Closed nthh closed 10 months ago
@vnugent - I would be interested in working on this issue. My approach would be building a containerized postfix workload and keeping it open-source and self-hosted.
how do we harden the mail server from spamers and being marked as spam by Gmail?
@vnugent
I'm not sure what you mean "harden from spammers". It would only send mail. It's not a full-featured email server and would only send outbound mail. It is hardened because the ports required would not be exposed to 0.0.0.0/0 and further protected by declaring the my_networks
variable (defining which networks can use the relay) in the postfix configuration.
Outbound mail would not be marked as spam because DMARC, DKIM, and SPF would be configured.
This is the same service as I'm using with my SaaS employer, though in this case difference would be to deploy as container for better resource management.
would it work with Auth0's requirements? My guess is we need a certificate from Letsencrypt for TLS.
and besides cluster access, what else do you need?
Yes it would work for Auth0 and any other mail server needs for OpenBeta.
I would need temporary access to DNS (for mail records and LetsEncrypt verification), cluster access, and maybe demo of our current pipeline and repo so I can follow suit.
I've sent you access information. For DNS, can you send me what needs to be added?
Is it possible to set smtp subdomain to something like smtp.tacos.openbeta.io?
You can test the email connection from Auth0 dev tenant (see link above). Once that works, I'll replicate Auth0 changes from the dev tenant to production. Thank you!
Is the planned implementation still as discussed? (Containerized postfix workload). If so, is there a repo somewhere that represents our progress toward a self hosted mail server?
@vnugent @on3iropolos
I'm happy to hop on this and take it a little further on
I was thinking about using Amazon SES. Significantly less work for a small price. What do you think?
I agree that using a saas product will be a lot less initial work and maintenance. Our code itself remains open-source, despite interfacing with a closed-source product (which it seems like is unavoidable in the larger project anyway). I don't think that it is particularly important to (1) self host and (2) only use open-source code for this particular functionality. I've used MailGun before for this but it is basically the same thing as SendGrid and I'm sure very similar to SES. MaillGun, SendGrid, and SES all have simple setup docs on the Auth0 website for using each as an SMTP provider. I think we should go this route
I also agree to go with a hosted route. While it's a project I would be very interested in running with, I'm a little too swamped with other work at the moment.
Adelore Lessard
*edit: removed personal data
I would also imagine this is easier. Especially since our needs are so boilerplate
We've migrated to SES. Thanks @enapupe!
Everyone please let us know if account related mails go to spam.
The auth0 emails are sent from root@auth0.com and are not customizable unless an email provider is set up.
Evaluate using a provider such as SendGrid for emails and also connecting that to the openbeta.io domain.
Auth0 setup instructions: https://auth0.com/docs/customize/email/smtp-email-providers