Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Reading a cloudron mailbox using GMail

Reading a cloudron mailbox using GMail

Scheduled Pinned Locked Moved Solved Support
gmailmailspam
19 Posts 7 Posters 2.5k Views 7 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      W Offline
      wu-lee
      wrote on last edited by girish
      #1

      We're using Cloudron to replace some of our company's pre-existing services, notably email. (And of course to add new ones.)

      To date, mail for the company's domain has just been routed to a single GMail account, to which everyone who needs access shares log-in details for.

      With Cloudron we have the ability to create personal and shared mailboxes. However, for the time being we want to keep the official company email on the GMail account, simply because everyone's used to that and we don't want to disrupt our main communication channel. Later when Cloudron has proved itself, we might persuade people to shift.

      However, in setting this up we have encountered more obstacles than I expected.

      The top-level question I have is, how have other people solved this?

      Following are some of the angles we've looked at. I think my favourite would be the second one, if it were possible.

      1. Configuring personal emails via an MX on a subdomain, leave the top-level domain as-is

      Currently we have an MX record which points to the domain registrar's MTA, which then forwards everything to the one GMail account.

      So the company domain would normally be configured by Cloudron to have itself as the primary MX server, if it is set to "Automatic" mode. This clobbers the MX record and the redirect that implements, so we're deferring that and keeping it on "Manual" until we resolve our problem.

      One workaround might be to have Cloudron manage only the MX on a subdomain. I think I see how to do that using the "Change Dashboard Domain" panel, but it means our new personal emails have to use that subdomain, and I'd rather avoid that if possible.

      2. Add a Cloudron shared IMAP inbox for the company email as an external GMail account

      Another angle we've tried is to add a catch-all shared Cloudron mailbox to GMail as an external account. GMail used to support this, I think. Now I find it only supports external accounts which are hosted on:

      1. POP3 servers, or
      2. Special IMAP services which are supported by their "GMailify" service.

      Arbitrary IMAP servers like Cloudron servers are apparently not supported by "GMailify" (see link below); and Cloudron does not support a POP3 service, which is the only other option GMail offers.

      https://support.google.com/mail/thread/55959852?hl=en
      https://forum.cloudron.io/post/13096

      3. Forwarding the company email address to the GMail account

      Maybe we could create a Cloudron mailing list and use that to forward email sent to the company address on to the GMail account's address...

      However, I'm a bit concerned that GMail will then see all the spam and then blacklist our Cloudron server. I've experienced this previously in other cases, where a domain's email was naiively forwarded to a GMail mailbox. It seems a bit risky, even if Cloudron does set up the SPF, DMARC and DKIM, because mail to our main email address is then at the mercy of Google's algorithms.

      Google's support document on this does not really reassure me:

      https://support.google.com/mail/answer/175365?hl=en

      4. Set Google as the MX for our domain

      There is the option to defer outgoing delivery services to Google. I've not yet seen one to allow Google to set as the MX for Cloudron's domain. However, I would prefer not to, as part of the point is to move away from Google and to use open-source software. But this would be one of our final options.

      1 Reply Last reply
      0
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #2

        Hi, actually Cloudron does not require any MX to be set, nor does it do that automatically, unless you enable "Incoming Email" for a domain. The default should be off.

        This means the Cloudron and the apps will still be able to send out emails.

        Maybe I misunderstood your question though, but generally one does not have to move all mailboxes or mail address to a Cloudron at all, this is optional.

        1 Reply Last reply
        0
        • W Offline
          W Offline
          wu-lee
          wrote on last edited by
          #3

          Thanks @nebulon -

          I think if I don't enable "Incoming Email", I can't set up any mailboxes for users, correct?

          We'd like our Cloudron users to have email accounts, but keep the one company email working on GMail, as described. This means we can transition gradually to no GMail, or not, based on our experiences.

          1 Reply Last reply
          0
          • girishG Offline
            girishG Offline
            girish
            Staff
            wrote on last edited by
            #4

            @wu-lee said in Reading a cloudron mailbox using GMail:

            We'd like our Cloudron users to have email accounts, but keep the one company email working on GMail, as described. This means we can transition gradually to no GMail, or not, based on our experiences.

