Somewhat OT: Mail Relay Services
galtsev at kicp.uchicago.edu
Sun Feb 28 19:35:18 UTC 2021
> On Feb 28, 2021, at 1:22 PM, Tim Daneliuk <tundra at tundraware.com> wrote:
> On 2/28/21 1:17 PM, Russell L. Carter wrote:
>> On 2/28/21 11:01 AM, Tim Daneliuk wrote:
>>> For many years, I've run a mail system built on FreeBSD for my own small business.
>>> It's been as flawless as any mail server ever can be, requiring only periodic
>>> maintenance and updates.
>>> The primary server runs in a 3rd party cloud environment. We are starting to
>>> see parts of their network blacklisted by the various UCE blackholing services.
>>> Unfortunately, they don't just blackhole a single IP, but an entire subnet at
>>> a time, which catches us in the mix.
>>> The big mail hubs like outlook.com no longer have a mechanism for removing the block
>>> for a single ip and kick you back to your ISP or hosting provider for resolution.
>>> So ... we are contemplating using a smart host to do all our outbound email for us
>>> via relays from our own mail servers. Presumably, such a smart host would be better
>>> equipped to deal with bad blacklisting and delivery issues.
>>> So ... does anyone have experience or recommendations as to who would be a good
>>> provider for a low volume, small business mail relay?
>> I'm all ears and appreciative of any pointers on this topic as well.
>> I have been running my own mail servers for two domains for > 20 years.
>> The volume is so low and I try to stay "mainstream" in configuration
>> so I've never been blacklisted (that I know about, I watch). However,
>> my current last mile ISP is centurylink, from whom I lease 5 static
>> ips. And they just up and deleted my ptr records for over a month,
>> and didn't fix it, even after hours on chat, until I shamed them with
>> an analysis on dslreports, showing how their tech support was flat
>> out stupid or lying. It happens, but it made terrified of being
>> reliant on them. So I've decided to put my dovecot+rspamd+postfix
>> system up on some popular VPS. I am leaning toward vultr, haven't
>> had any problems with them for years, but I've never needed to
>> ask them to open port 25, and they require you to ask.
> I long ago moved off my last mile ISP and put my mail/dns/http
> FreeBSD instance on Digital Ocean. Other than the subnet
> blocking issues, they've been great. I originally chose them
> because they were the only cost-effective cloud hosting vendor
> that supported FreeBSD (10.x in those days, but I've done
> regular source updates since then.)
>> But I hadn't thought that my co-tenants might cause me a problem with
>> blacklisted subnets!
> The problem is that the cloud hosting companies don't have the
> resources to play whack-a-mole with every script kiddie or
> spammer that rents an ephemeral instance to act badly. The big
> mail routers like outlook, yahoo, hotmail, etc. Are too lazy to
> list individual IPs so they just block subnets.
At some providers majority of tenants have DHCP addresses. Also, some spammers register “few day, one big spam explosion” domains. That is how you give up blocking single IPs, and even class C networks (x.y.z.0/24). If blocking like that you just decide: is the owner of IPs such whose whole registered range of IP addresses can be safely blocked.
And after dealing with things this particular way, you acquire solid opinion that things like barracuda.com are brain-dead technologies. And you start dealing with spam differently.
>> Anybody know of a successful strategy here? Maintaining your own
>> servers can occasionally be a pain, but I really like managing my
>> own servers exactly how I want them.
> I am playing with Matt's suggestion to use DuoCircle as a smart relay.
> This looks promising.
> Tim Daneliuk tundra at tundraware.com
> PGP Key: http://www.tundraware.com/PGP/
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions