Leaving Google: Difference between revisions
Brian Wilson (talk | contribs) |
Brian Wilson (talk | contribs) No edit summary |
||
Line 1: | Line 1: | ||
Google evolved an email service for Wildsong.biz offering to being a "suite" of tools that I don't need or want. A few months ago they announced it would be a for-pay only service. All that's fair, but I am not motivated to pay for the service. | |||
I am setting up map46.com and w6gkd.radio domains for starters to test everything. | I am setting up map46.com and w6gkd.radio domains for starters to test everything. | ||
Line 5: | Line 5: | ||
For now, | For now, | ||
# Set up new gmail accounts | # Set up new gmail accounts for each of my users. ('''done''') | ||
# | # (On Google), forward from the existing wildsong accounts to new gmail accounts (2/3's done. Doing mine today. 1/1/23) | ||
# Set up email forwarder for wildsong.biz | # Set up email forwarder for wildsong.biz on my Tektonic VPS. ('''done''') | ||
# Move devices (phones and tablets) to new addresses | # Move devices (phones and tablets) to new addresses. (2/3 done, in the meantime I abandoned my smartphone for a Sunbeam F1 so '''done'''.) | ||
I have a VPS at Tektonic.net as the mail server. It's on the Internet all the time even when I trip and kick the wires out of the wall here at home. | I have a VPS at Tektonic.net as the mail server. It's on the Internet all the time even when I trip and kick the wires out of the wall here at home. | ||
Line 14: | Line 14: | ||
As my SMTP server I will be using Postfix, along with its friends Postgrey, SpamAssassin and ClamAV. | As my SMTP server I will be using Postfix, along with its friends Postgrey, SpamAssassin and ClamAV. | ||
== | == Google accounts == | ||
=== Forward mail from one gmail account to another === | |||
[/cdn-cgi/l/email-protection <nowiki>[email protected]</nowiki>] -> [/cdn-cgi/l/email-protection <nowiki>[email protected]</nowiki>] | |||
=== Move mail from one gmail account to another === | |||
Google uses POP3 to transfer mail between accounts. Strangely Google does not allow Google to '''import''' mail from Google. | |||
In the old account you have to '''allow "less secure" apps.''' | |||
Then you have to set up POP3 in Accounts to tell the new account to do the import. It really did take 1-2 days for it to happen. | |||
The process is not documented by Google, it's described in a | |||
[https://support.google.com/mail/thread/8805971/server-denied-pop3-access-for-the-given-username-and-password-i-have-tried-everything-need-help?hl=en community posting.] | |||
Google's process to describe transferring mail is described by a user, not by Google. | |||
=== Move Google Drive === | |||
=== Move Google Photos === | |||
Make the new account and the old one "partners" and "share everything." | |||
== VPS set up == | |||
'''Hostname''' "hostname -f" should show the FQDN, which is '''w6gkd.w6gkd.radio''' Set FQDN in /etc/hosts | '''Hostname''' "hostname -f" should show the FQDN, which is '''w6gkd.w6gkd.radio''' Set FQDN in /etc/hosts | ||
Line 69: | Line 91: | ||
Test it with | Test it with | ||
mail | mail [/cdn-cgi/l/email-protection <nowiki>[email protected]</nowiki>] | ||
---------------------------------------------------------- | ---------------------------------------------------------- | ||
DKIM check details: | DKIM check details: | ||
---------------------------------------------------------- | ---------------------------------------------------------- | ||
Result: '''pass''' (matches From: | Result: '''pass''' (matches From: [/cdn-cgi/l/email-protection <nowiki>[email protected]</nowiki>]) | ||
ID(s) verified: header.d=w6gkd.radio | ID(s) verified: header.d=w6gkd.radio | ||
Line 109: | Line 131: | ||
I am inclined to install dovecot, mysql, and elastic search in Docker containers | I am inclined to install dovecot, mysql, and elastic search in Docker containers | ||
Docker based installations are so clean and flexible. | Docker based installations are so clean and flexible. | ||
[[Category: System Administration]] | [[Category: System Administration]] |
Revision as of 22:41, 1 January 2023
Google evolved an email service for Wildsong.biz offering to being a "suite" of tools that I don't need or want. A few months ago they announced it would be a for-pay only service. All that's fair, but I am not motivated to pay for the service.