            Email works at the domain level and not at the mailbox level. Meaning, it's not possible to say "xx@domain.com" goes to gmail but "yy@domain.com" goes to Cloudron. So, from what I understand of your question, it's not possible to have some mailboxes on gmail and some on Cloudron. It's all or nothing.

            1 Reply Last reply
            1
            • robiR Offline
              robiR Offline
              robi
              wrote on last edited by
              #5
              1. is not possible

              2. is possible, if you can get GMail to "check a Cloudron mailbox (shared or otherwise)"

              3. is possible, but at that point you may as well create a new shared mailbox on Cloudron that everyone checks (and if you wait for the next release, you get multiple users having access to a mailbox w/o checking a separate account.)

              4. I think you answered this one yourself. 😛

              Conscious tech

              W 1 Reply Last reply
              0
              • robiR robi
                1. is not possible

                2. is possible, if you can get GMail to "check a Cloudron mailbox (shared or otherwise)"

                3. is possible, but at that point you may as well create a new shared mailbox on Cloudron that everyone checks (and if you wait for the next release, you get multiple users having access to a mailbox w/o checking a separate account.)

                4. I think you answered this one yourself. 😛

                W Offline
                W Offline
                wu-lee
                wrote on last edited by
                #6

                @robi said in Reading a cloudron mailbox using GMail:

                1. is not possible

                I believe it is possible to set an MX for a subdomain separately from the top-level domain.

                However, I don't really want a Cloudron email on a separate subdomain. So no, this doesn't work for me.

                1. is possible, if you can get GMail to "check a Cloudron mailbox (shared or otherwise)"

                Apparently GMail won't do this unless it is POP3. Or supported "Gmailify", which Cloudron isn't. This was my go-to option, I was surprised that it wasn't possible.

                1. is possible, but at that point you may as well create a new shared mailbox on Cloudron that everyone checks (and if you wait for the next release, you get multiple users having access to a mailbox w/o checking a separate account.)

                Yes, this seems the best remaining option, but I think I am risking having my own MX server blacklisted as a source of spam by GMail.

                1. I think you answered this one yourself. 😛

                Are there any others?

                1 Reply Last reply
                0
                • robiR Offline
                  robiR Offline
                  robi
                  wrote on last edited by
                  #7

                  Looking for something else, I came across this.

                  msbt Oct 19, 2018, 4:14 PM

                  A workaround to have a unified inbox is the mail app in nextcloud. You can add multiple imap accounts that can use a single inbox to send and receive mails.

                  Conscious tech

                  1 Reply Last reply
                  1
                  • W Offline
                    W Offline
                    wu-lee
                    wrote on last edited by
                    #8

                    So digging around further on Option 3, the problem with forwarding to GMail is that with simple email forwarding, they spot that the SPF header (if it is present for the original sender) doesn't permit delivery from your own domain (from which the email was re-delivered). This then jacks up the email's spam score. Or possibly has it rejected outright.

                    There is a technique called Sender Rewriting Scheme (SRS), which rewrites the email headers to keep the SPF (and DMARK/DKIM?) headers consistent with the source: your own domain. These seems to be the recommended way to avoid being rejected. For example:

                    https://superuser.com/questions/1192322/mail-forwarding-do-i-need-to-concern-myself-with-the-spf-fail-header-from-googl

                    https://www.jwz.org/blog/2015/03/google-seems-to-have-broken-email-forwarding/

                    Happily the Cloudron docs say this is implemented for mailing groups and sieve filters:

                    https://docs.cloudron.io/email/#mailing-group
                    https://docs.cloudron.io/email/#forward-all-emails

                    However, the problem then: if the forwarded email stream contains spam, the source is now interpreted as your own domain and you may find GMail adds your domain to a DNS blacklist for that (and then your spam score everywhere gets jacked up).

                    Therefore, to avoid this the server implementing SRS (Cloudron) needs to do decent spam-filtering before forwarding.

