© 2015 X2Engine Inc.

Difference between revisions of "Email Configuration"

From X2Engine
Jump to: navigation, search
(Introduction)
Line 11: Line 11:
 
# SMTP
 
# SMTP
  
PHP Mail, Sendmail and QMail each, while independent of any offsite, third-party service, require that an MTA be available on the web server. You can check that PHP is at least configured for using an MTA using [[requirements.php|requirements.php]].
+
PHP Mail, Sendmail and QMail each, while independent of any offsite, third-party service, require that an MTA be available on the web server. The main difference is that PHP Mail uses whichever MTA that PHP itself is configured to use, whereas Sendmail and QMail are specific to Exim4/Postfix and QMail MTA's (respectively). You can check that PHP is at least configured for using an MTA using [[requirements:|requirements.php]]. For all instances of X2CRM Professional Edition cloud/ondemand, the methods available for sending mail include all of these except QMail.
  
 
== Circumventing Spam Filters ==
 
== Circumventing Spam Filters ==
While certain options for sending email within X2CRM may work immediately, a common problem encountered is that email goes into spam folders on the receiving end, or is not received at all. This is not a fault in X2CRM or [http://phpmailer.worxware.com/ PHPMailer] (which X2CRM uses for mail delivery); rather, it is due to how the general proliferation of email spam through various means (but especially PHP scripts running on web servers) has resulted in greatly elevated standards in the spam-detection mechanisms and heuristics on all reputable email servers. This poses an entry barrier to avoiding having emails get filtered or blocked, and this is common to all web applications (i.e. Wordpress, Drupal, etc.), not just X2CRM. It is thus recommended that, before utilizing the email features of X2CRM, measures are taken to ensure that mail sent will have the best chance of avoiding spam filters.
+
While the non-SMTP methods for sending email within X2CRM may work immediately, a common problem encountered with them is that email goes into spam folders on the receiving end, or is not being received at all. This is especially likely to happen when the email addresses specified by users in their profiles (which get used as the sender address in the headers of mail sent by X2CRM) do not belong to the same domain as the server hosting X2CRM. So, for example, it would be problematic if a user uses an email address in their X2CRM profile that ends in gmail.com, and the CRM system and MTA are on example123.com
  
== Mail sending options ==
+
This is '''not''' a fault in X2CRM (or [http://phpmailer.worxware.com/ PHPMailer], which X2CRM uses for mail delivery). Rather, it is due to how the general proliferation of email spam through various means (but especially scripts running on web servers) has resulted in greatly elevated standards in spam-detection mechanisms and heuristics of all reputable email servers. This poses an entry barrier to avoiding spam filters, and this is common to all web applications (i.e. Wordpress, Drupal, etc.), not just X2CRM. It is thus recommended that, before utilizing any method of X2CRM besides SMTP, measures are taken to ensure that mail sent will have the best chance of avoiding spam filters.
  
= PHP Mail, Sendmail & QMail =
+
=== Work-around 1: Aliasing ===
Pro: No third-party mail services required
+
This works by first creating mail forwarding aliases on the server, i.e. through a Virtualmin or CPanel control interface, or manually, by editing the MTA's virtual user aliases table (see their respective documentation for more information). Next, instruct all users to use these email addresses as their contact address in their X2CRM profile, so that when contacts reply, the response emails will be forwarded to the desired addresses (or even a list of addresses) specified by each alias.
  
Con: To reduce chances of blacklisting, email addresses that end in x2vps.com must be used as the sender address (see "More info")
+
This is the recommended method for users of X2CRM Professional Edition cloud/ondemand. The hosting environment has the [http://www.opendkim.org/ OpenDKIM] signing service running on it, and the mail server has been configured to sign all email being sent from all subdomains of x2vps.com. See [[#Using_DKIM]] for more information
  
Work-around: Set up mail aliases through the Virtualmin control panel to use as sender addresses in X2CRM. Then, these addresses can be used to receive mail; when the recipient responds to an mail, their mail will be redirected to an arbitrary address (or even a list of addresses) specified by the forwarding alias.
+
=== Work-around 2: Migration ===
 +
This, of course, is the most straightforward solution: to use the hosting provider's email service. However, it requires switching from one's existing email service/addresses to service and addresses provided by the hosting provider, and it is also extra effort.
  
