Enabling XMPP communication with google-hosted domains without SRV

 Tech
Jan 052011
 

These days more and more people are using google apps suite. Among other things, this way people get “google talk” (actually jabber) accounts with custom domain part (e.g. JID may be user@googledomain.com).

These custom-domain JIDs work well to chat from within google talk, but when using a custom jabber client connected to a custom jabber server, an issue raises: jabber server needs somehow to locate server to talk to. JID domain part is no longer points to server to connect.

This is actually similar to e-mail. To get SMTP server to connect, special DNS request (type MX) has to be performed. With XMPP servers solution is similar – DNS request of type SRV should be performed.

Problem is that it requires domain-owner-side configuration, such as described here. And domain owner may be unable or unwilling to set this up.

Fortunately, if you run your own jabber server, you may workaround this at your side. Just use DNAT on the host running server. For example, to redirect JIDs for @googledomain.com to google talk servers, try

iptables -t nat -A OUTPUT -p tcp -d googledomain.com --destination-port 5269 \
    -j DNAT --to-destination $(getent hosts xmpp-server.l.google.com | awk '{print($1)}')

This is for case when googledomain.com resolves to particular IP address. In case it resolves to several (which may be the case if entire domain is served by google apps), you will need to add such a rule for each of these addresses.

 Posted by nikita at 11:52  Comments Off  Tagged with: , ,

Disabling shitty gmail spam filter

 Tech
Feb 182010
 

Recently Montavista, a company I work for, decided to abandon it’s own mail servers, and convert everything to google mail instead. IMO that’s a very strange decision since there is a lot of confidential information in internal company mail, and google is known to have strange position on privacy. But anyway that was done.

Naturaly, I immediately set up my account to forward all incoming mail elsewhere. I have a well-working mail setup, and I don’t want stupid gmail web service, as well as I don’t want to add a new account to all clients I use.

And that resulted in… almost-loose of several important messages! Because google decided it is spam. And did not forward. Fortunately I remembered to login into gmail account in a week or so after initial setup and discovered that.

And those pigs working at google are so sure that their service is ok, that even don’t provide users with a control to disable it!

Fortunately simple web search shows a workaround. E.g. here or here.

Shame on google.

 Posted by nikita at 10:32  Comments Off  Tagged with:

Shame on google

 Tech
Feb 022010
 

I’ve already wrote once the phrase from the title of this post. Today I would like to repeat that once more. This time related to one of their most-used service – mail.

Their mail is loved. They have crowds of users. Those set up their gmail accounts to download mail from other accounts. Once set – and then never bother that setting is not valid, or no longer valid. So google mail servers fill local mailserver logs with failed auth attempts.

What will old-style admin try to do when he believes that something is wrong with remote mail server? Yes, he will try to write to postmaster at remote end, with tech description of the issue.

I tried to mail to postmaster@gmail.com. Here is the result:

Delivery to the following recipient failed permanently:

     gmail-postmaster@google.com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.2.1 ... Mailbox disabled for this recipient (state 14).

Oh, perhaps these admin games are obsolete? Let’s check their site, maybe support channel is there?.. Of course it is – but only for explicitly listed set of issues. And for the rest, a forum is suggested. By a quick look at what is on that forum, it becomes absolutely clear that it is not for admin-level tech questions.

Still I wrote a forum post with tech description of my issue. Month passed, no reply.

Shame on google.

 Posted by nikita at 22:21  Comments Off  Tagged with: ,
© 2011 yoush.homelinux.org Suffusion theme by Sayontan Sinha