                    I see that Cloudron can do spam filtering - but either it requires training by marking the spam as junk (not possible in this case), or manual configuration. The documentation doesn't mention DNSBLs, although perhaps that can be configured manually via SpamAssassin rules (although I'm yet to discover how).

                    So here is a more specific question: can anyone give me a pointer for how would I implement spam filtering adequately on a forwarded email address to avoid becoming blacklisted by GMail?

                    1 Reply Last reply
                    0
                    • robiR Offline
                      robiR Offline
                      robi
                      wrote on last edited by
                      #9

                      You can do a few forms of whitelisting in Gmail.

                      Conscious tech

                      W 1 Reply Last reply
                      1
                      • robiR robi

                        You can do a few forms of whitelisting in Gmail.

                        W Offline
                        W Offline
                        wu-lee
                        wrote on last edited by
                        #10

                        That's useful, thank you @robi. I didn't yet find an option to do that in GMail which seemed guaranteed to work.

                        W 1 Reply Last reply
                        0
                        • W wu-lee

                          That's useful, thank you @robi. I didn't yet find an option to do that in GMail which seemed guaranteed to work.

                          W Offline
                          W Offline
                          wu-lee
                          wrote on last edited by
                          #11

                          Actually, on a second look: using those methods, it seems like I'd either have to whitelist sender addresses on a case-by-case basis (which seems infeasible to do reliably for a public contact address), or whitelist everything, which would then disable Google's spam filtering.

                          Whereas I think what I need to do is to whitelist our MX server from being DNS-blacklisted, whilst still allowing Google to do spam filtering on individual emails from that server, based on their sender etc. I wonder if that's possible.

                          1 Reply Last reply
                          0
                          • rmdesR Offline
                            rmdesR Offline
                            rmdes
                            wrote on last edited by
                            #12

                            I have been forwarding emails to Gmail without any issue, so I'm not sure what's the challenge here...simply added a filter in roundcube to forward all incoming emails (cloudron hosted email/domain previously a google suite domain/email) to a gmail, I can see in the logs that most emails get forwarded just fine and often cloudron spot spam and don't forward them, am I missing something ?

                            W 1 Reply Last reply
                            0
                            • rmdesR rmdes

                              I have been forwarding emails to Gmail without any issue, so I'm not sure what's the challenge here...simply added a filter in roundcube to forward all incoming emails (cloudron hosted email/domain previously a google suite domain/email) to a gmail, I can see in the logs that most emails get forwarded just fine and often cloudron spot spam and don't forward them, am I missing something ?

                              W Offline
                              W Offline
                              wu-lee
                              wrote on last edited by
                              #13

                              @rmdes

                              Basically, if SRS is being done (which I think it is for Cloudron itself, not sure about Roundcube), you're over the first hurdle: GMail won't reject the forwarded mail as having invalid SPF/DMARC headers.

                              But there's another problem which might occur, just not predictably: GMail could decide to add your Cloudron server to one of its blacklists (see reasons above). Or worse, a public DNSBL. Then you've then got the unpleasant job of reassuring your users it's gonna be fixed soon, whilst you try and convince GMail etc. to un-blacklist your mail server. And also find an alternative to forwarding.

                              I know this can happen because something similar actually happened to me some time ago in a different circumstance. Mail forwarding from a domain's addresses to GMail was working for a while, then suddenly it was being rejected.

                              If this second problem hasn't happened to you, or it could just be that you don't get a lot of spam. But how can you be sure it won't happen at some point later?

                              (I assume you've read the links in post 5067 above, to conversations about this elsewhere.)

                              girishG 1 Reply Last reply
                              0
                              • W wu-lee

                                @rmdes

                                Basically, if SRS is being done (which I think it is for Cloudron itself, not sure about Roundcube), you're over the first hurdle: GMail won't reject the forwarded mail as having invalid SPF/DMARC headers.

                                But there's another problem which might occur, just not predictably: GMail could decide to add your Cloudron server to one of its blacklists (see reasons above). Or worse, a public DNSBL. Then you've then got the unpleasant job of reassuring your users it's gonna be fixed soon, whilst you try and convince GMail etc. to un-blacklist your mail server. And also find an alternative to forwarding.

