATION
OS type and version	AlmaLinux 9.5
Webmin version	2.202

Wondering if anyone has set up email to use either Google Workspace or Zoho email whilst still allowing outgoing email generated on the server (eg: lost password, login details, contact forms etc). Setting MX records in DNS for Google Workspace or Zoho email results in system informing me that this domain has email enabled / to disable email feature if email is hosted externally. I disabled email, tested sending emails via zoho for the domain (worked) and sent to the domain (worked). I then tested email from the server with a little test script

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);

$from = "removed@example.com.au";
$to = "removed@gmail.com";
$subject = "PHP Mail Test Script";
$message = "This is a test to check the PHP Mail functionality";
$headers = "From:" . $from;

if(mail($to, $subject, $message, $headers)) {
    echo "Test email sent successfully.";
} else {
    echo "Failed to send test email.";
}
?>

However as expected due to the disabled email, no email was received.

Sidenote: re-enabling email didn’t put the domain MX record back (even when the zoho MX records were commented out).

calport · November 29, 2024, 11:52am

Yes, I have.

In fact, this is quite common if email is hosted with a third party. To get it all to work, you just need the appropriate DNS records in place.

If you are a Webmin / Virtualmin newbie and wish to have a quick 10 minute paid chat with me about this, you could do that in addition to interacting with the very helpful community via this forum.

See:

tpnsolutions · November 29, 2024, 3:38pm

@calport,

It’s all about SPF, DKIM, and DMARC!

If you set it up correctly, you can make use of any provider (including your own server) to send messages on behalf of your domain without issue, while collecting inbound email and replying to regular messages via say Google Workspace, Zoho, Outlook, etc.

Search the forums for keywords like, DMARC, SPF, and DKIM. This type of question has been asked and answered quite a few times.

Or

Contact either @calport or myself and we’d be happy to consult and/or implement a solution (for a fee) for you.

tassietiger · November 30, 2024, 2:04am

My MX, SPF and DKIM related settings were

example.com.au.	IN	MX	10 mx.zoho.com.au.
example.com.au.	IN	MX	20 mx2.zoho.com.au.
example.com.au.	IN	MX	50 mx3.zoho.com.au.
example.com.au.	IN	TXT	"v=spf1 include:zohomail.com.au a mx a:example.com.au ip4:103.xx.xx.xxx ip4:103.xx.xx.xxx ?all"
zmail._domainkey.example.com.au.	IN	TXT	"v=DKIM1; k=..   ; zoho DKIMN
202410._domainkey.example.com.au.	IN	TXT	( "v=DKIM1; k=.. ; server DKIM

mxtoolbox reports for both DKIM records:

||DKIM Record Published | DKIM Record found|
DKIM Syntax Check |The record is valid|
DKIM Public Key Check | Public key is present|

Setting MX records in DNS for Google Workspace or Zoho email in Virtualmin DNS settings results in Virtualmin informing me that this domain has email enabled / to disable email feature if email is hosted externally.
As per Virtualmin instructions, I disabled email, tested sending emails via zoho for the domain (worked) and sent to the domain (worked) with access via zoho. I then tested email from the server with a little test script. No email was received from this test script, I assume because literally Virtualmin disabled emails from the Virtualmin server.

This thread: VPS + Virtualmin + Google Apps: Mail appears most relevant to what I asked, however it’s dated and might no longer be best practice.

[edit: yeah, nah. still not sending from test script]

[edit: snippet from /var/log/maillog when trying test email from server, one to info@example.com, the other to a gmail account]

Sent to same domain address (info@example.com.au)