More info: Each of these methods ultimately result in mail being sent using a mail transfer agent (MTA) daemon that runs on our server(s). The methods that we support are Sendmail and PHP Mail. Our hosting environment has a DKIM (Domain Keys Identified Mail) signing service running on it, and it has been configured to sign for x2vps.com and all of its subdomains. Emails sent from such addresses will thus be far more likely to be recognized by mail servers worldwide as being from a reputable source, and thus less likely to go into spam folders. However, on the other hand, due to the secure nature of DKIM and how its use is widespread (especially with GMail), sender addresses cannot be "spoofed." In other words: the MTA cannot legitimately sign emails that are "From" a different domain/hostname than its own. That is because, if the *actual* mail service (i.e. gmail.com, yahoo.com, etc.) has DKIM set up, mail servers will see that the DKIM signature in the email doesn't properly correspond to the DKIM record associated with the true, native mail server's domain. DKIM does this by using a series of cryptographic algorithms for checking validity of the signature in the email's header.
+
=== Work-around 3: SMTP ===
 +
 
 +
'''More info:''' Each of these methods ultimately result in mail being sent using a mail transfer agent (MTA) daemon that runs on the webserver. Customers of ur
 +
 
 +
=== Using DKIM ===
 +
(see [[wikipedia:DomainKeys_Identified_Mail|main article]] on Wikipedia)
 +
 
 +
This method, which requires server-end configuration, is a very secure and reliable method of distinguishing email as being of legitimate and trustworthy origin. Reputable email servers are often configured to use a mail signing agent to add a special signature sent from such addresses will thus be far more likely to be recognized by mail servers worldwide as being from a reputable source, and thus less likely to go be caught in spam filters.  
 +
 
 +
However, it still requires that the sender address be of the same domain as the email server. That is because the sender address cannot be "spoofed" due to how DKIM was designed; it was meant to prevent this sort of activity, which is common among spammers. Furthermore, if outgoing email is signed for domains not corresponding to the point of origin, it may actually make matters worse; many reputable mail services, '''i.e. GMail''', themselves use DKIM. Thus, if a DKIM signature header is added to the email, and the signature does not match the DKIM record of the origin address's domain, it will be considered a forgery attempt by email servers that recognize DKIM and thus blocked or filtered by default. DKIM uses the RSA public/private key cryptographic technique to ensure that signatures are secure and cannot be forged, and thus there is no legitimate way of circumventing this issue.

Revision as of 22:03, 25 February 2013

This article covers configuring and X2CRM for sending (and, in special cases, receiving) email.

Introduction

X2CRM provides the means to send email, natively, within the web application. Furthermore, with Professional Edition, the local MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4. on the web server (if any) can be configured to pass emails to X2CRM to be automatically parsed, imported into the web application, and associated with the addressee's contact record.

Sending Mail

There are four options for methods of sending email, which can be found by going to Email Settings under the Email Configuration section in the Admin page:

  1. PHP Mail
  2. Sendmail
  3. QMail
  4. SMTP[[wikipedia:Simple Mail Transfer Protocol]]: a network protocol for sending email to a remote server, often involving password authentication and end-to-end SSL encryption.

PHP Mail, Sendmail and QMail each, while independent of any offsite, third-party service, require that an MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4. be available on the web server. The main difference is that PHP Mail uses whichever MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4. that PHP itself is configured to use, whereas Sendmail and QMail are specific to Exim4/Postfix and QMail MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4.'s (respectively). You can check that PHP is at least configured for using an MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4. using requirements.php. For all instances of X2CRM Professional Edition cloud/ondemand, the methods available for sending mail include all of these except QMail.

