Author: Jan Dembowski (page 49 of 96)
I host the domain dembowski.net and also handle the mail delivery. The mail ultimately ends up in Stefan’s house via his DSL line.
That DSL line has been prone to problems so I played with the idea of moving the mail to another server or VPS. But handling spam and keeping my web mail software up to date is a pain. So I wanted to move my whole domain to Google Apps for mail handling. Google is much better at distributed web mail systems and spam fighting than I am.
This was not universally accepted by all of my users. So I found a way to selectively send mail to Google Apps on a per user basis.
1. Sign up your domain for Google Apps
Okay, that one is a no brainer. I authenticated my domain by inserting a Google supplied CNAME record into my zone file. That established that I was the one in charge of my domain. Google lets you use it at no charge for up to 50 users.
In Google Apps I added another domain to my profile called app.dembowski.net. This way mail from Google gets delivered as user@dembowski.net and Google will also receive mail for user@app.dembowski.net.
2. DNS changes
I set up a sub-domain called app.dembowski.net. The DNS records for this domain are pretty sparse and only contain MX records that Google provides for users to point their domain to. These came straight out of Google’s instructions. In my zone file I bumped the serial number and added these lines:
app.dembowski.net. MX 10 aspmx.l.google.com. app.dembowski.net. MX 20 alt1.aspmx.l.google.com. app.dembowski.net. MX 20 alt2.aspmx.l.google.com. app.dembowski.net. MX 30 aspmx2.googlemail.com. app.dembowski.net. MX 30 aspmx3.googlemail.com. app.dembowski.net. MX 30 aspmx4.googlemail.com. app.dembowski.net. MX 30 aspmx5.googlemail.com.
Then I created a couple of A records for mail.dembowski.net pointing to two servers I run Apache2 on. More on this later.
3. Postfix recipient rewriting
The magic happens on my two Postfix MTAs. When the primary mail server goes down, mail queues up on my secondary mail server. It will stay there until the primary comes back. That sucks; last time we had an outage, the mail server was down for almost 24 hours.
The solution is to have Postfix receive the mail, rewrite the address to the sub-domain, and send it along for delivery.
In my /etc/postfix/main.cf file I added this line
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical_maps</pre> In the file /etc/postfix/recipient_canonical_maps I had something like this: <pre lang="text">user1@dembowski.net user1@app.dembowski.net user2@dembowski.net user2@app.dembowski.net user3@dembowski.net user3@app.dembowski.net
This let me turn on Google mail handling on a per user basis. I ran postmap hash:/etc/postfix/recipient_canonical_maps and restarted postfix on my servers.
Now if my mail server tanks again, as long as the secondary is up, I still get my mail via Google Apps.
4. Lazy web mail URL
The two servers that are being pointed to as mail.dembowski.net? I created an Apache2 vhost on each one for that server name. In the root directory for the new vhost I created a small index.php with the following content:
<?php
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://mail.google.com/a/dembowski.net");
exit();
?>
I’m lazy. I can remember http://mail.dembowski.net easier than http://mail.google.com/a/dembowski.net.
Update: Or I could follow the directions and in my Google Apps dashboard just set a customized URL for mail.
After setting that up in my dashboard, I updated the mail.dembowski.net DNS record to be a CNAME pointing to ghs.google.com.
5. Test everything
Using an IMAP client (after I turned IMAP on in my Google Apps mail) I sent and received mail with my primary server’s postfix shutdown. That worked perfectly.
I also had other people in my domain send and receive mail just to make sure I did not bork that up too. All was good and we were all able to send and receive mail.
That’s it. As long as I create accounts in Google Apps and maintain the recipient_canonical_maps file, I’ve got a good solution for fighting spam with a good web mail client without impacting my other users.
Since last week we were planning on taking the kids to the Flushing Chinese New Year’s parade today. This morning we got to the parking lot on Union Street before 9 AM and we were the first into the restaurant. The parade started at 11 AM so we were waiting for about an hour for the parade to start.
Except for it getting really cold, it was a good parade (with some funny moments). You can see the Flickr set here. The kids had a great time.
My daughter’s Kindergarten class has a pet hamster named Bear. Every Friday, one of the kids in her class gets to take Bear home for the weekend and get to feed and play with her.
Yesterday was my girl’s turn. Both kids are excited and I have to keep reminding them that Bear is not a toy. They don’t hurt the hamster but they are kids and they need a grownup to keep the pet in good shape. Now the kids want a hamster for a pet. That’s not going to happen unless I can get a cat (and since Lily does not want a cat, we remain pet-less).