Nov 30 02:44:23 hostname postfix/pickup[349927]: BA49AE00370F: uid=1000 from=<example>
Nov 30 02:44:23 hostname postfix/cleanup[350949]: BA49AE00370F: message-id=<20241130024423.BA49AE00370F@hostname.example.com.au>
Nov 30 02:44:23 hostname opendkim[343664]: BA49AE00370F: no signing domain match for 'example.com.au'
Nov 30 02:44:23 hostname opendkim[343664]: BA49AE00370F: no signing subdomain match for 'example.com.au'
Nov 30 02:44:23 hostname opendkim[343664]: BA49AE00370F: no signature data
Nov 30 02:44:23 hostname postfix/qmgr[111801]: BA49AE00370F: from=<example@hostname.example.com.au>, size=421, nrcpt=1 (queue active)
Nov 30 02:44:53 hostname postfix/smtp[350624]: connect to mx.zoho.com.au[103.138.128.141]:25: Connection timed out
Nov 30 02:45:23 hostname postfix/smtp[350624]: connect to mx2.zoho.com.au[103.91.166.141]:25: Connection timed out
Nov 30 02:45:53 hostname postfix/smtp[350624]: connect to mx3.zoho.com.au[103.138.128.141]:25: Connection timed out
Nov 30 02:45:53 hostname postfix/smtp[350624]: BA49AE00370F: to=<info@example.com.au>, relay=none, delay=90, delays=0.05/0/90/0, dsn=4.4.1, status=deferred (connect to mx3.zoho.com.au[103.138.128.141]:25: Connection timed out)
Nov 30 02:48:06 hostname postfix/qmgr[111801]: AFC03E00370E: from=<example@hostname.example.com.au>, size=421, nrcpt=1 (queue active)
Nov 30 02:48:37 hostname postfix/smtp[351652]: connect to mx.zoho.com.au[103.138.128.141]:25: Connection timed out
Nov 30 02:49:07 hostname postfix/smtp[351652]: connect to mx2.zoho.com.au[103.91.166.141]:25: Connection timed out
Nov 30 02:49:37 hostname postfix/smtp[351652]: connect to mx3.zoho.com.au[103.138.128.141]:25: Connection timed out
Nov 30 02:49:37 hostname postfix/smtp[351652]: AFC03E00370E: to=<info@example.com.au>, relay=none, delay=1658, delays=1568/0.03/90/0, dsn=4.4.1, status=deferred (connect to mx3.zoho.com.au[103.138.128.141]:25: Connection timed out)

Sent to a gmail account

Nov 30 02:50:53 hostname postfix/pickup[349927]: 21924E003710: uid=1000 from=<example>
Nov 30 02:50:53 hostname postfix/cleanup[352397]: 21924E003710: message-id=<20241130025053.21924E003710@hostname.example.com.au>
Nov 30 02:50:53 hostname opendkim[343664]: 21924E003710: no signing domain match for 'example.com.au'
Nov 30 02:50:53 hostname opendkim[343664]: 21924E003710: no signing subdomain match for 'example.com.au'
Nov 30 02:50:53 hostname opendkim[343664]: 21924E003710: no signature data
Nov 30 02:50:53 hostname postfix/qmgr[111801]: 21924E003710: from=<example@hostname.example.com.au>, size=424, nrcpt=1 (queue active)
Nov 30 02:51:23 hostname postfix/smtp[351652]: connect to gmail-smtp-in.l.google.com[74.125.200.26]:25: Connection timed out
Nov 30 02:51:23 hostname postfix/smtp[351652]: connect to gmail-smtp-in.l.google.com[2404:6800:4003:c04::1a]:25: Network is unreachable
Nov 30 02:51:53 hostname postfix/smtp[351652]: connect to alt1.gmail-smtp-in.l.google.com[173.194.202.27]:25: Connection timed out
Nov 30 02:51:53 hostname postfix/smtp[351652]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400e:c00::1a]:25: Network is unreachable
Nov 30 02:52:23 hostname postfix/smtp[351652]: connect to alt2.gmail-smtp-in.l.google.com[142.251.2.26]:25: Connection timed out
Nov 30 02:52:23 hostname postfix/smtp[351652]: 21924E003710: to=<user.name@gmail.com>, relay=none, delay=90, delays=0.05/0/90/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.251.2.26]:25: Connection timed out)

Joe · November 30, 2024, 3:04am

Please wrap logs, config files, command line interactions, in backticks (` for a single line) or triple backticks (``` for multiple lines). It’ll protect you from the spam filter, as all this domain names won’t be converted to links.

stefan1959 · November 30, 2024, 6:05am

Has to be a port 25 bock, probably by your provider

tassietiger · November 30, 2024, 10:01am

From doco https://www.virtualmin.com/docs/server-components/dkim/
Note that DKIM is enabled only for virtual servers with both DNS and email features active, as the mail server requires a private signing key corresponding to a public key in DNS.

tassietiger · November 30, 2024, 10:23am

Looks like it!

Joe · November 30, 2024, 7:10pm

Disabling mail in Virtualmin only disables receiving mail for virtual domains hosted in Virtualmin. It has nothing to do with sending mail, though it won’t automatically setup stuff like DKIM and SPF for domains that don’t have mail enabled.

If you want to literally prevent mail from being sent, disabling mail in Virtualmin will not do it. You need to stop Postfix, and block outgoing port 25 (many things can send mail, you don’t need a mail server, SMTP is a stupid simple protocol).

But, you seemingly already have port 25 blocked, which is pretty common. Some hosting providers will unblock port 25 if requested, others won’t, in which case you have to use an external relay that accepts mail on some other port (like the submission port) and configure Postfix or your applications that need to send mail to relay through that.

system · December 8, 2024, 7:10pm

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.