Slashdot Mirror
Ask Slashdot: Is There a War Against Small Mail Servers?
softegg writes "My company hosts our own mail server. We have high-speed business connections through Verizon and Comcast. Recently, Verizon and Comcast have been blocking port 25, causing our private mail server to stop functioning. Additionally, a lot of ISPs just started blocking any mail coming from any IP in the address block of cable modems. This caused us to start laundering our mail through a third-party service called DNSExit. Now, McAfee's MAPS anti-spam system tells us they are blocking DNSExit for spam. Essentially, we are finding ourselves increasingly cut off from sending any outgoing mail. What is a small company supposed to do if you want to host your own mail?"
Most ISPs block outgoing port 25 because 99.99% of that traffic is viruses or otherwise malicious computers trying to send spam. Even more mail services block all dynamic pools used by major ISPs because of the same reason.
Just invest a few bucks a month into a cheap hosted VPS behind a static IP where you can run the server.
I'm sorry, I only accept criticism in the form of sed expressions.
If your ISP (Verizon and Comcast) are blocking port 25 outbound it doesn't sound like they think you have a "Business" connection. Check your contract/TOS for any provisions that would prevent you from running a server (common for residential cable connections but not for business) and if there isn't one call and complain. If they won't unblock port 25 for your mail server (assuming it's properly configured) you need to find a new ISP.
I've run my own mailserver for over a decade. It's IP has changed every few years if I switch ISPs, but otherwise it remains stable. I have a static IP on a DSL line and have reverse mappings set up. I have SPF records. I've registered with a whitelist. I've done everything I can. And still nobody who uses hotmail gets email from me. And I have increasing difficulty getting email to anybody else.
And I do not believe a single spam message has ever made it out from my network. I even block outgoing port 25 for the network segment my roommates use (when I have roommates) unless I'm administrating their computers.
This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.
Need a Python, C++, Unix, Linux develop
I had a customer (a small town government) recently have port 25 outbound blocked by Comcast. After going around with Comcast for a bit, it turned out that they were subscribed to a residential-class service, which has port 25 outbound blocked by an implacable policy. The only way to get the port unblocked in this case would have been to move them to a business-class service with a static IP. (Fortunately the block wasn't a big deal for them, we were just using it for automated status reporting rather than running an inhouse mailserver.)
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
are inappropriate for small businesses yet continue to grow in popularity due to their heavy marketing and low cost.
Contact your local bell, or find a t1/t3 reseller, and let them know you need a fractional leased line. the cost is higher, but you get a real service level agreement to which the provider is contractually obligated.
using a dedicated/shared server for email hosting has its drawbacks. the shared server may become overloaded by spammer accounts and other users, and its generally not a priority for most hosting companies as they get very little money off a shared hosting sale. dedicated hosting is just as bad because you're commonly forced through one relay host, or a set of relay hosts that routinely become overwhelmed by spammers on your providers other dedicated hosting boxes. the dedicated and shared boxes are also notorious for floating in and out of various blacklists and sender reputation services, so you can expect mail to break-down about once every few weeks.
Good people go to bed earlier.
I host my personal server with a Mosaic forum (Mosaic and Stained Glass.org) out of a CoLo in Florida. It's not the cheapest solution but I do get 100% access to the server to do what I want and a reasonable time on reboots when necessary.
Still, Microsoft will randomly block my mail for a month at a time with no recourse. I've attempted to contact them but they send me to a troubleshooting page which tells me I'm configured correctly but they still won't accept email. This wouldn't be too bad of a problem except that other ISPs use them to manage their e-mail. So I can't get any e-mail to Shaw.ca or AT&T in Canada. They don't even have a whitelist option for their users.
And there are a few smaller ISPs in the US that use anti spam blocking sites that don't have any way to let them know that I'm not spamming.
Most others though have contact information in their bounce and I've used it to check the various sites in the block list, then forward the results to the postmaster at the offended site. Then I get it opened up for the folks on the forum.
Heck, one ISP replied that I needed to get in touch with them and their Postmaster account won't accept further e-mail. I had to send them a note from my Yahoo account. Then they said it was a problem with my ISP and they should fix it. My ISP had no idea what they could do to fix it.
Even the company I work at, who uses MX-Logic can't receive e-mails from me because I'm not able to convince MX-Logic I'm not a spammer.
On the plus side, if I did want to spam Microsoft, they have a program where if I pay them, they'll open their servers up so I can send e-mail to their clients.
I'm not doing any real business on the server. I have my consulting website there but traffic is pretty much non-existent. The biggest impact is when the forum folk try to send the other folks e-mails (the PM notifications). I have a note in the Site Agreement to let folks know on shaw.ca, frontier, and the others that they might want to use a Yahoo e-mail to manage their forum account.
[John]
Shit better not happen!
Get a VPS. You can get one for $20/month and set up a full e-mail server on it. You'll get better hardware and better connectivity than your own server. Your IP will be seen as coming from a data center, not a cable modem pool of addresses. You can also host your own website, and leave the server you have at your office for internal things only. For mail access, just set up IMAP and SMTP with TLS, with the latter on port 587 (known as the submission port) which is generally not blocked like 25 is.
My Comcast Business account explicitly allows servers on the static IP, including mail, web, etc. Anything allowed unless it's against the law in the local jurisdiction. If you go over bandwidth caps, they reserve the right to promote you automatically to the next tier of service. At the top tier, there are no caps.
It costs a little extra, but it seems to me like a business big enough to run it's own mail server should be able to afford the ~$75-100/mo for a business cable modem account.
More data, damnit!
Being that I setup SBS 2003 and SBS 2008 boxes, let me explain what you really need to make it work.
1. A business class ISP subscription. Along with this classification, you get a netblock of IP/s that (usually) wont be preemptively blacklisted by SORBS (I hate them).
2. Reverse DNS (PTR) record. Not having one is almost guaranteed to get your sent e-mails blocked. Getting one created is easy as pie if you subscribe to a business class ISP.
3. SPF record. They're many online wizards to help you create one. My favorite is from Microsoft.
4. DNS that will host TXT records. Needed for that SPF record you just created.
Once all completed, be sure you test out your handy work over at http://www.mxtoolbox.com/ Good luck.
Life is not for the lazy.
Outsourcing is often not feasible. As an example off the top of my head, any American company working with medical data needs to be certain that personal medical data does not leave their control, or they get hit with huge penalties from HIPAA and HITECH. That eliminates a lot of outsourcing options, and especially anything cloud-related, because one mistaken message, even from someone outside the company, can have devastating effects.
You do not have a moral or legal right to do absolutely anything you want.
1) Get a static IP address for your mail server if you don't already have one. Many mail servers use DNSBL blacklists that distrust anyone with a Dynamic IP address.
2) Get your ISP to configure Reverse DNS for your mail server's IP address. Many mail servers reject mail because Reverse DNS isn't configured properly.
3) Make sure your server is set to not run as an open relay.
4) Have a proper abuse@ and postmaster@ e-mail addresses so e-mail providers who claim to have spam complaints against your domain can actually send them to you.
5) Setup an SPF record (openspf.org has a great wizard for this) for your domain. SPF records basically specify which mail servers are allowed to send mail from your domain. This will help cut down on spammers spoofing e-mail addresses at your domain and increases the odds of legit e-mail not being marked as spam.
Not all of these will guarentee delivery of any e-mail, but they can certainly improve the odds.
As long as you have a business associate agreement there is no problem outsourcing medical information. Hospitals and clinics routinely outsource everything up to and in including electronic medical record systems.