It’s an interesting experience and I’ll take photos and post them on Flickr.
Back in September I had the MINI Cooper S serviced by the dealer. There were two problems with it:
- The window wipers would seize up in the middle of the screen and stop working.
- There was a sympathetic rattle in the dash board.
The rattle drove me insane and driving the red go-kart with that rattle just plain sucked. The wipers? That was serious business and they had stopped working in the middle of a rain storm. So I left the car with the dealer and three days later they eliminated the rattle. The wiper problem? No fault found.
Since September I have not driven the MINI S much. When it’s cold and there is ice on the road, the red go-kart becomes a red hockey puck.
Today it’s cold but really sunny, so I backed up the MINI S and charged the battery. The windows were dirty so I turned on the wiper washers. The right nozzle did not pass any cleaning fluid.
The wipers seized up in the middle of the screen again. I told Lily I was going to the dealer and went right there.
The service garage is closed on Sunday. The sales people were very nice and professional but they’re not mechanics. I need to bring it back tomorrow morning at 7 AM and talk to the service manager.
Sigh. This does not happen really with my Mercedes ML-320.
It’s torture. Any sane person knows that, anyone with any decency won’t make an excuse. So why do Senate Republicans think “just following orders” is legitimate? That has not worked in the past.
This has been kicking around on Reddit for months. One day before the inauguration, it’s not really funny anymore.
Except for continuing to be re-elected, Congresswoman Pelosi is a failure.
But speaking on Fox News Sunday, Pelosi said she wants Congress to consider repealing tax cuts on those who make over $250,000 immediately and is pushing for a congressional investigation into whether the Bush administration illegally fired federal prosecutors two years ago.
via Pelosi, Obama disagree on tax cuts, Bush investigations « – Blogs from CNN.com.
Now with only days left in the Bush administration, she wants investigations. I happen to agree with her, but I do not want that enabling, pandering, self-serving Speaker of the House involved. She kept her head in the sand and now she wants to do this for no other reason to claim credit. She’s a real politician.
I think that the tax cuts should be reviewed for their effectiveness, I don’t know if they do work or not. That review should be from economists that are recognized by both sides of the aisle. If the tax cuts are good for the economy they should stay. If they don’t help, they should go. But the economy has to be the driver not some fake conservative philosophy or some fake liberal one either.
I also think the Bush administration should be investigated. It appears that instead of looking at the law to solve problems, they looked for reasons to justify breaking the law. That does need investigation and if people were found to be breaking the law they must be held accountable as a warning to people in the future.
But also investigate the role of prominent politicians who must have known better. Pelosi and Reid should not get a pass.
Saw this a couple of days ago.
Since 2002, 61 former detainees have committed or are suspected to have committed attacks after being released from the detention camp, Pentagon spokesman Geoff Morrell said at a briefing Tuesday.
via Pentagon: Ex-Gitmo detainees resume terror acts – CNN.com.
This is news?
This is going to be used by people who just saw the season opener of 24 to say “See!! Jack’s right!!” or something. One of the big problems with GITMO is that holding people for years and mistreating them usually means that they wont join the America’s Fan Club when they get out. Yes, many of the people are murderers, but this was not the way to deal with them in the past and it still isn’t.
Gitmo was always a bad idea. Despite the administration (only days left!) claiming that they obtained good intelligence out of that place, even Kiefer Sutherland admits that torturing someone will mean that they’ll just say anything to make it stop.
Now President-elect Obama is commiting to cleaning up this mess and the sooner the better. No matter what he does there are going to be upset people, liberal and conservative, who will accuse him of either coddling terrorist or selling out the constitution.
I don’t like DRM. It’s not an effective control since you can almost always convert the protected media into an unprotected version.It treats paying customers like trash and is meant to keep the fish swimming in neat little lines.
That’s why I buy all my online music from Amazon. I’m not an Amazon fan exactly, I just think that Apple is pandering to the music factory. The integration with my iPhone is broken so I buy music via the web and run iTunes and add the new files to my collection. There is a Firefox plugin but it works sporadically and I gave up on it.
Recently Apple relaxed their DRM. Your account is still stamped on the downloaded music, but most of the songs are no longer encrypted. That means I can play that music on Linux, my XBox 360 (I think), etc. For a not huge fee you can convert the songs in your collection from encrypted .m4p format to .m4a format.
It’s a start and I’ll give it a shot and pick up some tunes. I’ll believe Apple’s iTunes Store is really “open” when the Creative MP3 player can plugin and sync using iTunes.
