Switching MX records from United to Google

[ed]

TN are switching the MX records from United to Google on Friday 23/1/15.

Will this affect the website/Web Architects in any way that we need to plan for in advance? Scripts, web forms etc? Anything you can think of?

[ed]

Adding Chris as CC - didn't add him originally - it's for him mostly...

[chris]

As you know I think it is a big mistake to use ​a evil corporation for services such as this (I didn't start the clock on this ticket until I had completed this paragraph).

These are the existing MX lines in the Gandi zone file:

@ 	3600 	IN 	MX 	0 	mx1.spamfiltering.com.
@ 	3600 	IN 	MX 	5 	mx2.spamfiltering.com.
tech 	10800 	IN 	MX 	10 	mx.webarch.net.

At a DNS level it'll simply be a matter of changing the above to match ​what Google wants:

@ 	3600 	IN	MX 	1 	ASPMX.L.GOOGLE.COM.
@ 	3600 	IN	MX 	5 	ALT1.ASPMX.L.GOOGLE.COM.
@ 	3600 	IN 	MX 	5 	ALT2.ASPMX.L.GOOGLE.COM.
@ 	3600 	IN	MX 	10 	ALT3.ASPMX.L.GOOGLE.COM.
@ 	3600 	IN	MX 	10 	ALT4.ASPMX.L.GOOGLE.COM.
tech 	10800 	IN 	MX 	10 	mx.webarch.net.

Note I wouldn't suggest changing the tech line as that would break the incoming email interface for Trac.

In terms of "Scripts, web forms etc? Anything you can think of?" I can't think of anything apart from ensuring that the same accounts exist as exist at the moment with United and I'm sure you already realise this.

[ed]

Thanks Chris,

so if I leave the tech line, but turn off the existing mail servers at United, the tech TRAC emails won't be affected as they run off WA servers - please confirm.

[chris]

Replying to ed:

so if I leave the tech line, but turn off the existing mail servers at United, the tech TRAC emails won't be affected as they run off WA servers - please confirm.

Right, the tech line is only for whatever@tech.transitionnetwork.org emails and has nothing to do with whatever@transitionnetwork.org emails.

Two other things that are probably worth flagging up:

1. I need to generate a new SSL cert in the next four days and this will result in a comodo CNAME being added to the zone file, see ticket:820.
2. I seem to remember that if you edit the zone file then it is copied to another file and then if I edit it the same things happens, that is why there is several different zone file names.

[ed]

Replying to chris:

Replying to ed:

so if I leave the tech line, but turn off the existing mail servers at United, the tech TRAC emails won't be affected as they run off WA servers - please confirm.

Right, the tech line is only for whatever@tech.transitionnetwork.org emails and has nothing to do with whatever@transitionnetwork.org emails.

Confirmed I will leave the tech line in the Gandi DNS zone file while replacing the two UNITED ones with Google ones.

Two other things that are probably worth flagging up:

1. I need to generate a new SSL cert in the next four days and this will result in a comodo CNAME being added to the zone file, see ticket:820.
2. I seem to remember that if you edit the zone file then it is copied to another file and then if I edit it the same things happens, that is why there is several different zone file names.

Yes there is a list of zone files with the latest one being the one Gandi uses.

Will you do this update before Friday? We should stay in touch about who's tinkering when. I will be editing on Friday after work in the evening.

Question: SPF records: is this worth setting up?
​https://support.google.com/a/answer/33786

[ed]

Ed note:

1. it's DNS zone file ..../469819
2. you create a new version with the changes, then tell Gandi to use the new version

[chris]

Replying to ed:

Will you do this update before Friday? We should stay in touch about who's tinkering when. I will be editing on Friday after work in the evening.

Yes, that would make sense, if I start the process on Thursday then I should be able to complete it during the day on Friday and then it'll be all yours to tinker with the zone files. The existing cert expires at midnight on Saturday so it'll mean there is a day or two overlap but I don't think that is worth worrying about (the issue being that the cert will have been issued for 365 days but only used for 363 or 364 days).

[chris]

One thought -- what is the plan with lists.transitionnetwork.org?

Currently, I assume, whatever@lists.transitionnetwork.org goes to United servers via these entries:

@ 	3600 	IN 	MX 	0 	mx1.spamfiltering.com.
@ 	3600 	IN 	MX 	5 	mx2.spamfiltering.com.

If the TN wants to continue using the United Mailman server then I would guess that these entries would be needed (perhaps check with them?):

lists 	3600 	IN 	MX 	0 	mx1.spamfiltering.com.
lists 	3600 	IN 	MX 	5 	mx2.spamfiltering.com.

If the TN is also switching lists to Google then the archives are going to be lost? I'd strongly urge you to ask United for a copy of the HTML and mbox archives of all lists so we can host them somewhere (with password protection as needed) so they are not all lost.

[ed]

Thanks Chris, good point - the plan is to move all the list activity to google using the groups tools - ending all our services with UNITED. We did not keep any list archives.

[chris]

Replying to ed:

Thanks Chris, good point - the plan is to move all the list activity to google using the groups tools - ending all our services with UNITED. We did not keep any list archives.

Don't fully understand, the list archives will still exist, the list are still functioning, are you saying you don't want to keep any archives of the lists?

[ed]

I am saying that Transition Network doesn't want to keep an archive of its mailing lists - the archiving was turned off some time ago...

[chris]

Replying to ed:

I am saying that Transition Network doesn't want to keep an archive of its mailing lists - the archiving was turned off some time ago...

The GZ'd mbox files are unavailable, I guess that is what you mean, but the HTML archives are still available, at least for the TTech list:

• ​http://lists.transitionnetwork.org/mailman/private/ttech_lists.transitionnetwork.org/

If I were you I'd ask United for a tar ball of these so they can be kept for posterity / referencing as needed (password protected).

[chris]

If you don't want to ask United for a copy of the archives we could use a script such as this one to scrape them:

• ​https://github.com/philgyford/mailman-archive-scraper

[ed]

Thanks - I'll add it to the list of things I can do if there's time. I used to work with Phil Gyford; brilliant man.

[ed]

OK I'm doing the DNS zone update NOW.

Negotiations with UNITED about archives are ongoing.

[ed]

Now using version 17 of the Gandi DNS zone file with the UNITED MX files removed and the google MX files added

[ed]

Added SPF text to version 18 of the DNS zone file and updated Gandi

[ed]

The MX switch has gone fine so I am closing this ticket as fixed.

I am failing at making myself understood with UNITED support about the back ups over various emails. I am copying Chris' explanations verbatim and going round in circles.

UNITED say perhaps we can do this via the CPanel login - which we will have for a bit longer before I cancel the account.

"I'm unsure as to your request but yes you can use cPanel > Files > File Manager to complete most file related tasks. "

Therefore I have spent enough time on the back up idea for now and have pressing stuff to do, so am de-prioristing the back up question.

If Ade or Chris want to pick it up I am happy for them to.

[ed]

NB: The United service has been cancelled. It will end on 12/3/15.