                                I know this can happen because something similar actually happened to me some time ago in a different circumstance. Mail forwarding from a domain's addresses to GMail was working for a while, then suddenly it was being rejected.

                                If this second problem hasn't happened to you, or it could just be that you don't get a lot of spam. But how can you be sure it won't happen at some point later?

                                (I assume you've read the links in post 5067 above, to conversations about this elsewhere.)

                                girishG Offline
                                girishG Offline
                                girish
                                Staff
                                wrote on last edited by
                                #14

                                @wu-lee said in Reading a cloudron mailbox using GMail:

                                Basically, if SRS is being done (which I think it is for Cloudron itself, not sure about Roundcube), you're over the first hurdle: GMail won't reject the forwarded mail as having invalid SPF/DMARC headers.

                                Yes, Cloudron does SRS, by default. You are also right that this is done at the mail server level (and not specific to an app like roundcube/rainloop).

                                For the forwarding, are you thinking about the case where Cloudron gets lots of spam and forwarding spam to gmail will cause issues? I think that's a valid concern (I remember they have some article saying you have to filter spam before forwarding). I guess this is a feature we have to implement in Cloudron.

                                W 1 Reply Last reply
                                0
                                • girishG girish

                                  @wu-lee said in Reading a cloudron mailbox using GMail:

                                  Basically, if SRS is being done (which I think it is for Cloudron itself, not sure about Roundcube), you're over the first hurdle: GMail won't reject the forwarded mail as having invalid SPF/DMARC headers.

                                  Yes, Cloudron does SRS, by default. You are also right that this is done at the mail server level (and not specific to an app like roundcube/rainloop).

                                  For the forwarding, are you thinking about the case where Cloudron gets lots of spam and forwarding spam to gmail will cause issues? I think that's a valid concern (I remember they have some article saying you have to filter spam before forwarding). I guess this is a feature we have to implement in Cloudron.

                                  W Offline
                                  W Offline
                                  wu-lee
                                  wrote on last edited by
                                  #15

                                  @girish said in Reading a cloudron mailbox using GMail:

                                  are you thinking about the case where Cloudron gets lots of spam and forwarding spam to gmail will cause issues?

                                  Yes, exactly that.

                                  girishG 1 Reply Last reply
                                  0
                                  • W wu-lee

                                    @girish said in Reading a cloudron mailbox using GMail:

                                    are you thinking about the case where Cloudron gets lots of spam and forwarding spam to gmail will cause issues?

                                    Yes, exactly that.

                                    girishG Offline
                                    girishG Offline
                                    girish
                                    Staff
                                    wrote on last edited by
                                    #16

                                    @wu-lee Yes, we have to implement outbound spam filtering for this. We only do inbound spam filtering right now. Feel free to open a feature request in the forum section.

                                    1 Reply Last reply
                                    1
                                    • jdaviescoatesJ Online
                                      jdaviescoatesJ Online
                                      jdaviescoates
                                      wrote on last edited by jdaviescoates
                                      #17

                                      This seems relevant here

                                      https://twitter.com/sneakdotberlin/status/1317734739537653760?s=20

                                      Gmail now rewrite links even in email pulled in via IMAP

                                      I use Cloudron with Gandi & Hetzner

                                      1 Reply Last reply
                                      1
                                      • robiR Offline
                                        robiR Offline
                                        robi
                                        wrote on last edited by
                                        #18

                                        I use a browser extension that removes all those as well as utm link data.

                                        Conscious tech

                                        1 Reply Last reply
                                        0
                                        • E Offline
                                          E Offline
                                          eddowding
                                          wrote on last edited by
                                          #19

                                          added a Feature Request for #2 -- please upvote https://forum.cloudron.io/topic/5027/pop3-gmail-polling-support

                                          1 Reply Last reply
                                          0
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                            • Login

                                            • Don't have an account? Register

                                            • Login or register to search.
                                            • First post
                                              Last post
                                            0
                                            • Categories
                                            • Recent
                                            • Tags
                                            • Popular
                                            • Bookmarks
                                            • Search