Forgot your password?
typodupeerror
Communications The Internet Verizon

Ask Slashdot: Is There a War Against Small Mail Servers? 459

Posted by Soulskill
from the lazy-spam-prevention dept.
softegg writes "My company hosts our own mail server. We have high-speed business connections through Verizon and Comcast. Recently, Verizon and Comcast have been blocking port 25, causing our private mail server to stop functioning. Additionally, a lot of ISPs just started blocking any mail coming from any IP in the address block of cable modems. This caused us to start laundering our mail through a third-party service called DNSExit. Now, McAfee's MAPS anti-spam system tells us they are blocking DNSExit for spam. Essentially, we are finding ourselves increasingly cut off from sending any outgoing mail. What is a small company supposed to do if you want to host your own mail?"
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Is There a War Against Small Mail Servers?

Comments Filter:
  • Not much to do (Score:5, Informative)

    by enec (1922548) * <jho@hajotus.net> on Monday February 21, 2011 @06:33PM (#35272714) Homepage

    Most ISPs block outgoing port 25 because 99.99% of that traffic is viruses or otherwise malicious computers trying to send spam. Even more mail services block all dynamic pools used by major ISPs because of the same reason.

    Just invest a few bucks a month into a cheap hosted VPS behind a static IP where you can run the server.

  • Re:Not much to do (Score:2, Informative)

    by Anonymous Coward on Monday February 21, 2011 @06:37PM (#35272766)

    Or stop using a dynamic IP for a business. I know static IPv4 addresses are an endangered species, but come on man.

  • Re:Not much to do (Score:4, Informative)

    by PIBM (588930) on Monday February 21, 2011 @06:38PM (#35272792) Homepage

    A lot of companies offer static ips for which you can set all the reverse dns & email information, and they are also out of their normal subscriber pool, thus allowing you to send emails from the computer behind it. The cost of that option is usually lower than 5$ per ip per month around here.

  • by commodore6502 (1981532) on Monday February 21, 2011 @06:50PM (#35272978)

    >>>you need to find a new ISP.

    That would be great, if the government had not given Comcast/Verizon an exclusive monopoly (or duopoly). And then decided not to regulate them.
    Choice - we don't haze it.

  • by Bigbutt (65939) on Monday February 21, 2011 @07:00PM (#35273090) Homepage Journal

    I host my personal server with a Mosaic forum (Mosaic and Stained Glass.org) out of a CoLo in Florida. It's not the cheapest solution but I do get 100% access to the server to do what I want and a reasonable time on reboots when necessary.

    Still, Microsoft will randomly block my mail for a month at a time with no recourse. I've attempted to contact them but they send me to a troubleshooting page which tells me I'm configured correctly but they still won't accept email. This wouldn't be too bad of a problem except that other ISPs use them to manage their e-mail. So I can't get any e-mail to Shaw.ca or AT&T in Canada. They don't even have a whitelist option for their users.

    And there are a few smaller ISPs in the US that use anti spam blocking sites that don't have any way to let them know that I'm not spamming.

    Most others though have contact information in their bounce and I've used it to check the various sites in the block list, then forward the results to the postmaster at the offended site. Then I get it opened up for the folks on the forum.

    Heck, one ISP replied that I needed to get in touch with them and their Postmaster account won't accept further e-mail. I had to send them a note from my Yahoo account. Then they said it was a problem with my ISP and they should fix it. My ISP had no idea what they could do to fix it.

    Even the company I work at, who uses MX-Logic can't receive e-mails from me because I'm not able to convince MX-Logic I'm not a spammer.

    On the plus side, if I did want to spam Microsoft, they have a program where if I pay them, they'll open their servers up so I can send e-mail to their clients.

    I'm not doing any real business on the server. I have my consulting website there but traffic is pretty much non-existent. The biggest impact is when the forum folk try to send the other folks e-mails (the PM notifications). I have a note in the Site Agreement to let folks know on shaw.ca, frontier, and the others that they might want to use a Yahoo e-mail to manage their forum account.

    [John]

  • VPS (Score:4, Informative)

    by dlevitan (132062) on Monday February 21, 2011 @07:02PM (#35273098)

    Get a VPS. You can get one for $20/month and set up a full e-mail server on it. You'll get better hardware and better connectivity than your own server. Your IP will be seen as coming from a data center, not a cable modem pool of addresses. You can also host your own website, and leave the server you have at your office for internal things only. For mail access, just set up IMAP and SMTP with TLS, with the latter on port 587 (known as the submission port) which is generally not blocked like 25 is.

  • by edmudama (155475) on Monday February 21, 2011 @07:03PM (#35273102)

    My Comcast Business account explicitly allows servers on the static IP, including mail, web, etc. Anything allowed unless it's against the law in the local jurisdiction. If you go over bandwidth caps, they reserve the right to promote you automatically to the next tier of service. At the top tier, there are no caps.

    It costs a little extra, but it seems to me like a business big enough to run it's own mail server should be able to afford the ~$75-100/mo for a business cable modem account.

