Ask Slashdot: Is There a War Against Small Mail Servers?

softegg writes "My company hosts our own mail server. We have high-speed business connections through Verizon and Comcast. Recently, Verizon and Comcast have been blocking port 25, causing our private mail server to stop functioning. Additionally, a lot of ISPs just started blocking any mail coming from any IP in the address block of cable modems. This caused us to start laundering our mail through a third-party service called DNSExit. Now, McAfee's MAPS anti-spam system tells us they are blocking DNSExit for spam. Essentially, we are finding ourselves increasingly cut off from sending any outgoing mail. What is a small company supposed to do if you want to host your own mail?"

Not much to do

[enec]

Most ISPs block outgoing port 25 because 99.99% of that traffic is viruses or otherwise malicious computers trying to send spam. Even more mail services block all dynamic pools used by major ISPs because of the same reason.

Just invest a few bucks a month into a cheap hosted VPS behind a static IP where you can run the server.

Re:Not much to do

[guybrush3pwood]

"First, they went after port 25, but I didn't care, because I didn't host my own mail server..."

blah blah blah, you know how it goes

Sounds like an ISP problem.

[raitchison]

If your ISP (Verizon and Comcast) are blocking port 25 outbound it doesn't sound like they think you have a "Business" connection. Check your contract/TOS for any provisions that would prevent you from running a server (common for residential cable connections but not for business) and if there isn't one call and complain. If they won't unblock port 25 for your mail server (assuming it's properly configured) you need to find a new ISP.

Re:Sounds like an ISP problem.

[jimicus]

If your ISP is preventing 25 outbound, you don't have an ISP.

TBH, I'm not quite sure what you do have. I've met that sort of thing once before, I would describe them as a Web access provider.

This is a big deal for me. :-(

[Omnifarious]

I've run my own mailserver for over a decade. It's IP has changed every few years if I switch ISPs, but otherwise it remains stable. I have a static IP on a DSL line and have reverse mappings set up. I have SPF records. I've registered with a whitelist. I've done everything I can. And still nobody who uses hotmail gets email from me. And I have increasing difficulty getting email to anybody else.

And I do not believe a single spam message has ever made it out from my network. I even block outgoing port 25 for the network segment my roommates use (when I have roommates) unless I'm administrating their computers.

This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.

Re:This is a big deal for me. :-(

[bcrowell]

I've had similar problems.

The clueful email service providers are yahoo and gmail. They both support dkim and sign all their outbound mail with dkim. They both have mechanisms for reporting dkim-signed spam from their users ( http://mail.google.com/support/bin/request.py?hl=en&contact_type=abuse and http://help.yahoo.com/l/us/yahoo/mail/classic/spam.html ). If you dkim-sign your own outgoing email, you can go through a process with yahoo http://help.yahoo.com/l/us/yahoo/mail/postmaster/forms_index.html to tell them that, and if the info you provide satisfies them, your mails are less likely to end up in users' spam boxes.

The one that doesn't work for me is AOL. Any email I send to their users goes straight to the bitbucket. I have never been able to find any mechanism for convincing them that I'm not a spammer. I'm sending mail from a dedicated server with a permanent IP address, SPF, DKIM, and reverse DNS all set up properly.

This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.

It baffles me that some large email providers like hotmail and AOL don't implement DKIM. The added CPU load is negligible on a modern machine. I'm not saying that DKIM is a cure-all, but it works much better than these silly, ad hoc measures like blocking all vanity domains. If someone with a yahoo account sends spam to someone's gmail account, the user can report it to yahoo, yahoo can verify the dkim signature so they know it really came from that account, and they can deactivate the account. If someone sends spam to a gmail account, and they claim to be a yahoo user but they aren't, google can detect that it isn't properly signed and trash the mail.

How to setup a SMB mail server

[DigiShaman]

Being that I setup SBS 2003 and SBS 2008 boxes, let me explain what you really need to make it work.

1. A business class ISP subscription. Along with this classification, you get a netblock of IP/s that (usually) wont be preemptively blacklisted by SORBS (I hate them).
2. Reverse DNS (PTR) record. Not having one is almost guaranteed to get your sent e-mails blocked. Getting one created is easy as pie if you subscribe to a business class ISP.
3. SPF record. They're many online wizards to help you create one. My favorite is from Microsoft.
4. DNS that will host TXT records. Needed for that SPF record you just created.

Once all completed, be sure you test out your handy work over at http://www.mxtoolbox.com/ Good luck.

A few things to try

[chrisgeleven]

1) Get a static IP address for your mail server if you don't already have one. Many mail servers use DNSBL blacklists that distrust anyone with a Dynamic IP address.
2) Get your ISP to configure Reverse DNS for your mail server's IP address. Many mail servers reject mail because Reverse DNS isn't configured properly.
3) Make sure your server is set to not run as an open relay.
4) Have a proper abuse@ and postmaster@ e-mail addresses so e-mail providers who claim to have spam complaints against your domain can actually send them to you.
5) Setup an SPF record (openspf.org has a great wizard for this) for your domain. SPF records basically specify which mail servers are allowed to send mail from your domain. This will help cut down on spammers spoofing e-mail addresses at your domain and increases the odds of legit e-mail not being marked as spam.

Not all of these will guarentee delivery of any e-mail, but they can certainly improve the odds.

This is just plain wrong

[sgent]

As long as you have a business associate agreement there is no problem outsourcing medical information. Hospitals and clinics routinely outsource everything up to and in including electronic medical record systems.