Date: Sun, 28 Feb 2021 13:22:24 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: freebsd-questions@freebsd.org Subject: Re: Somewhat OT: Mail Relay Services Message-ID: <2af27c4e-b4dd-944a-4edb-907ccc9909e2@tundraware.com> In-Reply-To: <b3b3fce5-ae71-047e-33f6-4f0483f7e759@pinyon.org> References: <877d08ef-d533-69f6-4c44-f2cbbe39ba31@tundraware.com> <b3b3fce5-ae71-047e-33f6-4f0483f7e759@pinyon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/28/21 1:17 PM, Russell L. Carter wrote: > On 2/28/21 11:01 AM, Tim Daneliuk wrote: >> For many years, I've run a mail system built on FreeBSD for my own small business. >> It's been as flawless as any mail server ever can be, requiring only periodic >> maintenance and updates. >> >> The primary server runs in a 3rd party cloud environment. We are starting to >> see parts of their network blacklisted by the various UCE blackholing services. >> Unfortunately, they don't just blackhole a single IP, but an entire subnet at >> a time, which catches us in the mix. >> >> The big mail hubs like outlook.com no longer have a mechanism for removing the block >> for a single ip and kick you back to your ISP or hosting provider for resolution. >> >> So ... we are contemplating using a smart host to do all our outbound email for us >> via relays from our own mail servers. Presumably, such a smart host would be better >> equipped to deal with bad blacklisting and delivery issues. >> >> So ... does anyone have experience or recommendations as to who would be a good >> provider for a low volume, small business mail relay? > > I'm all ears and appreciative of any pointers on this topic as well. > I have been running my own mail servers for two domains for > 20 years. > The volume is so low and I try to stay "mainstream" in configuration > so I've never been blacklisted (that I know about, I watch). However, > my current last mile ISP is centurylink, from whom I lease 5 static > ips. And they just up and deleted my ptr records for over a month, > and didn't fix it, even after hours on chat, until I shamed them with > an analysis on dslreports, showing how their tech support was flat > out stupid or lying. It happens, but it made terrified of being > reliant on them. So I've decided to put my dovecot+rspamd+postfix > system up on some popular VPS. I am leaning toward vultr, haven't > had any problems with them for years, but I've never needed to > ask them to open port 25, and they require you to ask. I long ago moved off my last mile ISP and put my mail/dns/http FreeBSD instance on Digital Ocean. Other than the subnet blocking issues, they've been great. I originally chose them because they were the only cost-effective cloud hosting vendor that supported FreeBSD (10.x in those days, but I've done regular source updates since then.) > > But I hadn't thought that my co-tenants might cause me a problem with > blacklisted subnets! The problem is that the cloud hosting companies don't have the resources to play whack-a-mole with every script kiddie or spammer that rents an ephemeral instance to act badly. The big mail routers like outlook, yahoo, hotmail, etc. Are too lazy to list individual IPs so they just block subnets. > > Anybody know of a successful strategy here? Maintaining your own > servers can occasionally be a pain, but I really like managing my > own servers exactly how I want them. I am playing with Matt's suggestion to use DuoCircle as a smart relay. This looks promising. ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2af27c4e-b4dd-944a-4edb-907ccc9909e2>