Hi and Merry Christmas to all
I am having a problem with my email server and would like some advice as to the best way forward.
I have run my own SMTP server for about a decade now (beginning at bytemark, but now hosted with Hetzner - which /may/ be the problem). The server (at tap.rlogin.net) runs postfix and dovecot on debian 10 and uses a letsencrypt TLS certificate to transmit mail securely. The server has valid DKIM and SPF records and is not listed on any RBL at mxtoolbox.com.
I have no problem sending email to any of the major email providers but recently I have had mail refused by two organisations. One is a small company which uses mimecast filters, the other is ntlworld.com (who use cloudmark).
The rejections I receive are "hard" 550 refusals with messages referring to the respective filter mechanisms. I have, of course, contacted the companies using these filters and neither are interested in doing anything about it - they simply refer me to the respective filter providers.
Here I enter the catch 22 world of email delivery in that I cannot send email to eiether cloudmark or mimecast - because they use their own products. This is a classic example of why RBLs are a bloody stupid idea, but hey.
To make matters worse, the preferred feedback mechanism for both cloudmark and miimecast is via on-line feedback forms. Feedback to cloudmark vanishes into a black hole and I have never had a response from them. Mimecast's is even worse in that it doesn't actually work ("internal server error" would you believe). So I'm a bit stuck. I have resorted to sending email to them from a free GMX account I have, but I should not have to do that (and I still await replies anyway).
So - I /believe/ (but have no proof) that the reason my mail server fails a "reputation test" is that it is on a network block used by many others, and which may include Tor servers for example. Certainly I have a Tor node on Hetzner (but on a different network block). It strikes me a simply lazy for any admin to block a whole range of addresses on the grounds that it /may/ contain problematic servers, but hey. admins can be lazy.
The reason I am seeking advice here is that some of you also run email servers (or may have dome so in the past). Ideally I would like to continue to run my own server. I like the control and flexibility it gives me. But it is becoming increasingly difficult to do so in the face of the kind of opposition I see. I see only two options.
1. I find a new VPS provider which can guarantee that its network will not be blocked by lazy idiots and I move to them.
or
2. I give up and move my email to a third party provider (such as Ionos)
I am reluuctant to do 2 because apart from the loss of control, I would have to pay for each and every email address I use, and there are several, spread across (currently) four separate domains, there are often limits on the size of the emailboxes, or number of emails you can send, and there are also often limits even on the number of /aliases/ you can have.
My current Hetzner server costs me less that three euros a month. I'd be willing to pay more (Bytemark used to cost me £12.00 a month) if I could be sure that I woudn't have to move again.
Does anyone have a recommendation for a good VPS provider that would meet my requirements? If not, does anyone have a recommendation for a third party email provider that can accomodate multiple domains and email addresses without charging stupid amounts?
Any and all advice gladly accepted.
Best for the New Year
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
On Thu, Dec 24, 2020 at 02:34:25PM +0000, mick wrote: [snip tale of woe]
The reason I am seeking advice here is that some of you also run email servers (or may have dome so in the past). Ideally I would like to continue to run my own server. I like the control and flexibility it gives me. But it is becoming increasingly difficult to do so in the face of the kind of opposition I see. I see only two options.
- I find a new VPS provider which can guarantee that its network
will not be blocked by lazy idiots and I move to them.
or
- I give up and move my email to a third party provider (such as
Ionos)
There is a third way. I run a postfix server on my desktop machine at home (it could as well be a Raspberry Pi if you don't want to leave your desktop machine on all the time). It receives E-Mail for my domain like any other SMTP server, it *sends* E-Mail via my hosting provider's 'Smart host' server and thus it's my hosting provider has to jump through the hoops you're hitting.
I think this gives you much of what you want without (some of) the hassle.
Obviously it requires:-
A domain you own whose MX record can be pointed at your home's internet connection.
A route through your NAT/Firewall to a machine running the mail server.
A machine that is able to be left on all the time which is reasonably reliable. (Though I have found that reboots and updates don't cause any serious problems with the short break in service they cause)
I've been doing this for quite a few years now and have had no significant problems.
On Thu, 24 Dec 2020 15:10:16 +0000 Chris Green cl@isbd.net allegedly wrote:
On Thu, Dec 24, 2020 at 02:34:25PM +0000, mick wrote: [snip tale of woe]
The reason I am seeking advice here is that some of you also run email servers (or may have dome so in the past). Ideally I would like to continue to run my own server. I like the control and flexibility it gives me. But it is becoming increasingly difficult to do so in the face of the kind of opposition I see. I see only two options.
- I find a new VPS provider which can guarantee that its network
will not be blocked by lazy idiots and I move to them.
or
- I give up and move my email to a third party provider (such as
Ionos)
There is a third way. I run a postfix server on my desktop machine at home (it could as well be a Raspberry Pi if you don't want to leave your desktop machine on all the time). It receives E-Mail for my domain like any other SMTP server, it *sends* E-Mail via my hosting provider's 'Smart host' server and thus it's my hosting provider has to jump through the hoops you're hitting.
I think this gives you much of what you want without (some of) the hassle.
Thanks for this Chris
I hadn't considered using a relay, but your reply prompted me to investigate third party relay providers. Turns out there are quite a few out there (mostly to handle "bulk" email, but I don't see why they couldn't be used for my modest needs).
If I can't find an alternative truusted VPS provider I'll investigate some of these relays (such as sendgrid, smtp2go etc) since I'd really like to leave my mailserver where it is rather than run one at home.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
On Mon, Dec 28, 2020 at 02:34:48PM +0000, mick wrote:
On Thu, 24 Dec 2020 15:10:16 +0000 Chris Green cl@isbd.net allegedly wrote:
On Thu, Dec 24, 2020 at 02:34:25PM +0000, mick wrote: [snip tale of woe]
The reason I am seeking advice here is that some of you also run email servers (or may have dome so in the past). Ideally I would like to continue to run my own server. I like the control and flexibility it gives me. But it is becoming increasingly difficult to do so in the face of the kind of opposition I see. I see only two options.
- I find a new VPS provider which can guarantee that its network
will not be blocked by lazy idiots and I move to them.
or
- I give up and move my email to a third party provider (such as
Ionos)
There is a third way. I run a postfix server on my desktop machine at home (it could as well be a Raspberry Pi if you don't want to leave your desktop machine on all the time). It receives E-Mail for my domain like any other SMTP server, it *sends* E-Mail via my hosting provider's 'Smart host' server and thus it's my hosting provider has to jump through the hoops you're hitting.
I think this gives you much of what you want without (some of) the hassle.
Thanks for this Chris
I hadn't considered using a relay, but your reply prompted me to investigate third party relay providers. Turns out there are quite a few out there (mostly to handle "bulk" email, but I don't see why they couldn't be used for my modest needs).
If I can't find an alternative truusted VPS provider I'll investigate some of these relays (such as sendgrid, smtp2go etc) since I'd really like to leave my mailserver where it is rather than run one at home.
In principle your mail server could use a smart host in exactly the same way that mine does. I've got two hosting providers that I use for different things, one is TsoHost.co.uk and the other is gandi.net in France. You'd only have to register a domain (or move one) to be able to use their E-Mail services.
On Mon, 28 Dec 2020 15:59:00 +0000 Chris Green cl@isbd.net allegedly wrote:
In principle your mail server could use a smart host in exactly the same way that mine does. I've got two hosting providers that I use for different things, one is TsoHost.co.uk and the other is gandi.net in France. You'd only have to register a domain (or move one) to be able to use their E-Mail services.
