From owner-freebsd-questions@FreeBSD.ORG Mon Mar 12 03:36:59 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 10FC616A401 for ; Mon, 12 Mar 2007 03:36:59 +0000 (UTC) (envelope-from ed.zwart@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.freebsd.org (Postfix) with ESMTP id 6A16213C465 for ; Mon, 12 Mar 2007 03:36:58 +0000 (UTC) (envelope-from ed.zwart@gmail.com) Received: by nf-out-0910.google.com with SMTP id k27so1733817nfc for ; Sun, 11 Mar 2007 20:36:57 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=iYULlKQs20K+UtrwxXSGnez3xVL65dcM8D+6Y9zk76Ou3+bH0jbOejmFW6GZSzHY0E6v1RbXZtkaCZZELKec5moXQ7YyL9vCJwRp6y8MxQE327uViLelzmrKuXO0MOaOFnk/FRR4hZw33l2Aha9Sf0Ee9BrxmwDBEkyX9XJIZT4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Y+SLCr9gqFNtWsLcSLzGXhWKMvln/ID0gB34OsO5l5wR0nR34eiUsJQ3htVebJYUSjNUfmfONwDq2gDARwm7J4FOBh9YafIcalqMILYMjDrP++JI/RzdlHgtHMyTSqFglnLUo4Nwd+t4+3MZK89bCNsiRNoaABbJwu1/NrNLHjE= Received: by 10.82.136.4 with SMTP id j4mr7435586bud.1173670617115; Sun, 11 Mar 2007 20:36:57 -0700 (PDT) Received: by 10.82.185.13 with HTTP; Sun, 11 Mar 2007 20:36:56 -0700 (PDT) Message-ID: <6660f1280703112036y747c92a2w674ea46625830044@mail.gmail.com> Date: Sun, 11 Mar 2007 19:36:56 -0800 From: "Ed Zwart" To: "FreeBSD Mailing List" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <6660f1280703110845w52b8babapf2814da0ac6424ae@mail.gmail.com> <56A5B5E4-5644-4C50-9346-5EC9A372C3DB@goldmark.org> Subject: Re: getting mail to work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2007 03:36:59 -0000 Thanks Bill, Josh and Jeffrey for answering my question. It was my ISP. (So easy, I wish I had thought of that. I somehow managed to figure out they were blocking 80 a month or so ago.) I'm still a little fuzzy on legal entries for hostname and domain. I set them to be mine, and it worked, and then for kicks, set it to google.com, and that worked too. I looked at the headers, and can see that the source can be traced back to my machine, but that still seems kind of easy to spoof. Anyway, it's not something I'm overly worried about; I'm just not clear on what I SHOULD be using for hostname and domain. Any words of wisdom appreciated. Otherwise, thanks again for the already super help! e. On 3/11/07, Jeffrey Goldberg wrote: > On Mar 11, 2007, at 8:27 PM, jekillen wrote: > > > If you will allow me to break in on this exchange; > > Does this advise [don't run your own direct to MX mail server] > > apply if you have static ip service and are running web servers > > from these addresses, with the ISP's blessing? (meaning you also > > have at least two name servers running for the registered sites) > > First let's separate questions. One is dealing with your own > incoming mail. The other is with sending mail out direct to MX. > These two can (and often should) be separated. > > For the question of hosting your own MX there are positives and > negatives. Here is a list off of the top of my head. It is far from > complete. > > Positive: > > (1) You get to fully control your rejection/acceptance policy from the > beginning. > > (2) You get the learn about running such a system. > > (3) You dramatically reduce your lock-in with an ISP (who can > change their > email policy or practice at any time. > > (4) You don't have to pay for some outside service (I use > fastmail.fm) for > hosting your incoming mail if you want something better than > the "free" > email service your ISP provides. > > Negatives: > > (a) You have to maintain what is really a surprisingly complex system > for such a simple protocol. > > (b) You have to defend your system against attacks it otherwise > wouldn't > receive, including DoS attacks. > > (c) Damage of being overwhelmed (either by deliberate attack or > spam blowback) > may be harder to contain. > > (d) Your system needs to fail appropriately. For example, if you use > something like LDAP to maintain username or email address > information, you > need to make sure that if your LDAP service fails your mail > server fails > in an appropriate way (say a complete shutdown) or issuing > temporary (4xx) > rejections instead of in an inappropriately issuing 5xx for > mail that > would be accepted normally. > > If (1) (or (2)) is really important to you, then go ahead. But > probably the best way to see whether (1) really matters is to ask > yourself what things you would like to do that you couldn't do unless > you ran your own MX. For example, if you have strong feelings about > whether DNSbls should be used prior to content filtering or as part > of it. Or whether you want spam and virus rejections to occur at > SMTP time or later. Whether you want SPF failures to generate > immediate rejections. Whether you want to make use of sophisticated > IMAP features that ISPs can't provide. If you don't have strong > feelings about these sorts of questions, then I doubt that (1) > applies to you. > > Now there is the second question about doing direct to MX for mail > sending instead of going through your ISP or some third party service. > > Positives > > (i) You control queing and retry rates. > > (ii) For bulk mailing (mailing lists) there is an advantage of how > out-going > STMP session are organized. > > (iii) You are not as dependent on your ISP or a third party for > getting your > mail out, if they are slow or unreliable with mail > > (iv) If your ISP's mail server provide crappy bounce information > and you > need better information. > > (v) If your ISP adds junk to your mail or sends out mail in > unfriendly so as > to get itself on blacklists or leads to other forms of needless > rejections. > > (vi) You get to learn about running such systems > > Negatives: > > (A) Even with a static IP address, your assigned address may look > dynamic > to other servers who may then reject mail coming directly from > you. > > (B) Your ISP blocks/disallows this sort of thing (not a problem in > your case) > > (C) The reverse DNS records for your IP need to correspond > reasonably well > to your domain name, otherwise lots of servers will reject > mail from you. > > (D) You need to follow the RFCs and conventions strictly so that > you don't > get yourself added to blacklists > > (E) It is probably a little less network efficient for you to talk > directly > to servers all over the planet when you could just talk to > your ISPs > server which will be much closer to you. > > Here again, if (vi) is your primary reason for wanting to run your > own direct to MX system, then use it just for one of your minor > domains. That way, if you mess up, you won't get your major domains > blacklisted. If (i) and (ii) really matter for you, then go ahead, > but I think that you should have a real reason beyond "I can, > therefore I ought" if it is going to be your primary way > of getting mail out. > > In the end it is a matter of individual taste and need. With good > DSL or FiOS lines, along with a proper backup regime and > Uninterruptible Power Supply hosting your own website makes plenty of > sense. But mail is a tricker thing to maintain than apache, so my > view remains that unless you have some specific need for the kind of > control you can get by running your own, let someone else handle your > mail transport to the rest of the world. > > I hope this helps. And keep in mind that different people will offer > different advise. I certainly believe my advise is good advise > (otherwise I wouldn't have offered it), but I'm also aware that I > could well be wrong. > > Cheers, > > -j > > -- > Jeffrey Goldberg http://www.goldmark.org/jeff/ > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >