getting mail to work

Jeffrey Goldberg jeffrey at goldmark.org
Mon Mar 12 01:53:54 UTC 2007 

On Mar 11, 2007, at 8:27 PM, jekillen wrote:

> If you will allow me to break in on this exchange;
> Does this advise [don't run your own direct to MX mail server]  
> apply if you have static ip service and are running web servers  
> from these addresses, with the ISP's blessing? (meaning you also  
> have at least two name servers running for the registered sites)

First let's separate questions.  One is dealing with your own  
incoming mail.  The other is with sending mail out direct to MX.   
These two can (and often should) be separated.

For the question of hosting your own MX there are positives and  
negatives.  Here is a list off of the top of my head.  It is far from  
complete.

Positive:

  (1) You get to fully control your rejection/acceptance policy from the
      beginning.

  (2) You get the learn about running such a system.

  (3) You dramatically reduce your lock-in with an ISP (who can  
change their
      email policy or practice at any time.

  (4) You don't have to pay for some outside service (I use  
fastmail.fm) for
      hosting your incoming mail if you want something better than  
the "free"
      email service your ISP provides.

Negatives:

  (a) You have to maintain what is really a surprisingly complex system
      for such a simple protocol.

  (b) You have to defend your system against attacks it otherwise  
wouldn't
      receive, including DoS attacks.

  (c) Damage of being overwhelmed (either by deliberate attack or  
spam blowback)
      may be harder to contain.

  (d) Your system needs to fail appropriately.  For example, if you use
      something like LDAP to maintain username or email address  
information, you
      need to make sure that if your LDAP service fails your mail  
server fails
      in an appropriate way (say a complete shutdown) or issuing  
temporary (4xx)
      rejections instead of in an inappropriately issuing 5xx for  
mail that
      would be accepted normally.

If (1) (or (2)) is really important to you, then go ahead.  But  
probably the best way to see whether (1) really matters is to ask  
yourself what things you would like to do that you couldn't do unless  
you ran your own MX.  For example, if you have strong feelings about  
whether DNSbls should be used prior to content filtering or as part  
of it.  Or whether you want spam and virus rejections to occur at  
SMTP time or later.  Whether you want SPF failures to generate  
immediate rejections.  Whether you want to make use of sophisticated  
IMAP features that ISPs can't provide.  If you don't have strong  
feelings about these sorts of questions, then I doubt that (1)  
applies to you.

Now there is the second question about doing direct to MX for mail  
sending instead of going through your ISP or some third party service.

Positives

  (i) You control queing and retry rates.

  (ii) For bulk mailing (mailing lists) there is an advantage of how  
out-going
       STMP session are organized.

  (iii) You are not as dependent on your ISP or a third party for  
getting your
        mail out, if they are slow or unreliable with mail

  (iv) If your ISP's mail server provide crappy bounce information  
and you
       need better information.

  (v) If your ISP adds junk to your mail or sends out mail in  
unfriendly so as
      to get itself on blacklists or leads to other forms of needless
      rejections.

  (vi) You get to learn about running such systems

Negatives:

   (A) Even with a static IP address, your assigned address may look  
dynamic
       to other servers who may then reject mail coming directly from  
you.

   (B) Your ISP blocks/disallows this sort of thing (not a problem in  
your case)

   (C) The reverse DNS records for your IP need to correspond  
reasonably well
       to your domain name, otherwise lots of servers will reject  
mail from you.

   (D) You need to follow the RFCs and conventions strictly so that  
you don't
       get yourself added to blacklists

   (E) It is probably a little less network efficient for you to talk  
directly
       to servers all over the planet when you could just talk to  
your ISPs
       server which will be much closer to you.

Here again, if (vi) is your primary reason for wanting to run your  
own direct to MX system, then use it just for one of your minor  
domains.  That way, if you mess up, you won't get your major domains  
blacklisted.  If (i) and (ii) really matter for you, then go ahead,  
but I think that you should have a real reason beyond "I can,  
therefore I ought" if it is going to be your primary way
of getting mail out.

In the end it is a matter of individual taste and need.  With good  
DSL or FiOS lines, along with a proper backup regime and  
Uninterruptible Power Supply hosting your own website makes plenty of  
sense.  But mail is a tricker thing to maintain than apache, so my  
view remains that unless you have some specific need for the kind of  
control you can get by running your own, let someone else handle your  
mail transport to the rest of the world.

I hope this helps.  And keep in mind that different people will offer  
different advise.  I certainly believe my advise is good advise  
(otherwise I wouldn't have offered it), but I'm also aware that I  
could well be wrong.

Cheers,

-j

-- 
Jeffrey Goldberg                        http://www.goldmark.org/jeff/

More information about the freebsd-questions mailing list