I keep seeing references to Inbound email in GitHub Enterprise online. I manage a Github Enterprise instance running v2.4.1. Nowhere I can find a place to configure that. I see the usual 'Email' settings in the management console, but that only has settings for outbound email.
My users are requesting the ability to reply to PRs or comments from their email and have that response posted directly to the relevant page on the internal Github website. Is this possible?
Responding to my original question. After looking around and raising a ticket with github support, I figured that to make this work I will need to punch a hole through our company firewall. Since I can't do that, I came up with an alternative. I have made my solution available on Github: https://github.com/wrecker/github-mda
Solution
Github Enterprise sends out notification emails with the reply-to address set to reply+NN..NN#reply.[hostname]. Here [hostname] is the FQDN of the GHE instance. E.g: github.priv.mycompany.net.
Create DNS records for reply.github.priv.mycompany.net with your DNS provider.
You will at the minimum need MX records for this sub-domain.
Set up email delivery to reply.github.priv.mycompany.net with an external email provider (Google Apps, Zoho, Exchange Online or roll your own)
Use fetchmail to retrieve messages
When fetchmail downloads new emails it forwards them to a custom MDA. The MDA then filters messages that have a TO address of the form reply+NN..NN#reply.[hostname] and delivers them to the SMTP server on the GHE instance.
So the mail settings on the console window are for both outbound AND inbound mail.
The only other thing that needs to be done to get email reply to work is that you need an MX record in your DNS for the reply, like
reply.<hostname>
Also, you may need to make sure that your SMTP server/relay can contact port 25 on your GHE instance. Depending on firewalls where you work, your mileage may vary.
Related
I am using mailgun.com for occassional mass-mailings. Would it be possible to also use it for sending personal emails from me and my wife? The specific problem is that email errors (e.g. "Recipient not found on the server") are only available in the mailgun console and I'd like for them to be received as an error emails sent back to the sender (as is the case with "standard" personal email services). Is it possible to set this up at mailgun.com?
Alternatively, is there a cheap (or even free) SMTP server available for sending emails from the custom domain I own?
(Note that RECEIVING emails to our domain is not a problem, we have that solved using email redirection on my domain.)
Detailed explanation of our setup and reasoning: Behind the scenes, we are both using personail gmail accounts (e.g. me#gmail.com and wife#gmail.com) but we don't advertise these anywhere and our "public" email addresses are me#mydomain.com and wife#mydomain.com. Mydomain.com uses Cloudflare email redirection to redirect our incoming emails back to our Gmail inboxes. We used "Send mail as" GMail feature to send emails as "me#mydomain.com" and "wife#mydomain.com" through smtp.gmail.com but this solution requires us to have "Less secure apps" enabled on our Google accounts and Google seems to be phasing this solution out. The fact that our "real" Gmail addresses are visible in the email headers is not a problem for us.
Originally, we've used free "legacy" Google Workspace accounts on mydomain.com but those are now also being phased out by Google. So we are looking for a SMTP server.
Answering my own question:
I have found that smtp2go.com (which provides very similar services to mailgun.com) provides this option. Your SMTP account can be configured (in the "Advanced" tab) so that bounced email reports are delivered back to the sender's mailbox (or to different mailbox). Additionally, smtp2go's services are free if you send less than 1000 emails monthly so this seems like perfect solution to my problem.
I'm currently running a SAAS application and mails are being sent from our application using Mailjet.
Some of the larger customers have been asking to allow the emails to be sent from their domain (e.g. info#largehotel.com) instead of our system (notifications#saasapp.com).
Are there any initial pointers I will need to look at? I'm guessing they will need to add our SPF records to their SPF records too and that they will need add a DKIM key that we generate for them to add to their records too? Then do some validation on them on the DNS level and mark them as validated?
I have some understanding to have customers run their own domain against our SAAS domain but a bit lost on the sending from their email domain requirement.
First, for the record, my SaaS platform does this (vía option 2b). It’s an e-commerce marketplace and I need the receipts to be sent from the email address of the product seller, not from me (the marketplace)
You have two(ish) options
Send email through your client’s mail servers (instead of mailjet)
Verify the client’s domain on your Mailjet (or similar email) service
option 1
With option 1, you’ll need to ask your client’s IT team to setup a username and password for you to access their SMTP server. This is essentially just like them creating an email account for you to use. This may seem like the easiest path available for you, but there are potential pitfalls and disadvantages:
Doing this, you will lose the mail open/click/bounce tracking functionality you get with mailjet; because you’ll be using the company’s SMTP server instead.