I host my domains at TSOhost - they say that they do not provide a smart relay service (unless you have a VPS on their network). I already have six VPSs elsewhere so that doesn't help me.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
On Mon, Dec 28, 2020 at 04:51:54PM +0000, mick wrote:
On Mon, 28 Dec 2020 15:59:00 +0000 Chris Green cl@isbd.net allegedly wrote:
In principle your mail server could use a smart host in exactly the same way that mine does. I've got two hosting providers that I use for different things, one is TsoHost.co.uk and the other is gandi.net in France. You'd only have to register a domain (or move one) to be able to use their E-Mail services.
I host my domains at TSOhost - they say that they do not provide a smart relay service (unless you have a VPS on their network). I already have six VPSs elsewhere so that doesn't help me.
I don't have a VPS at TsoHost, I just have several domains hosted there on their Cloud Hosting. In the control panel if you go to the E-Mail section for a domain it gives the details for 'sending' mail, that's all I use.
On Mon, 28 Dec 2020 17:03:58 +0000 Chris Green cl@isbd.net allegedly wrote:
I host my domains at TSOhost - they say that they do not provide a smart relay service (unless you have a VPS on their network). I already have six VPSs elsewhere so that doesn't help me.
I don't have a VPS at TsoHost, I just have several domains hosted there on their Cloud Hosting. In the control panel if you go to the E-Mail section for a domain it gives the details for 'sending' mail, that's all I use.
Yours must be different to mine. All i see is an entry for "Email Forwarding" and you have to use a TSOhost MX server for that. It says:
"This email management tool allows you to forward emails from a parked domain to another email address, without the need for a hosting account. Please note that to use this service your domain's root DNS MX record must be set to:
Type Priority Content MX 0 mail.vhdns.net
No good for me.
But thanks anyway.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
On 28/12/2020 18:14, mick wrote:
On Mon, 28 Dec 2020 17:03:58 +0000 Chris Green cl@isbd.net allegedly wrote:
I host my domains at TSOhost - they say that they do not provide a smart relay service (unless you have a VPS on their network). I already have six VPSs elsewhere so that doesn't help me.
I don't have a VPS at TsoHost, I just have several domains hosted there on their Cloud Hosting. In the control panel if you go to the E-Mail section for a domain it gives the details for 'sending' mail, that's all I use.
Yours must be different to mine. All i see is an entry for "Email Forwarding" and you have to use a TSOhost MX server for that. It says:
"This email management tool allows you to forward emails from a parked domain to another email address, without the need for a hosting account. Please note that to use this service your domain's root DNS MX record must be set to:
Type Priority Content MX 0 mail.vhdns.net
No good for me.
But thanks anyway.
Perhaps Chris could send you the email settings he uses (off list)? I host my own mail server but send most * of my emails via my ISP's smarthost.
The details I use for sending via the Smarthost are details that were current years ago. They are no-longer listed, but they still work. Chris's settings may not be listed but may be valid and usable.
[* my email server allows different smarthosts for different destination addresses]
Do any of the people you buy services from have an email smarthost you can use?
As a last resort, which I'm sure you won't want to do, but I believe that you can send via GMAIL. You'd have to set it up for each of the email addresses you want it to send from.
HTH Steve
On Tue, 29 Dec 2020 14:07:24 +0000 steve-ALUG@hst.me.uk allegedly wrote:
Perhaps Chris could send you the email settings he uses (off list)? I host my own mail server but send most * of my emails via my ISP's smarthost.
The details I use for sending via the Smarthost are details that were current years ago. They are no-longer listed, but they still work. Chris's settings may not be listed but may be valid and usable.
Thanks for the suggestion Steve (Chris, over to you).
[* my email server allows different smarthosts for different destination addresses]
Do any of the people you buy services from have an email smarthost you can use?
My domestic ISP (Plusnet) may have a relay host (or so it would appear from the support forum discussions between customers, even though they don't advertise it) but that would mean me tying myself to their infrastructure when I may not stay as their customer in future. And it might also mean that I would have to move my mail server onto my internal network when I already have a good, fully functional server on the wider internet.
None of my VPS providers seem to have a relayhost service (which is odd, because Hetzner in particular could probably benefit from one).
