SMTP Relay

[Dennis Stellern]

All,

Our SIS allows Parents to send email to teachers and support directly from the website.  On the back end I need to setup a SMTP host that can then deliver them.  I ended up using Microsoft IIS SMTP relay due to the fact that the SIS doesn't support TLS authentication. Since we used GMAIL I figured I would use smtp.gmail.com and relay the message through there.  This works for the emails we send out to parents that we don't want them replying to but for emails parents are sending to teachers and support the from field is being replace by the account we used to connect to google relay. So we are getting email that are from donot...@d123.org with not actual sender information. I looked around online and this is a know issue that google for security reason removes from field and switches it the account you used.  I have seen hints that it is possible to over come this but haven't found any.  I can't add alias's or send as address because their would be thousands.  I tried using Postini reinjection host and I can't even get that work.  Basically I need to create a private relay between Postini or GMail. Any ideas on this would would be greatly appreciated.

Thanks

--

Dennis Stellern

Network Manager

Oak Lawn School District 123

[Joshua Mulloy]

I pasted the non-encrypted SMTP Gmail settings below.  I use these settings for stuff that doesn't support TLS/SSL.  Everything I send out has a FROM address in our domain but I tested sending a message from a non-domain account and it seemed to work fine.  This might work for your case.  It's worth a shot if you haven't tried it already.  Make sure to whitelist the external IP that the emails will come from, otherwise Gmail will probably send these messages right to spam.  The SPF record will help if you are sending messages with your domain in the FROM line.

Do the parents have accounts in your GAFE domain?  If not that might cause some headaches no matter what you do.  I'm not sure if the IP whitelist will override an SPF hardfail since you are sending a message on behalf of a domain that might intentional lock things down.  My domain is set to hardfail so I could send a test if you want to try these settings.

http://support.google.com/a/bin/answer.py?hl=en&answer=176600

If your device or application does not support SSL, connect to aspmx.l.google.com on port 25.

You must configure an SPF record for your domain with the IP address of the device or application to ensure that recipients do not reject mail sent from it. You must also add this IP address to the Email Whitelist box in your Google Admin console. For example. if your sending device sends from 123.45.67.89, add that address to your SPF record without removing the Google Apps mail servers from the record:

v=spf1 ip4:123.45.67.89 include:_spf.google.com ~all

--
--
You received this message because you are subscribed to the Google
Groups "Google Apps K12 Technical Forum" group.
To post to this group, send email to k12ap...@googlegroups.com
To unsubscribe from this group, send email to
k12appstech...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/k12appstech?hl=en?hl=en
 
---
You received this message because you are subscribed to the Google Groups "Google Apps K12 Technical Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to k12appstech...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Edward Crist]

Josh

When it says "...IP address of your device..."  is that the internal IP of the actual device or the external IP of your firewall??

Edward Crist

Technology Manager

City Charter High School

201 Stanwix St.

Pittsburgh, PA 15222

(412) 690-2489

(412) 690-2316 fax

www.cityhigh.org

cr...@cityhigh.org

[Jaymon Lefebvre]

its whatever the IP address as Google would see it.  Your description of internal versus external is not articulate enough.  Depending on if you are using NAT or PAT (or no translation at all), it could be anything.

[Edward Crist]

All of my internal IP's are non routable 10.10 #s

So if my copier has an IP of 10.10.0.135, I don't see how that # is getting outside of my firewall and over to Google.

Edward Crist

Technology Manager

City Charter High School

201 Stanwix St.

Pittsburgh, PA 15222

(412) 690-2489

(412) 690-2316 fax

www.cityhigh.org

cr...@cityhigh.org

[Joshua Mulloy]

Sorry, they worded that badly.  You would not whitelist your internal IP addresses, they want you to enter your public IP address(es).  All of the devices that would send to Google from your external IP address would be covered.  Which reminds me, you might want to firewall aspmx.l.google.com port 25 outgoing for specific internal IP addresses.  You wouldn't want someone spamming to aspmx.l.google.com especially if you configure your SPF settings to trust the external IP for emails from your domain.

[Dennis Stellern]

Ok I know keep my from field but it only wants to send to GMAIL users.  If I try to send outside of GMAIL it errors out?  Is the unsecured only good for GMAIL accounts?

[Dennis Stellern]

All,

I figured out how to do this. We use Postini stand alone services so I used their smtp server to send the emails.  I setup a reinjection host with them and then changed the server over to their server and everything works perfectly.

[Joshua Mulloy]

Way to go figuring out a solution!  I only send emails within our GAFE domain when using the unencrypted settings.  It seems you are correct.  I was going to recommend looking into SMTP Virtual Server Relay for Remote Domains.  I don't use IIS much but from what I understand, you can set up specific domain based relay.  Send anything going to the GAFE domain through aspmx.l.google.com and the other stuff through the encrypted account, perhaps ... possibly.  Glad you got it worked out!