From owner-freebsd-questions@freebsd.org Sun Feb 28 19:22:40 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 34F7453E8BE for ; Sun, 28 Feb 2021 19:22:40 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DpYFC2FnTz4llH for ; Sun, 28 Feb 2021 19:22:39 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.16.1/8.16.1) with ESMTPSA id 11SJMUeT012645 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 28 Feb 2021 13:22:30 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: Somewhat OT: Mail Relay Services To: freebsd-questions@freebsd.org References: <877d08ef-d533-69f6-4c44-f2cbbe39ba31@tundraware.com> From: Tim Daneliuk Autocrypt: addr=tundra@tundraware.com; prefer-encrypt=mutual; keydata= xsFNBFlVgYoBEADIYD9W4mbKz5cEleX923hagDWkxyJl4kRiMJnz+dNAH71MItSdErMb0cFt CPxVncb4dR4R2ec0c0MjPcgVINNtbY1DMWsF7t31TKD8NG9ZjLqF6fZDFjgkRejqHytgjmCI UejrMSCf0UJsLtg+I3N1ZVVxd7ALj2bCvC/uc5S7j+YbNnhQvSoBbdFj/xOTjyOGGpk7WfB7 e42PGKq1NSgnI7tcY6HSaSH+LHeoc0yUpBb5A1ge+RhR1N9JTniEFe0qvOBi+HgUltEoxsk4 xb6IhpkDOTsxHvEg5h0ukfl8kG9cu+LrEBqwPaC8lPw3UmoTEAU+lXHanPE12JCF/54EtVCc rb4W0vqgGmLJzn5dRU/fWkar0FKPq4eoV0XMbGZKIC6pWQnMEsxEMpNvh7oefK6Kyn+LO+59 +sNYHbv1RImDJccmfHTOA6/jHdwOcnYy37U8UF7e+mGrwNs8GsMQx2AaQbR6VErakH3GBgft bMFOGQxiaRBkbzba7BZCQ060yhiC3/Mb/xHoVi7PBEmKig1SErTMA7Fh3CYPYIRDphNs6OSr tf9O4hbzUAsjbU3rxOfiWQjP3fSOM0KUBj4wpIWZlMrjAGnMIz2wHb211wsBiLqSaGiiO1LR 7RrcvbIFZvHQHiWe2tdRyuH3N/h7A316yoLfx+yy1gyP5weWsQARAQABzSRUaW0gRGFuZWxp dWsgPHR1bmRyYUB0dW5kcmF3YXJlLmNvbT7CwXcEEwEIACEFAllVgYoCGyMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQdoOXo5EJFKntcA/9F9ags9Ik5C49N39iRq+yqBdn/Lr75rqv +Yg7JkjeVlwHpnQt1S6orTC7EaJc+AqY3szCEmhfuT0+E96Bw2k+G/XRnaedZ9SHSdImlmq0 RmOFpWLr67ScvlA9YG1tyR+QYraEFqK5EB6qhOWRJoz1BYtAAntK9b9gUTXt/277sT7lAWaj oPi4CDd4DofHc4E9VRsniMQNMLCWqc/ygAK07cWbK2Rh90tS2C4nK6OHFkNkK94zDilfxod1 NBFTUPPYfEU2CSa3eLlpfhYY3/2X7zNvmmCt+chHUnAhQLhldQ3WlqmTKP+ZK9LX002/bY1O M8Zk76WyA/A3EfsIUbnXBQvFyjwX6W4QEytlZWtp/yRIe64JOa3dZ8rkhragb2N4VgVLBVe3 jtZgfQ72pHrfNk/T0uT+hjFqInvIYiXkhxB2GiD7Ga28VuXojTmeoaW3GKcvoVxONSju7WzD XgyxWRmNpd5uifJcC3YU3tNNAosnQ0/5FW4wkducSEVwwqnAiSMQEMDDa/e6oP6GyOzes5SV LTNCRYdHWVKbxjetYU4SKm5RdLx9XuJo0qL9vO97mCNwdNkTM7gO2ycQ49qUiGbCZJOh2gpP ZRFrpJDxbloosAfOEB6IYjhb38u6jvbScJKK3bWA+a8TK4SrQpdRd1cAnW9sA8jCTV8ejZq0 CHnOwU0EWVWBigEQAJYuihAOOOe/kAn045Ayn+3is3S+6eV4IAgL6lJhoChkgUJJuFoRX9BY rd35z29+q2/UCoProzd4Mk66wXeWv6n4s5R79OUzjgMLCTVlVaMy4gjPL9NRDwMt7KYRF56g mnoKZwfPDi/oJ5toPPboW94FrMwonqbdqYM2Pyi/HPMe4e396WQ4TaA1CdhyzKHoFSpkGcjX zIQ5yQ5aaGS7wonRu/pg15dbu+8QOgxRNFa0bO+ntz/30u+VmxFqFVbExjuy3Or8fSBhJgx4 cfyrrunKLclpZ/52VeK3l53yWYpR8RaTZfzpu8Ih+ijAY4XLO5F8P1T6sEviMaTY2F0sbFRx ZJXsgFpiKeWPHUn7/LX7qcoFJYoFqG6b3n5km+qy39x6lMgJDuxKpeN6lYj//LB6xVzn0JI+ 4ZHPrEkFqxu8VkL7deCPTI67ZJik18jXjTH9sha1YBvgvxIPFMA7ZwXX2AwNu7PzdcCpWarS usOAHbjQBUsQ+ZPpI1oeFnsCPZ+8/mMcTjVRZyJxOPs3KnXZv2cXNuaa7lwkWS366gHzQI7O l6WdC8TyNjiOzR654cL8BgYQ/xNSW1vTXqPWSRU8/b/5IueY2tQJh0CKIvfoP0rk8976wa1R 8SRi08mwHX7+F5oSeXLRNHicQGpS1f0DywdRcQ0MFHyq/CV4dTltABEBAAHCwV8EGAEIAAkF AllVgYoCGwwACgkQdoOXo5EJFKkDNw//c8nailIVOV72l7Lze+2AuK9MYUCFb1i4qI1WTnG0 OHQlCAltPhdwZPAozJw/eNqIcuWQh8rZspve9ipj589wLSsVyaFRsuYXTiYZ9RlRsnJYa36h 2JML3ZGrRsSxaUEAggbiOKbwmw27JuOIPmC3Gln4tJuZ+nw6cfCgMI45bIzinVanxHwPLeLp BZKpaEYzAwtBykUfAXn3jDwrI95UlMJvhHDFuRgvb6uSyJIqmp5aR/BjnlSdEwICyWpRAVSt yqZeBMeHbCr1B97PIRzk/q0eHm9T+AoiZWwz1iVGGgkYdAaCfs2PBlNHmRm93cfgoEcaGvNb RbTXOe28niMJeYMQsnjOTy5AQIrhVKeP5E+qVs/oPK/inmLiTbjZcnrO2wR+uxpPGgmR6M/3 p8qyRdaOvT87HZXO+Wr+r9A4UnwhCPsfELwPlEo+TJQ/oE71Mlkx/ddQCWELcHjXrQF9YbzA Ml7g0zTkgHysh4DNkV5iYteOcmCwsWdOwn0H0yZfz6weyr8nEdPngyOjFNKMIpcTbeg8866c GxXAJj46dub4VdVwfvMRHfmmRJkjdId7YHWMgz2Kf7S7KPCROLis7WjlOdSS0q2m/7qy9WL/ ZW50YLS8ZZLMrnari5JxCyJX+8n6ZASo2AA93iTbKmYegK2LDwW1QLU1iAF3GyGOnSE= Message-ID: <2af27c4e-b4dd-944a-4edb-907ccc9909e2@tundraware.com> Date: Sun, 28 Feb 2021 13:22:24 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (oceanview.tundraware.com [45.55.60.57]); Sun, 28 Feb 2021 13:22:30 