Date: Sun, 28 Feb 2021 13:35:14 -0600 From: Valeri Galtsev <galtsev@kicp.uchicago.edu> To: Tim Daneliuk <tundra@tundraware.com> Cc: freebsd-questions@freebsd.org Subject: Re: Somewhat OT: Mail Relay Services Message-ID: <961A9522-3E57-45F0-8123-3FF31BF2209F@kicp.uchicago.edu> In-Reply-To: <2af27c4e-b4dd-944a-4edb-907ccc9909e2@tundraware.com> References: <877d08ef-d533-69f6-4c44-f2cbbe39ba31@tundraware.com> <b3b3fce5-ae71-047e-33f6-4f0483f7e759@pinyon.org> <2af27c4e-b4dd-944a-4edb-907ccc9909e2@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Feb 28, 2021, at 1:22 PM, Tim Daneliuk <tundra@tundraware.com> = wrote: >=20 > On 2/28/21 1:17 PM, Russell L. Carter wrote: >> On 2/28/21 11:01 AM, Tim Daneliuk wrote: >>> For many years, I've run a mail system built on FreeBSD for my own = small business. >>> It's been as flawless as any mail server ever can be, requiring only = periodic >>> maintenance and updates. >>>=20 >>> The primary server runs in a 3rd party cloud environment. We are = starting to >>> see parts of their network blacklisted by the various UCE = blackholing services. >>> Unfortunately, they don't just blackhole a single IP, but an entire = subnet at >>> a time, which catches us in the mix. >>>=20 >>> The big mail hubs like outlook.com no longer have a mechanism for = removing the block >>> for a single ip and kick you back to your ISP or hosting provider = for resolution. >>>=20 >>> So ... we are contemplating using a smart host to do all our = outbound email for us >>> via relays from our own mail servers. Presumably, such a smart host = would be better >>> equipped to deal with bad blacklisting and delivery issues. >>>=20 >>> So ... does anyone have experience or recommendations as to who = would be a good >>> provider for a low volume, small business mail relay? >>=20 >> I'm all ears and appreciative of any pointers on this topic as well. >> I have been running my own mail servers for two domains for > 20 = years. >> The volume is so low and I try to stay "mainstream" in configuration >> so I've never been blacklisted (that I know about, I watch). = However, >> my current last mile ISP is centurylink, from whom I lease 5 static >> ips. And they just up and deleted my ptr records for over a month, >> and didn't fix it, even after hours on chat, until I shamed them with >> an analysis on dslreports, showing how their tech support was flat >> out stupid or lying. It happens, but it made terrified of being >> reliant on them. So I've decided to put my dovecot+rspamd+postfix >> system up on some popular VPS. I am leaning toward vultr, haven't >> had any problems with them for years, but I've never needed to >> ask them to open port 25, and they require you to ask. >=20 > I long ago moved off my last mile ISP and put my mail/dns/http > FreeBSD instance on Digital Ocean. Other than the subnet > blocking issues, they've been great. I originally chose them > because they were the only cost-effective cloud hosting vendor > that supported FreeBSD (10.x in those days, but I've done > regular source updates since then.) >=20 >>=20 >> But I hadn't thought that my co-tenants might cause me a problem with >> blacklisted subnets! >=20 > The problem is that the cloud hosting companies don't have the > resources to play whack-a-mole with every script kiddie or > spammer that rents an ephemeral instance to act badly. The big > mail routers like outlook, yahoo, hotmail, etc. Are too lazy to > list individual IPs so they just block subnets. At some providers majority of tenants have DHCP addresses. Also, some = spammers register =E2=80=9Cfew day, one big spam explosion=E2=80=9D = domains. That is how you give up blocking single IPs, and even class C = networks (x.y.z.0/24). If blocking like that you just decide: is the = owner of IPs such whose whole registered range of IP addresses can be = safely blocked. And after dealing with things this particular way, you acquire solid = opinion that things like barracuda.com are brain-dead technologies. And = you start dealing with spam differently. Valeri >> Anybody know of a successful strategy here? Maintaining your own >> servers can occasionally be a pain, but I really like managing my >> own servers exactly how I want them. > I am playing with Matt's suggestion to use DuoCircle as a smart relay. > This looks promising. >=20 > = --------------------------------------------------------------------------= -- > Tim Daneliuk tundra@tundraware.com > PGP Key: http://www.tundraware.com/PGP/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?961A9522-3E57-45F0-8123-3FF31BF2209F>