Circumventing Spam Filters

While the non-SMTP[[wikipedia:Simple Mail Transfer Protocol]]: a network protocol for sending email to a remote server, often involving password authentication and end-to-end SSL encryption. methods for sending email within X2CRM may work immediately, a common problem encountered with them is that email goes into spam folders on the receiving end, or is not being received at all. This is especially likely to happen when the email addresses specified by users in their profiles (which get used as the sender address in the headers of mail sent by X2CRM) do not belong to the same domain as the server hosting X2CRM. So, for example, it would be problematic if a user uses an email address in their X2CRM profile that ends in gmail.com, and the CRM system and MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4. are on example123.com

This is not a fault in X2CRM (or PHPMailer, which X2CRM uses for mail delivery). Rather, it is due to how the general proliferation of email spam through various means (but especially scripts running on web servers) has resulted in greatly elevated standards in spam-detection mechanisms and heuristics of all reputable email servers. This poses an entry barrier to avoiding spam filters, and this is common to all web applications (i.e. Wordpress, Drupal, etc.), not just X2CRM. It is thus recommended that, before utilizing any method of X2CRM besides SMTP[[wikipedia:Simple Mail Transfer Protocol]]: a network protocol for sending email to a remote server, often involving password authentication and end-to-end SSL encryption., measures are taken to ensure that mail sent will have the best chance of avoiding spam filters.

Work-around 1: Aliasing

This works by first creating mail forwarding aliases on the server, i.e. through a Virtualmin or CPanel control interface, or manually, by editing the MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4.'s virtual user aliases table (see their respective documentation for more information). Next, instruct all users to use these email addresses as their contact address in their X2CRM profile, so that when contacts reply, the response emails will be forwarded to the desired addresses (or even a list of addresses) specified by each alias.

This is the recommended method for users of X2CRM Professional Edition cloud/ondemand. The hosting environment has the OpenDKIM signing service running on it, and the mail server has been configured to sign all email being sent from all subdomains of x2vps.com. See #Using_DKIM for more information

Work-around 2: Migration

This, of course, is the most straightforward solution: to use the hosting provider's email service. However, it requires switching from one's existing email service/addresses to service and addresses provided by the hosting provider, and it is also extra effort.

Work-around 3: SMTP[[wikipedia:Simple Mail Transfer Protocol]]: a network protocol for sending email to a remote server, often involving password authentication and end-to-end SSL encryption.

More info: Each of these methods ultimately result in mail being sent using a mail transfer agent (MTA[[wikipedia:Message transfer agent]]: an email relay service, i.e. Postfix, QMail or Exim4.) daemon that runs on the webserver. Customers of ur

Using DKIM[http://www.dkim.org/ DomainKeys Identified Mail]: a system for digitally signing email that provides the means to securely verify that the email's origin is legitimate.

(see main article on Wikipedia)

This method, which requires server-end configuration, is a very secure and reliable method of distinguishing email as being of legitimate and trustworthy origin. Reputable email servers are often configured to use a mail signing agent to add a special signature sent from such addresses will thus be far more likely to be recognized by mail servers worldwide as being from a reputable source, and thus less likely to go be caught in spam filters.

However, it still requires that the sender address be of the same domain as the email server. That is because the sender address cannot be "spoofed" due to how DKIM[http://www.dkim.org/ DomainKeys Identified Mail]: a system for digitally signing email that provides the means to securely verify that the email's origin is legitimate. was designed; it was meant to prevent this sort of activity, which is common among spammers. Furthermore, if outgoing email is signed for domains not corresponding to the point of origin, it may actually make matters worse; many reputable mail services, i.e. GMail, themselves use DKIM[http://www.dkim.org/ DomainKeys Identified Mail]: a system for digitally signing email that provides the means to securely verify that the email's origin is legitimate.. Thus, if a DKIM[http://www.dkim.org/ DomainKeys Identified Mail]: a system for digitally signing email that provides the means to securely verify that the email's origin is legitimate. signature header is added to the email, and the signature does not match the DKIM[http://www.dkim.org/ DomainKeys Identified Mail]: a system for digitally signing email that provides the means to securely verify that the email's origin is legitimate. record of the origin address's domain, it will be considered a forgery attempt by email servers that recognize DKIM[http://www.dkim.org/ DomainKeys Identified Mail]: a system for digitally signing email that provides the means to securely verify that the email's origin is legitimate. and thus blocked or filtered by default. DKIM[http://www.dkim.org/ DomainKeys Identified Mail]: a system for digitally signing email that provides the means to securely verify that the email's origin is legitimate. uses the RSA public/private key cryptographic technique to ensure that signatures are secure and cannot be forged, and thus there is no legitimate way of circumventing this issue.