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: 11SJMUeT012645 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-2.901, required 6, autolearn=not spam, ALL_TRUSTED -1.00, BAYES_00 -1.90, NICE_REPLY_A -0.00) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-Rspamd-Queue-Id: 4DpYFC2FnTz4llH X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of tundra@tundraware.com designates 45.55.60.57 as permitted sender) smtp.mailfrom=tundra@tundraware.com X-Spamd-Result: default: False [-3.30 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[45.55.60.57:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[45.55.60.57:from:127.0.2.255]; ARC_NA(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_NA(0.00)[tundraware.com]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14061, ipnet:45.55.32.0/19, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2021 19:22:40 -0000 On 2/28/21 1:17 PM, Russell L. Carter wrote: > On 2/28/21 11:01 AM, Tim Daneliuk wrote: >> For many years, I've run a mail system built on FreeBSD for my own small business. >> It's been as flawless as any mail server ever can be, requiring only periodic >> maintenance and updates. >> >> The primary server runs in a 3rd party cloud environment.  We are starting to >> see parts of their network blacklisted by the various UCE blackholing services. >> Unfortunately, they don't just blackhole a single IP, but an entire subnet at >> a time, which catches us in the mix. >> >> The big mail hubs like outlook.com no longer have a mechanism for removing the block >> for a single ip and kick you back to your ISP or hosting provider for resolution. >> >> So ... we are contemplating using a smart host to do all our outbound email for us >> via relays from our own mail servers.  Presumably, such a smart host would be better >> equipped to deal with bad blacklisting and delivery issues. >> >> So ... does anyone have experience or recommendations as to who would be a good >> provider for a low volume, small business mail relay? > > I'm all ears and appreciative of any pointers on this topic as well. > I have been running my own mail servers for two domains for > 20 years. > The volume is so low and I try to stay "mainstream" in configuration > so I've never been blacklisted (that I know about, I watch).  However, > my current last mile ISP is centurylink, from whom I lease 5 static > ips.  And they just up and deleted my ptr records for over a month, > and didn't fix it, even after hours on chat, until I shamed them with > an analysis on dslreports, showing how their tech support was flat > out stupid or lying.  It happens, but it made terrified of being > reliant on them.  So I've decided to put my dovecot+rspamd+postfix > system up on some popular VPS.   I am leaning toward vultr, haven't > had any problems with them for years, but I've never needed to > ask them to open port 25, and they require you to ask. I long ago moved off my last mile ISP and put my mail/dns/http FreeBSD instance on Digital Ocean. Other than the subnet blocking issues, they've been great. I originally chose them because they were the only cost-effective cloud hosting vendor that supported FreeBSD (10.x in those days, but I've done regular source updates since then.) > > But I hadn't thought that my co-tenants might cause me a problem with > blacklisted subnets! The problem is that the cloud hosting companies don't have the resources to play whack-a-mole with every script kiddie or spammer that rents an ephemeral instance to act badly. The big mail routers like outlook, yahoo, hotmail, etc. Are too lazy to list individual IPs so they just block subnets. > > Anybody know of a successful strategy here?  Maintaining your own > servers can occasionally be a pain, but I really like managing my > own servers exactly how I want them. I am playing with Matt's suggestion to use DuoCircle as a smart relay. This looks promising. ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/