  • by DigiShaman (671371) on Monday February 21, 2011 @07:03PM (#35273104) Homepage

    Being that I setup SBS 2003 and SBS 2008 boxes, let me explain what you really need to make it work.

    1. A business class ISP subscription. Along with this classification, you get a netblock of IP/s that (usually) wont be preemptively blacklisted by SORBS (I hate them).
    2. Reverse DNS (PTR) record. Not having one is almost guaranteed to get your sent e-mails blocked. Getting one created is easy as pie if you subscribe to a business class ISP.
    3. SPF record. They're many online wizards to help you create one. My favorite is from Microsoft.
    4. DNS that will host TXT records. Needed for that SPF record you just created.

    Once all completed, be sure you test out your handy work over at http://www.mxtoolbox.com/ [mxtoolbox.com] Good luck.

  • by Sarten-X (1102295) on Monday February 21, 2011 @07:05PM (#35273128) Homepage
    Outsourcing is often not feasible. As an example off the top of my head, any American company working with medical data needs to be certain that personal medical data does not leave their control, or they get hit with huge penalties from HIPAA and HITECH. That eliminates a lot of outsourcing options, and especially anything cloud-related, because one mistaken message, even from someone outside the company, can have devastating effects.
  • A few things to try (Score:5, Informative)

    by chrisgeleven (514645) on Monday February 21, 2011 @07:05PM (#35273132) Homepage

    1) Get a static IP address for your mail server if you don't already have one. Many mail servers use DNSBL blacklists that distrust anyone with a Dynamic IP address.
    2) Get your ISP to configure Reverse DNS for your mail server's IP address. Many mail servers reject mail because Reverse DNS isn't configured properly.
    3) Make sure your server is set to not run as an open relay.
    4) Have a proper abuse@ and postmaster@ e-mail addresses so e-mail providers who claim to have spam complaints against your domain can actually send them to you.
    5) Setup an SPF record (openspf.org has a great wizard for this) for your domain. SPF records basically specify which mail servers are allowed to send mail from your domain. This will help cut down on spammers spoofing e-mail addresses at your domain and increases the odds of legit e-mail not being marked as spam.

    Not all of these will guarentee delivery of any e-mail, but they can certainly improve the odds.

  • Re:Not much to do (Score:4, Informative)

    by icebike (68054) on Monday February 21, 2011 @07:09PM (#35273180)

    Or stop using a dynamic IP for a business. I know static IPv4 addresses are an endangered species, but come on man.

    Agreed.

    Our company has the business pacakge from Comcast which includes a static IP.
    Its not a problem for our mail server. We don't get blocked, and our reverse is properly set up, and our IP is in a
    non-dynamic pool. Yeah, we pay a tad more for this. But we can run all the services we want, and our mail
    goes out.

    Most of the blockage you get with dynamic SENDING IPs is on the the RECEIVING end, not always your local
    ISP.

  • by sgent (874402) on Monday February 21, 2011 @08:27PM (#35273802)

    As long as you have a business associate agreement there is no problem outsourcing medical information. Hospitals and clinics routinely outsource everything up to and in including electronic medical record systems.

  • by bcrowell (177657) on Monday February 21, 2011 @09:31PM (#35274302) Homepage

    I've had similar problems.

    The clueful email service providers are yahoo and gmail. They both support dkim and sign all their outbound mail with dkim. They both have mechanisms for reporting dkim-signed spam from their users ( http://mail.google.com/support/bin/request.py?hl=en&contact_type=abuse [google.com] and http://help.yahoo.com/l/us/yahoo/mail/classic/spam.html [yahoo.com] ). If you dkim-sign your own outgoing email, you can go through a process with yahoo http://help.yahoo.com/l/us/yahoo/mail/postmaster/forms_index.html [yahoo.com] to tell them that, and if the info you provide satisfies them, your mails are less likely to end up in users' spam boxes.

    The one that doesn't work for me is AOL. Any email I send to their users goes straight to the bitbucket. I have never been able to find any mechanism for convincing them that I'm not a spammer. I'm sending mail from a dedicated server with a permanent IP address, SPF, DKIM, and reverse DNS all set up properly.

    This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.

    It baffles me that some large email providers like hotmail and AOL don't implement DKIM. The added CPU load is negligible on a modern machine. I'm not saying that DKIM is a cure-all, but it works much better than these silly, ad hoc measures like blocking all vanity domains. If someone with a yahoo account sends spam to someone's gmail account, the user can report it to yahoo, yahoo can verify the dkim signature so they know it really came from that account, and they can deactivate the account. If someone sends spam to a gmail account, and they claim to be a yahoo user but they aren't, google can detect that it isn't properly signed and trash the mail.

  • Re:Not much to do (Score:1, Informative)

    by rocca (61281) on Monday February 21, 2011 @10:32PM (#35274704)

    5) Stop trying to run a mail server from a dynamic IP address and wondering why the rest of the world doesn't want to accept your mail.

"The algorithm to do that is extremely nasty. You might want to mug someone with it." -- M. Devine, Computer Science 340

Working...