If you’re sending out as a fairly common email address (eg info#your-client.com) the client may already have that account active on their mail servers. That would allow them to receive replies into the existing infrastructure but make them wary of the security issues with sharing a password to their mail server with you.
You might find that they don’t even have the ability to give you a username and password. Modern mail services don’t allow for SMTP access (which is what your web app will need); and security conscious companies require 2 factor authentication on mail accounts (which your web app can’t answer)
Option 2
For this, you will need to ask their IT team to configure some DNS records to prove to mailjet, and to the email recipient, that you’re allowed to send on behalf of your client.
You did this for your own domain when you first setup mailjet. See https://app.mailjet.com/support/how-to-add-a-sender-address,96.htm for what this involves, but it’s a case of asking the client to configure a DNS record.
That tells mailjet that you’re allowed to send on behalf of that domain; but you’ll also want the client to adjust their SPF and DKIM records so as the recipient of the emails knows to trust Mailjet’s servers with emails sent from your client’s domain name. Normally, recipients only trust email sent from your client’s mail server (which you have as option 1) and distrust email sent from SAAS providers.
You will (or should) have done this on mailjet for your own domain already as well. https://app.mailjet.com/docs/spf-dkim-guide
So for this, you’ll need your client to setup 3 DNS records.
If you go this way, you could setup a separate Mailjet account which they and you have access to. That way they ca see their dashboard directly and feel a sense of ownership and security around it. But you won’t be able to markup the price of it 😜
Conclusion
How important is the tracking? If you can’t lose that you need to go with option 2.
How technically savvy is the client? Are they going to be able to have those DNS records changed? Are they going to be (rightly) security conscious around giving you an account on their main mail sever.
Option 2 would be my preference. You might need to hold their hand through the DNS setup so get it configured on Mailjet (And ask about SPF in here to make sure you get it right) so you can provide them with clear instructions of the specific 3 DNS records to create/update.
Whatever approach you take make sure you’re talking to the right people at your clients side soon. Their marketing team may be keen to do this with you, but if their IT feels left out of the conversation they will be difficult to get on board when you need them to make the changes. Us IT folk can be grumpy and obstinate 😀
your web app
This is going to need some adjustment. You probably already store your Mailjet credentials in a file or environment variables; these might need to move these to a dB table so you can relate credentials with specific accounts. But we’d need more info on the web app to be able to speak more to that side of the challenge.
option 2b
just as a note instead of a real suggestion. Be aware that some email service provers allow the sending verification part to be done by sending an email to someone on that domain (eg admin#yourclient.com) and then allowing sending vía the API if the recipient clicks on the approve link on that email. But, even with that setup you still need the client to configure SPF and DKIM on their DNS, so the extra one record isn’t a big ask. AWS’s SES allows for this. This works for me; but I have different requirements around deliver ability, and a large number of non-tech users (as opposed to your one or two big clients)
you can ask your client to generate programmatic(app key/password) user for email need to use for example info#largehotel.com and some other info like (host:gmail, protocol: smtp,...) all basic info needed then in your saas retrieve all this info to create object with client info that you stored before to send email for the target (from developer prospective non network engineering )
The SPF is the most important think to do. In most cases you have to be very careful about the IP reputation, but since you are using Mailjet it's up to them to manage this part.
Be attentive to the overall quality of the email, text/image ratio... Also offers a text body version of the content and dont forget the unsubscribe link. Since you already send emails with your service, I guess it's points are already correct.
I registered G-Suite free long ago for my domain. We use Google Drive for file sharing and emails under that domain. Recently Google seems forcing me to upgrade to their pay plan. They list some of our key emails to spam list so that those email can't send mail to group. It also list some of our partners emails to spam list so that they can't send mail to email group under our domain.
Google suggests that in order to manage spam list sending to a group under domain, we have to upgrade to a pay plan.
As we have many users, the pay plan will be too expensive. So I'm thinking to run my own mail server, however still want to use google drive for file sharing within users in domains.
I would like to ask if there will be any issue if I change MX records to my own email server and keep using G-Suite free for file sharing with google drive ?!
Thanks,
Klab
The answer to your question is "it depends". Your split brain approach absolutely does work. We have exactly that configuration where we have some MX records going to on-prem, some going to gmail AND THEN to on-prem and some going only to gmail. The mails flow well and users get their email. The reason that I say "it depends" is that it depends on what you mean by issue. There's no issue with mail delivery, but there are issues with management. For example ideally you will have domainA.com for your email and domainB.com for your Gsuite and keep them separate: you don't have to do this obviously, but I wish we had. If you must have only domainA.com with domainA registered as your GoogleID but not with your MX record it will work, but it will probably end up with a headache when you get a problem in two years when userX's emails don't arrive and you have to track through where they go. That may not be an issue for you, but if you end up with 100 sub domains and 100K users then it's irritating to say the least.
