Monthly Archives: August 2012

Insight on MX-Entries

Recently, I gained some insight on the intended nature and its implications of the interaction of DNS with mail services.

It seamed that rather suddenly, my mail server was no longer able to receive mails from certain mail service providers like web.de. Those sending mail servers were only little verbose about what the source of the problem was:

domain has no mail exchangers

That was rather strange to me as I had some good experiences so far regarding the reliability of the DNS servers I was using. The original configuration I used was the following:

$ dig mx grosseosterhues.com
[...]
;; ANSWER SECTION:
grosseosterhues.com.    120     IN      MX      10 mx.grosseosterhues.com.

and

$ dig mx.grosseosterhues.com
[...]
;; ANSWER SECTION:
mx.grosseosterhues.com. 119     IN      CNAME   mail.grosseosterhues.com.
mail.grosseosterhues.com. 120   IN      A       46.4.78.23

So my MX record was a CNAME pointing to an A resource record. No problem with that -- I thought. Doing some web research I learned from RFC 2181, Section 10.3 that there is a certain regulation prohibiting an MX resource record from being an alias (CNAME):

10.3. MX and NS records:

The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. Not only is the specification clear on this point, but using an alias in either of these positions neither works as well as might be hoped, nor well fulfills the ambition that may have led to this approach. This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR.

I don't know if some providers just adjusted their MTA to use more restrictive policies on sending mails to foreign mail servers of if I just never realized a problem. Anyway: after changing the MX record over to an A resource record everything works flawless (again).

Enable ActiveSync push for Cyrus IMAP-Servers using z-push

*[IMAP IDLE]: The IDLE feature allows IMAP e-mail users to immediately receive any mailbox changes.

 

Regular desktop mail clients support push notifications when communicating with IMAP servers. In order to achieve this, IMAP IDLE is being using. Unfortunately though, the current generations of smart phones such as Apple's iPhone or Android-based phones do not support the IMAP IDLE feature but prefer ActiveSync to achieve Push services.

One way to make use of IMAP IDLE e.g. on Android is to use a different mail client like K9 Mail. Yet, that may not be an option to everyone due to software installation policies.

In case modifying the phone's software setup is not an option, it is possible to insert an emulation layer from IMAP to ActiveSync on the mail server. This layer is provided by Z-Push, an open source implementation of the ActiveSync protocol, developed by the Zarafa team.

Z-Push is run by an Apache webserver using PHP and the php-imap module in order to provide the bridge between mobile device and IMAP server. This article documents how to set up a running ActiveSync emulation using Ubuntu Linux, Apache webserver, and Cyrus IMAP-daemon. A running Apache with working PHP and SSL configuration on an Ubuntu Linux is presumed.

Download and config of Z-Push

This article assumes all Z-Push files to be places in /var/www/z-push. First, the according sources are to be downloaded. They can be found either here http://z-push.sourceforge.net/ or here http://zarafa-deutschland.de/z-push-download/final/.

In the file /var/www/z-push/config.php the BACKEND_PROVIDER has to be changed:

define('BACKEND_PROVIDER', "BackendIMAP");

For syncing problems in previous versions of Z-Push, it helps to increase the value of MAX_EMBEDDED_SIZE as follows:

// define('MAX_EMBEDDED_SIZE', 1048576);
define('MAX_EMBEDDED_SIZE', 10485760);

By default Z-Push expects the directories /var/log/z-push and /var/lib/z-push to exist. In Ubuntu, this is not the case. Therefore, they have to be created and the according ownership needs to be set:

mkdir /var/log/z-push /var/lib-z-push
chown -R www-data:www-data /var/log/z-push /var/lib/z-push

Apache and PHP configuration

If not already present, the proper php5-imap module needs to be installed:

aptitude install php5-imap

Now in Apache config, the file /etc/apache2/sites-enabled/default-ssl gets some addition:

Alias /Microsoft-Server-ActiveSync /var/www/z-push/index.php

     Options Indexes FollowSymLinks MultiViews
     AllowOverride None
     Order allow,deny
     allow from all
     php_flag magic_quotes_gpc off
     php_flag register_globals off
     php_flag magic_quotes_runtime off
     php_flag short_open_tag on

If the Suhosin patch for PHP is used, the following setting has to be changed to off in /etc/php5/conf.d/suhosin.ini:

suhosin.executor.disable_emodifier = off

Mobile Device Setup

The mobile device should address the emulated ActiveSync server just by it's hostname. It is not neccessary to add the Apache alias into the address.

On Android phones, the user might have to accept certain security policy warnings before the actual sync starts.

Debugging Information

Useful debugging information can be found in Apache's logs in /var/log/apache2 and in Z-Push's logs in /var/log/z-push. Cyrus IMAP logs its information into the mail system's log in /var/log/mail.log.