Ask Slashdot: Is There a War Against Small Mail Servers? 459
softegg writes "My company hosts our own mail server. We have high-speed business connections through Verizon and Comcast. Recently, Verizon and Comcast have been blocking port 25, causing our private mail server to stop functioning. Additionally, a lot of ISPs just started blocking any mail coming from any IP in the address block of cable modems. This caused us to start laundering our mail through a third-party service called DNSExit. Now, McAfee's MAPS anti-spam system tells us they are blocking DNSExit for spam. Essentially, we are finding ourselves increasingly cut off from sending any outgoing mail. What is a small company supposed to do if you want to host your own mail?"
Not much to do (Score:5, Informative)
Most ISPs block outgoing port 25 because 99.99% of that traffic is viruses or otherwise malicious computers trying to send spam. Even more mail services block all dynamic pools used by major ISPs because of the same reason.
Just invest a few bucks a month into a cheap hosted VPS behind a static IP where you can run the server.
Re:Not much to do (Score:2, Informative)
Or stop using a dynamic IP for a business. I know static IPv4 addresses are an endangered species, but come on man.
Re:Not much to do (Score:4, Informative)
A lot of companies offer static ips for which you can set all the reverse dns & email information, and they are also out of their normal subscriber pool, thus allowing you to send emails from the computer behind it. The cost of that option is usually lower than 5$ per ip per month around here.
Re:Sounds like an ISP problem. (Score:2, Informative)
>>>you need to find a new ISP.
That would be great, if the government had not given Comcast/Verizon an exclusive monopoly (or duopoly). And then decided not to regulate them.
Choice - we don't haze it.
Small CoLo's aren't safe either (Score:4, Informative)
I host my personal server with a Mosaic forum (Mosaic and Stained Glass.org) out of a CoLo in Florida. It's not the cheapest solution but I do get 100% access to the server to do what I want and a reasonable time on reboots when necessary.
Still, Microsoft will randomly block my mail for a month at a time with no recourse. I've attempted to contact them but they send me to a troubleshooting page which tells me I'm configured correctly but they still won't accept email. This wouldn't be too bad of a problem except that other ISPs use them to manage their e-mail. So I can't get any e-mail to Shaw.ca or AT&T in Canada. They don't even have a whitelist option for their users.
And there are a few smaller ISPs in the US that use anti spam blocking sites that don't have any way to let them know that I'm not spamming.
Most others though have contact information in their bounce and I've used it to check the various sites in the block list, then forward the results to the postmaster at the offended site. Then I get it opened up for the folks on the forum.
Heck, one ISP replied that I needed to get in touch with them and their Postmaster account won't accept further e-mail. I had to send them a note from my Yahoo account. Then they said it was a problem with my ISP and they should fix it. My ISP had no idea what they could do to fix it.
Even the company I work at, who uses MX-Logic can't receive e-mails from me because I'm not able to convince MX-Logic I'm not a spammer.
On the plus side, if I did want to spam Microsoft, they have a program where if I pay them, they'll open their servers up so I can send e-mail to their clients.
I'm not doing any real business on the server. I have my consulting website there but traffic is pretty much non-existent. The biggest impact is when the forum folk try to send the other folks e-mails (the PM notifications). I have a note in the Site Agreement to let folks know on shaw.ca, frontier, and the others that they might want to use a Yahoo e-mail to manage their forum account.
[John]
VPS (Score:4, Informative)
Get a VPS. You can get one for $20/month and set up a full e-mail server on it. You'll get better hardware and better connectivity than your own server. Your IP will be seen as coming from a data center, not a cable modem pool of addresses. You can also host your own website, and leave the server you have at your office for internal things only. For mail access, just set up IMAP and SMTP with TLS, with the latter on port 587 (known as the submission port) which is generally not blocked like 25 is.
Re:Comcast Business works for me... (Score:4, Informative)
My Comcast Business account explicitly allows servers on the static IP, including mail, web, etc. Anything allowed unless it's against the law in the local jurisdiction. If you go over bandwidth caps, they reserve the right to promote you automatically to the next tier of service. At the top tier, there are no caps.
It costs a little extra, but it seems to me like a business big enough to run it's own mail server should be able to afford the ~$75-100/mo for a business cable modem account.
Comment removed (Score:5, Informative)
Re:ITs the end of the small business mail server (Score:4, Informative)
A few things to try (Score:5, Informative)
1) Get a static IP address for your mail server if you don't already have one. Many mail servers use DNSBL blacklists that distrust anyone with a Dynamic IP address.
2) Get your ISP to configure Reverse DNS for your mail server's IP address. Many mail servers reject mail because Reverse DNS isn't configured properly.
3) Make sure your server is set to not run as an open relay.
4) Have a proper abuse@ and postmaster@ e-mail addresses so e-mail providers who claim to have spam complaints against your domain can actually send them to you.
5) Setup an SPF record (openspf.org has a great wizard for this) for your domain. SPF records basically specify which mail servers are allowed to send mail from your domain. This will help cut down on spammers spoofing e-mail addresses at your domain and increases the odds of legit e-mail not being marked as spam.
Not all of these will guarentee delivery of any e-mail, but they can certainly improve the odds.
Re:Not much to do (Score:4, Informative)
Or stop using a dynamic IP for a business. I know static IPv4 addresses are an endangered species, but come on man.
Agreed.
Our company has the business pacakge from Comcast which includes a static IP.
Its not a problem for our mail server. We don't get blocked, and our reverse is properly set up, and our IP is in a
non-dynamic pool. Yeah, we pay a tad more for this. But we can run all the services we want, and our mail
goes out.
Most of the blockage you get with dynamic SENDING IPs is on the the RECEIVING end, not always your local
ISP.
This is just plain wrong (Score:5, Informative)
As long as you have a business associate agreement there is no problem outsourcing medical information. Hospitals and clinics routinely outsource everything up to and in including electronic medical record systems.
Re:This is a big deal for me. :-( (Score:5, Informative)
I've had similar problems.
The clueful email service providers are yahoo and gmail. They both support dkim and sign all their outbound mail with dkim. They both have mechanisms for reporting dkim-signed spam from their users ( http://mail.google.com/support/bin/request.py?hl=en&contact_type=abuse [google.com] and http://help.yahoo.com/l/us/yahoo/mail/classic/spam.html [yahoo.com] ). If you dkim-sign your own outgoing email, you can go through a process with yahoo http://help.yahoo.com/l/us/yahoo/mail/postmaster/forms_index.html [yahoo.com] to tell them that, and if the info you provide satisfies them, your mails are less likely to end up in users' spam boxes.
The one that doesn't work for me is AOL. Any email I send to their users goes straight to the bitbucket. I have never been able to find any mechanism for convincing them that I'm not a spammer. I'm sending mail from a dedicated server with a permanent IP address, SPF, DKIM, and reverse DNS all set up properly.
This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.
It baffles me that some large email providers like hotmail and AOL don't implement DKIM. The added CPU load is negligible on a modern machine. I'm not saying that DKIM is a cure-all, but it works much better than these silly, ad hoc measures like blocking all vanity domains. If someone with a yahoo account sends spam to someone's gmail account, the user can report it to yahoo, yahoo can verify the dkim signature so they know it really came from that account, and they can deactivate the account. If someone sends spam to a gmail account, and they claim to be a yahoo user but they aren't, google can detect that it isn't properly signed and trash the mail.
Re:Not much to do (Score:1, Informative)
5) Stop trying to run a mail server from a dynamic IP address and wondering why the rest of the world doesn't want to accept your mail.