You have other options with GSuite Enterprise and I assume Free, you can route all your inbound emails from a mail gateway see the docs so you can have both. Your inbound mails hit your Exchange server which then forwards to GSuite, or you can set up mail routes doc to forward all your inbound emails to your Exchange server, so you keep your MX record as Google and then your forward those mails to Exchange, then you reply from Exchange and the recipient replies back to Google. We do that too. It does work, insofar that the mail is delivered but it gets confusing to debug issues. But if you must have only one domain and you have to split up users then it's one approach.
You also configure a non-Gmail mailbox see doc which routes all your messages to, say, Exchange.
However, before you do, I'd look more into the Gsuite anti-spam features. You can customise some of the Google spam filtering. See doc . You can't customise all of it: we have had hangouts with the Google spam team who (eventually) explained some of their internal workings and there are some spam messages that you simply can't get delivered because the spam filter is applied before the GSuite level. Most business-type spam, rather than the nasty malware or "adult" spam, though is managed at the Gsuite level and you can disable it by domain if you wish. Differentiating between what Google thinks is spam and what the business thinks is spam still crops up for us from time-to-time.
To address your core issue of spam emails not being delivered to your group, I do not know about the free tier: we have the Enterprise tier, but on the assumption that the Groups configuration is the same (which it may not be but if it is) you can configure message moderation docs for a group. You can set "spam messages" to "skip the moderation queues". We have done that where, as with you, legitimate mails get classed as spam because they come from, say, automated services. We have also in cases removed the "archive" ability so the group is really only a mail distribution list and that bypassed the moderation for us.
I enclose a screenshot of the Enterprise Groups moderation options page from the control panel so you can see what we get in Enterprise and if it's different from what you get in Free Tier
Recently I moved my site to GCE and now emails are not being sent. I send them using gmail's smtp server, through the port 465.
A simple google search points to this article, in which they say that I must use a third party solution like SendGrid.
The weird thing is, I can send regular emails. I was testing my site and I am able to send a simple email with "Hello world" in the message body. But the moment I add a link (URL address) to the body message, the email is not sent.
Is this an expected behaviour? Is there a work around?
I think it's dumb for Google to not allow sending emails even though its own Gmail servers.
Perhaps there is some confusion here. "Despite" of what they say...
Look at their article on Sending Email from an Instance and I quote:
"Google Compute Engine does not allow outbound connections on ports
25, 465, and 587 but you can still set up your instances to send mail
through ports 587 and 465 using servers provided through partner
services, such as SendGrid."
They clearly state that you CAN do it.
Also, if you're authenticating with your Google Account to send via smtp.gmail.com, you're authenticating with a username and password just like any standard email client would. So why would that not be allowed? You're basically connecting as an email client.
On another note, your issues with links were related to the quality of the message therefore being marked as spam (GCE wasn't causing any problems.) by Gmail, as I suspected in my previous comment. You're mainly using Gmail here, and not really any issues directly related to GCE.
I hope this clarifies things a little.
Apparently Google Cloud (despite of what they claim) does allow smtp traffic. I added the firewall exception of the port tcp:465 for all IP addresses.
Additionally, emails containing links were being sent to the spam box, but just on my email account. I sent it to another account and it worked just fine.
[Edit]
GCE had nothing to do with the links problem. It was the poor design of my email content that caused it to go to the spam folder.
The solution was already there. Open the right firewall ports and you're good to go.
I have written a couple of web sites that contain a "contact us" form.
However, our host recently switched SMTP off. Their excuse is "security issues".
The solution they offer is that they implemented rules whereby all mail generated from the platforms must be sent using the sendmail/phpmail functions and pass through a mail relay which checks the mails and their content and ensures malicious content and activity is completely blocked and they recommend I use "A virtual or dedicated solution".
I have no idea what it is they want me to do to get emailing working again and this is quite urgent as many clients are not getting their emails.
Is there an easy way to go around this in order to get emailing working again?
Many thanks in advance
It generally means that you will have to specify the new mail server they are providing instead of localhost in your code. Further, earlier, you were able to send the mail without authenticating but now on, you must have an account and you must authenticate before you send the mail. (I am not sure though, may be they allow relay to their own servers and you might not need authentication).
Go to the control panel of your hosting account and check for the mail panel. Check out the new smtp server name there and code your site to use this smtp server with credentials. This will let you send mail again.