But one piece of good news is that Mimecast have at last responded positively to my request that they look at their blocklist and they say they have de-listed my mailserver (not yet tested though). Cloudmark have (auto)responded to my request for the IP address to be checked saying:
"Please note that after the reset, Cloudmark will continue to gather statistics for this IP address. If spam is still being sent from this source or if we receive additional spam complaints for this IP address, its reputation will be negatively impacted.
Please be aware that you will not receive a notification upon remediation of the IP. If we require additional information, we will contact you."
But of course there was no spam from this server, they simply blacklisted the IP address, so I am hopeful that the problem at ntlworld will now be fixed.
(Now just checked and I can send to ntlworld. Hooray for common sense.)
As a last resort, which I'm sure you won't want to do, but I believe that you can send via GMAIL. You'd have to set it up for each of the email addresses you want it to send from.
No - I won't go there. I am still exploring the paid for third party relay mechanisms though - they may yet be necessary.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
On 29/12/2020 15:12, mick wrote:
On Tue, 29 Dec 2020 14:07:24 +0000 steve-ALUG@hst.me.uk allegedly wrote:
Do any of the people you buy services from have an email smarthost you can use?
My domestic ISP (Plusnet) may have a relay host (or so it would appear from the support forum discussions between customers, even though they don't advertise it) but that would mean me tying myself to their infrastructure when I may not stay as their customer in future. And it might also mean that I would have to move my mail server onto my internal network when I already have a good, fully functional server on the wider internet.
Perhaps, perhaps not. I get that you might move, but if they have a service, perhaps you could use it. You may be able to access it without moving your server onto their network. If I understand correctly, my ISP lets me send via their smarthost simply by being directly connected to their network. However, their current published setup (IIRC) mandates sending a username and password before connecting to their server. Presumably if I did this, I could access their server from an IP address outside their network. YMMV on Plusnet.
[This became Un-Quoted somehow] (Now just checked and I can send to ntlworld. Hooray for common sense.)
YAY!
As a last resort, which I'm sure you won't want to do, but I believe that you can send via GMAIL. You'd have to set it up for each of the email addresses you want it to send from.
No - I won't go there.
Not surprised :-)
I am still exploring the paid for third party relay mechanisms though - they may yet be necessary.
Would be interested if you post your results, just in case my ISP decides change config or ban email servers! :-)
Steve
On Wed, 30 Dec 2020 00:36:33 +0000 steve-ALUG@hst.me.uk allegedly wrote:
On 29/12/2020 15:12, mick wrote:
My domestic ISP (Plusnet) may have a relay host (or so it would appear from the support forum discussions between customers, even though they don't advertise it) but that would mean me tying myself to their infrastructure when I may not stay as their customer in future. And it might also mean that I would have to move my mail server onto my internal network when I already have a good, fully functional server on the wider internet.
Perhaps, perhaps not. I get that you might move, but if they have a service, perhaps you could use it. You may be able to access it without moving your server onto their network. If I understand correctly, my ISP lets me send via their smarthost simply by being directly connected to their network. However, their current published setup (IIRC) mandates sending a username and password before connecting to their server. Presumably if I did this, I could access their server from an IP address outside their network. YMMV on Plusnet.
From what I can gather on the plusnet forums their relay accepts any connection (on port 25 or 587) from a plusnet network address /without authentication/ but from a non plusnet network it requires authentication and only accepts connections on the submission port (587). Worryingly, there seems to be some confusion about whether TLS encryption is necessary - but that may just be that some people on the forum are confusing SASL and TLS. The authentication credentials seem to be your plusnet uid/password - and that bothers me because I'd guess that those would be revoked if I should leave plusnet.
I am still exploring the paid for third party relay mechanisms though - they may yet be necessary.
Would be interested if you post your results, just in case my ISP decides change config or ban email servers! :-)
Will do Steve. In fact I am considering documenting the whole process in case I should need it in future. There seem to quite a lot of commercial third party relays out there.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------
-
Chris Green -
mick -
steve-ALUG@hst.me.uk