Configuring Postfix on Debian & Ubuntu to relay via GSuite

We are occasionally requested to set up and deploy mail services for our clients so that their services can send reminders, notifications, billing runs, etc.  Thankfully, mail is one of our fortes.  We have built and maintained mail clusters utilizing open source software (OSS) such as postfix and dovecot with over 8 million accounts on the platform.

We can practically converse in SMTP, IMAP, and POP protocols.  TLS is making that a bit more difficult for us to use spoken word, however.

Mail is simple if you have a single server running your entire shop. You set up all of your services including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC), and you don’t have to touch it again save for regular updates and patching.  Once you introduce a handful of servers, the situation becomes a bit more complex as you now have to manage and update all of those policies to account for your new server(s), and in the time of the cloud, your servers can be on completely different networks.

Host Based Relaying

In order to simplify things and centralize your mail services, there are two main infrastructure designs.  It doesn’t make sense to have every server configured as a complete mail server, so the first option is what we will call “Host Based Relaying”.  This involves each individual node having credentials to a mail service, Gmail for example, and sending messages to Google for ultimate delivery.  It would look something like Figure 1.

Host Based Relaying Image

Figure 1: Host Based Relaying

In this scenario, each machine has a stripped down version of postfix and its sole job is to get the message to Google.  We do not have any sort of SPF, DKIM, or DMARC configured on each machine, instead, those services are configured on the Google platform.  This decreases the administrative overhead significantly.

Dedicated Relaying

Host based relaying works well with a handful of machines, but we still manage credentials on each machine.  We can further reduce our overhead and streamline our configuration by creating a dedicated relay.  The purpose of this single machine, or a load balanced pool of machines is the same as every machine in Host Based Relaying, to get the message to Google for final delivery.

Figure 2: Dedicated Relaying

Figure 2: Dedicated Relaying

In this scenario, the Dedicated Relay servers are the only machines that store the Google credentials. The configuration of all the other machines can be done with host or network based relay permissions and we eliminate most of the complexity.

Scaling and SaaS

So what happens when you have hundreds of machines?  Surely you might overstay your welcome at Google.  In that scenario, your dedicated relays become the nodes configured with SPF, DKIM, and DMARC.

There are also several Software as a Service (SaaS) solutions built specifically to handle high volumes of email.  They all have APIs so integrating with them is quite trivial.

What about Postfix and Ansible?

Now that you have a decent grasp of the options, we’ve published a basic Ansible script on our Github to configure a machine to relay via Google.  You can find the documentation and code at

Can you do it for us?

Absolutlely. Drop us a line.

January 8th, 2019|Categories: Ansible, Howto|Tags: , , , , |

24×7 Linux Server Support

Revenni Inc. is pleased to announce an addition to our existing On Demand Services: 24×7 Linux Server Support.

Our 24×7 Linux Server Support service offers 24-hour emergency access to our team of expert Linux System Administrators on an ad-hoc hourly basis when you need it the most.  It’s great for customers who are not on existing support plans but have urgent technical support requirements from an experienced Linux System Administrator.

Resolution Guarantee.

When you order 1 hour of Emergency Linux Server Support you are purchasing a resolution.  If we cannot resolve your issue we’ll refund your order, no questions asked.

Enagement Process

We appreciate that minutes count when your server is having issues.  We’ve streamlined our engagement process and broken it down into two steps in order to get you back online as soon as possible.

Learn More
Get Help Now!
October 28th, 2018|Categories: On Demand Services|

Realizing the value of Managed IT Services

A Managed IT Service success story.  It’s Wednesday evening, not unlike last Wednesday or the hundreds before that.  Business was brisk throughout the day, and you have retired home after a long day at the office.  Dinner was fantastic, and you’ve indulged in a glass of wine or three.  Life is excellent, or so it seems.

Meanwhile at the office, unbeknownst to you, one of your business-critical computers has just suffered a hardware failure.  Not a dead disk, not a power supply failure, no, none of the usual culprits.  The fault is much more subtle.  The tension clip that adheres to the CPU heatsink has broken, and the machine has powered down due to a temperature failsafe.

We’ve taken the opportunity to embellish the dinner and wine details to be more entertaining, but this is a real event that happened to one of our Managed IT Service clients last week in Toronto.  Revenni was alerted by our monitoring software that the machine had powered off. When attempts to restore service remotely failed, we attended the client site and discovered the broken clip.

Heatsink fasteners are hard to come by at 11 pm.  We were able to jerry-rig the clamp, restore the service, and have a new heatsink sourced for the next morning.  One of the configuration files for the application became corrupt when the machine powered off abruptly.  We restored the configuration from backups and brought the service back online before the business day began.

Back to you.  It’s Thursday morning.  You wake up, grab the paper, hit the espresso machine and catch up on the daily news.  You come into the office to find a message regarding the critical failure, it’s resolved, and you can start another productive work day.

We work hard to establish value for our customers.  We highlight situations such as this one to demonstrate how we can complement your existing operations.  Imagine the alternative scenario.  Your machine dies in the middle of the night, and you arrive at the office to discover that not only are your customers disappointed because a service they rely on you for is unavailable, but you have several staff members on an extended coffee break because there is nothing for them to do.  We turn this lose/lose situation into a win/win, all while you enjoy a night of rest.

Murphy’s law taught us that if anything can go wrong, it will.  This machine is scheduled to be decommissioned and it’s services virtualized in merely two weeks. The transition isn’t an excuse for unpreparedness.

Remote Monitoring, Backups, and Hardware Lifecycle are just three of the many services Revenni bundles into our Managed IT Service.   Let’s start a discussion about shoring up your technology so you can sleep too.

September 16th, 2018|Categories: Managed IT Services|Tags: , |