Google Dropping Emails?

I have had a bunch of trouble with script-generated emails timing out and not being sent through Google Apps. Not really sure why this is happening, but this is how I am fixing it... and it seems to work so far.

If you are using the article I wrote in Linux Pro Magazine a month or so ago to deploy Liferay, do not set up Liferay to connect to Google directly to send mail.

Instead:

1. Set up Sendmail as a relay on your Liferay application server (only accessible to localhost) and use the mail settings in Liferay (ROOT.xml) to send all outbound email through localhost. No password should be necessary (depending on how you set Sendmail up), but make sure that the username you are using does, in fact, exist in your Google Apps account.

2. In Google Applications mail control panel, be sure to allow the public IP address your mail will be relayed from.

3. Next, publish your SPF record if you have not already done so. see openspf.org for details. If your DNS provider does not offer txt records for your domain, move to someone who does or host your own public authoritative DNS.

   SPF adoption is growing and if you are not onboard you will be left behind with your communication being dropped into spam folders or altogether rejected. As of a few days ago, Network Solutions does not offer that service and do not have an ETA for when they will.

   Running your own authoritative DNS has other advantages, like enabling Jabber/Gtalk federation between tour domain and others. There is documentation on the Google Apps forums for this
4. Here is the hard part: if you consider these emails to be of critical importance you must contact Google (but only if you are a paying customer) and ask them nicely to remove spam filtering from the address you are using to send emails from Liferay.

Why does this work? Instead of having Liferay connect directly to Google's SMTP (meant for clients like Outlook), the messages are sent through a local relay that does not send to smtp.gmail.com. The relay looks up the MX records for your organization which should be pointed to Google's MXes (aspmxl.google.com etc...) to forward email. When you whitelisted the IP address in the GApps control panel, you were telling Google that you would be intentionally relaying email from that address. The SPF record essentially does the same thing for other mail servers. If there is a timeout situation getting the email from the relay to Google, the relay should continue to attempt to resend.

This documentation also goes for other technologies like Nagios that may generate a quantity of critically important email.

Best of luck... -Ash