Reading a cloudron mailbox using GMail
-
-
is not possible
-
is possible, if you can get GMail to "check a Cloudron mailbox (shared or otherwise)"
-
is possible, but at that point you may as well create a new shared mailbox on Cloudron that everyone checks (and if you wait for the next release, you get multiple users having access to a mailbox w/o checking a separate account.)
-
I think you answered this one yourself.
-
-
@robi said in Reading a cloudron mailbox using GMail:
- is not possible
I believe it is possible to set an MX for a subdomain separately from the top-level domain.
However, I don't really want a Cloudron email on a separate subdomain. So no, this doesn't work for me.
- is possible, if you can get GMail to "check a Cloudron mailbox (shared or otherwise)"
Apparently GMail won't do this unless it is POP3. Or supported "Gmailify", which Cloudron isn't. This was my go-to option, I was surprised that it wasn't possible.
- is possible, but at that point you may as well create a new shared mailbox on Cloudron that everyone checks (and if you wait for the next release, you get multiple users having access to a mailbox w/o checking a separate account.)
Yes, this seems the best remaining option, but I think I am risking having my own MX server blacklisted as a source of spam by GMail.
- I think you answered this one yourself.
Are there any others?
-
So digging around further on Option 3, the problem with forwarding to GMail is that with simple email forwarding, they spot that the SPF header (if it is present for the original sender) doesn't permit delivery from your own domain (from which the email was re-delivered). This then jacks up the email's spam score. Or possibly has it rejected outright.
There is a technique called Sender Rewriting Scheme (SRS), which rewrites the email headers to keep the SPF (and DMARK/DKIM?) headers consistent with the source: your own domain. These seems to be the recommended way to avoid being rejected. For example:
https://www.jwz.org/blog/2015/03/google-seems-to-have-broken-email-forwarding/
Happily the Cloudron docs say this is implemented for mailing groups and sieve filters:
https://docs.cloudron.io/email/#mailing-group
https://docs.cloudron.io/email/#forward-all-emailsHowever, the problem then: if the forwarded email stream contains spam, the source is now interpreted as your own domain and you may find GMail adds your domain to a DNS blacklist for that (and then your spam score everywhere gets jacked up).
Therefore, to avoid this the server implementing SRS (Cloudron) needs to do decent spam-filtering before forwarding.
I see that Cloudron can do spam filtering - but either it requires training by marking the spam as junk (not possible in this case), or manual configuration. The documentation doesn't mention DNSBLs, although perhaps that can be configured manually via SpamAssassin rules (although I'm yet to discover how).
So here is a more specific question: can anyone give me a pointer for how would I implement spam filtering adequately on a forwarded email address to avoid becoming blacklisted by GMail?
-
You can do a few forms of whitelisting in Gmail.
-
Actually, on a second look: using those methods, it seems like I'd either have to whitelist sender addresses on a case-by-case basis (which seems infeasible to do reliably for a public contact address), or whitelist everything, which would then disable Google's spam filtering.
Whereas I think what I need to do is to whitelist our MX server from being DNS-blacklisted, whilst still allowing Google to do spam filtering on individual emails from that server, based on their sender etc. I wonder if that's possible.
-
I have been forwarding emails to Gmail without any issue, so I'm not sure what's the challenge here...simply added a filter in roundcube to forward all incoming emails (cloudron hosted email/domain previously a google suite domain/email) to a gmail, I can see in the logs that most emails get forwarded just fine and often cloudron spot spam and don't forward them, am I missing something ?
-
Basically, if SRS is being done (which I think it is for Cloudron itself, not sure about Roundcube), you're over the first hurdle: GMail won't reject the forwarded mail as having invalid SPF/DMARC headers.
But there's another problem which might occur, just not predictably: GMail could decide to add your Cloudron server to one of its blacklists (see reasons above). Or worse, a public DNSBL. Then you've then got the unpleasant job of reassuring your users it's gonna be fixed soon, whilst you try and convince GMail etc. to un-blacklist your mail server. And also find an alternative to forwarding.
I know this can happen because something similar actually happened to me some time ago in a different circumstance. Mail forwarding from a domain's addresses to GMail was working for a while, then suddenly it was being rejected.
If this second problem hasn't happened to you, or it could just be that you don't get a lot of spam. But how can you be sure it won't happen at some point later?
(I assume you've read the links in post 5067 above, to conversations about this elsewhere.)
-
@wu-lee said in Reading a cloudron mailbox using GMail:
Basically, if SRS is being done (which I think it is for Cloudron itself, not sure about Roundcube), you're over the first hurdle: GMail won't reject the forwarded mail as having invalid SPF/DMARC headers.
Yes, Cloudron does SRS, by default. You are also right that this is done at the mail server level (and not specific to an app like roundcube/rainloop).
For the forwarding, are you thinking about the case where Cloudron gets lots of spam and forwarding spam to gmail will cause issues? I think that's a valid concern (I remember they have some article saying you have to filter spam before forwarding). I guess this is a feature we have to implement in Cloudron.
-
This seems relevant here
https://twitter.com/sneakdotberlin/status/1317734739537653760?s=20
Gmail now rewrite links even in email pulled in via IMAP
-
added a Feature Request for #2 -- please upvote https://forum.cloudron.io/topic/5027/pop3-gmail-polling-support