Theoretical Archiving of Google Apps Email with Lightspeed TTC

This was requested quite a while ago--sorry I haven't been able to share it until now. These are the theoretical steps one would go through to archive Google Apps for Education email with Lightspeed Systems' TTC. I do not take any credit for these instructions/steps--they have been adapted from an email I got from a guy working at a school district in the Midwest. He did have the system working, although I have not had a chance to test it out myself. We will probably look into this a little more seriously after this year is up as our current projects include moving to Windows 2008 Server from Novell, changing to Google Apps email from Groupwise, as well as making many other changes, so email archiving is not a huge priority right now. We're just biting the bullet and paying Postini for email archiving to start off with.

Disclaimer: as the title of this blog post says, these are theoretical, as I actually haven't had a chance to test it out yet. So don't blame me if you try it out and it doesn't work. BUT, like I said, I did adapt these from a guy who actually did get it working.

Modify MX Records


To begin, change your domain's MX records to point to your public IP of the TTC server you would like to archive email on.

Setup a Mail Server


This should be a fairly straight forward setup, as all we're going to be doing on this server is using it as an email relay. Setup the server on your LAN with a static public IP and have port 25 forwarded through your firewall to it.

Email Relay


Setup an email relay of some sort on this mail server. For example, you could use the free hMail server that runs on Windows, or your choice of a custom setup of any other email program that is capable of email relay. This is the part that is rather complex and that I do not totally understand, so you're on your own here. Basically, what you need to do is trick the mail server to have different MX records to send the email to Google, because your MX records actually currently point to the TTC server's public IP.. If the email relay server used the MX records that are registered with your domain, it would result in an “endless loop”--the email relay server is just going to forward the email back to the TTC server ad infinitum. To avoid this, the MX record magic might be accomplished through somehow setting up static DNS entries for MX records just for the email relay server itself, probably by setting up a DNS server on the email relay server, and entering in the MX records manually that way. There are probably more elegant ways to do this, but it may work like that. In addition, there is a setting within TTC server that will let it act as an email relay as well, so this step may possibly be as easy as setting up the TTC server as an email relay back out to Google.

Setup Inbound Gateway in Google Apps


In Google Apps, go to Service Settings --> Email and configure the Inbound mail gateway to be the public IP address of the IP the email is coming FROM. This would be the IP address of the email server that you setup. Be sure to select the option that restricts your users to only receive email from this IP address. Check Google's documentation here for more information on configuring an Inbound gateway.

Add Filter to TTC


This setup currently will be archiving email twice—once as the email is flowing into your LAN, and then another time as it is flowing back out of your network. To avoid this problem, add an object in the TTC to pass port 25 traffic coming from the internet that is destined for the email relay server around the spam filter, bypassing the archiving setting of TTC. This will only archive the email coming from the email relay server. Alternately, this could be setup the other way around to archive email going to your email relay server.

Setup Outbound Gateway


Now, we need to setup email archiving sent from Google Apps to go through the TTC server (which includes email sent from people within your domain to another member). This is accomplished through an outbound mail gateway. This is similar to the inbound mail gateway and is found in the same location: Service Settings --> Email. Google's official instructions are here if you need any help with this. Set the outbound mail gateway to be the same public IP of your email relay server.

From the instructions that I am adapting this writeup from, the original author mentioned that some of the email coming into the relay from Google will be directed right back to Google but everything else should be routed OK. I'm not entirely sure what that means, but if someone does test this and gets more information please let me know.

Conclusion


I know I said it before, but please remember that this is all theoretical. Since I have not had a chance to test this out yet, I have no idea what caveats or what there is that you need to watch out for while setting this up. If anyone does successfully set this up, please let me know in the comments--I would like to discuss this further with you as this is something I would be very interested in seeing happen.

Comments

  1. I'm about to try and put your theory into practice...

    Lightspeed is not so helpful in the matter (other than "you have to set up your own mail server for that")...

    It's upsetting because things like Astaro and Barracuda do it out of the box, with no additional servers... seems like rubbish to me...

    ReplyDelete
  2. Good luck! You're right--Lightspeed wasn't very helpful either when I tried talking to them.
    Let me know what you come up with....perhaps we could create our own instruction page/wiki setup for this to help others as well if you're successful. It would be awesome if Lightspeed did support this out of the box...

    ReplyDelete
  3. I'm a new Lightspeed customer and I got a little worried about this when I started doing research on it. Fortunately, Lightspeed has attacked the issue and put together a how-to on how to get this working. It actually revealed some features to me that I was not aware of. You can hit them up for it or email me and I'll send it to you.

    ReplyDelete
  4. I've read some rumors about this, I'll have to do some research and see if I can find it--we're hoping to implement it later this year. Is it on the Lightspeed Wiki?

    ReplyDelete

Post a Comment

Popular posts from this blog

Quizzes and Google Forms--It Just Keeps Getting Better

Setup Ubuntu Server as a Simple Router

Uninstall Novell Client (silently)