I am setting up map46.com and w6gkd.radio domains for starters to test everything.
For now,
- Set up new gmail accounts for each of my users. (done)
- (On Google), forward from the existing wildsong accounts to new gmail accounts (2/3's done. Doing mine today. 1/1/23)
- Set up email forwarder for wildsong.biz on my Tektonic VPS. (done)
- Move devices (phones and tablets) to new addresses. (2/3 done, in the meantime I abandoned my smartphone for a Sunbeam F1 so done.)
I have a VPS at Tektonic.net as the mail server. It's on the Internet all the time even when I trip and kick the wires out of the wall here at home.
As my SMTP server I will be using Postfix, along with its friends Postgrey, SpamAssassin and ClamAV.
Google accounts
Forward mail from one gmail account to another
[/cdn-cgi/l/email-protection [email protected]] -> [/cdn-cgi/l/email-protection [email protected]]
Move mail from one gmail account to another
Google uses POP3 to transfer mail between accounts. Strangely Google does not allow Google to import mail from Google.
In the old account you have to allow "less secure" apps.
Then you have to set up POP3 in Accounts to tell the new account to do the import. It really did take 1-2 days for it to happen.
The process is not documented by Google, it's described in a community posting.
Google's process to describe transferring mail is described by a user, not by Google.
Move Google Drive
Move Google Photos
Make the new account and the old one "partners" and "share everything."
VPS set up
Hostname "hostname -f" should show the FQDN, which is w6gkd.w6gkd.radio Set FQDN in /etc/hosts
Firewall? No. I am currently running fail2ban but have no firewall as such right now, which is fine for this server. I'd need to make sure port 25 is open.
System time. It is on UTC. Change it. Install NTP.
timedatectl set-timezone America/Los_Angeles apt install ntp systemctl status ntp
Syslog I think it is already set up. See /var/log/mail*
DNS is at Cloudflare. "dig w6gkd.radio MX" tells me it's pointed at the right place. The names "mail", "smtp", and "imap" should be CNAMEs fpr w6gkd.w6gkd.radio
The reverse needs a PTR record in place at the ISP. I did this via a ticket with Tektonic. It now returns w6gkd.w6gkd.radio
SMTP authentication - so I can forward mail from Google (and my own servers). https://www.bluehost.com/help/article/email-client-enable-smtp-authentication
My standard TXT record for email, V=SPF1 +A +MX -ALL
Server: mail.DOMAINNAME Port: 465 with SSL
TLS Certificate
Install and configure Postfix
Out goes Exim4, in with Postfix. I tried putting it in Docker, sigh, maybe later for that.
apt remove exim4-base exim4-config exim4-daemon-light apt install postfix postgrey clamav spamassassin
Configure in /etc/postfix especially main.cf
Install and configure OpenDKIM
(It has to work with Postfix.)
apt install opendkim opendkim-tools
How does it work? https://mailtrap.io/blog/dkim/
Help with Postfix: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
Test it with
mail [/cdn-cgi/l/email-protection [email protected]]
---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: pass (matches From: [/cdn-cgi/l/email-protection [email protected]]) ID(s) verified: header.d=w6gkd.radio
Testing
To send mail on the host, I want the address to have the domain not the hostname,
date | mail bwilson
should go to [/cdn-cgi/l/email-protection [email protected]] not [/cdn-cgi/l/email-protection [email protected]]
This is controlled by "mail" NOT postfix. So put this in /etc/mailutils.conf
address { email-domain w6gkd.radio; }
- Can I send from w6gkd.radio?
- Can I send to [/cdn-cgi/l/email-protection [email protected]]?
- Are the letsencrypt keys working?
/etc/cron.weekly runs /usr/local/sbin/renew_certs.sh
See /etc/letsencrypt/live to see what is set up
Filters
- Postgrey -- https://postgrey.schweikert.ch/
- Spamassassin -- https://spamassassin.apache.org/
- ClamAV -- Antivirus / malware -- https://www.clamav.net/
IMAP - Dovecot
I am inclined to install dovecot, mysql, and elastic search in Docker containers Docker based installations are so clean and flexible.