Ask Slashdot: Is There a War Against Small Mail Servers?

← Back to Stories (view on slashdot.org)

Ask Slashdot: Is There a War Against Small Mail Servers?

Posted by Soulskill on Monday February 21, 2011 @10:33AM from the lazy-spam-prevention dept.

softegg writes "My company hosts our own mail server. We have high-speed business connections through Verizon and Comcast. Recently, Verizon and Comcast have been blocking port 25, causing our private mail server to stop functioning. Additionally, a lot of ISPs just started blocking any mail coming from any IP in the address block of cable modems. This caused us to start laundering our mail through a third-party service called DNSExit. Now, McAfee's MAPS anti-spam system tells us they are blocking DNSExit for spam. Essentially, we are finding ourselves increasingly cut off from sending any outgoing mail. What is a small company supposed to do if you want to host your own mail?"

7 of 459 comments (clear)

Min score:

Reason:

Sort:

Not much to do by enec · 2011-02-21 10:33 · Score: 5, Informative

Most ISPs block outgoing port 25 because 99.99% of that traffic is viruses or otherwise malicious computers trying to send spam. Even more mail services block all dynamic pools used by major ISPs because of the same reason.
Just invest a few bucks a month into a cheap hosted VPS behind a static IP where you can run the server.

--
I'm sorry, I only accept criticism in the form of sed expressions.
1. Re:Not much to do by guybrush3pwood · 2011-02-21 10:37 · Score: 5, Funny
  
  "First, they went after port 25, but I didn't care, because I didn't host my own mail server..."
  blah blah blah, you know how it goes
  
  --
  Perhaps I'm trolling, perhaps I'm not.
Sounds like an ISP problem. by raitchison · 2011-02-21 10:36 · Score: 5, Insightful

If your ISP (Verizon and Comcast) are blocking port 25 outbound it doesn't sound like they think you have a "Business" connection. Check your contract/TOS for any provisions that would prevent you from running a server (common for residential cable connections but not for business) and if there isn't one call and complain. If they won't unblock port 25 for your mail server (assuming it's properly configured) you need to find a new ISP.
1. Re:Sounds like an ISP problem. by jimicus · 2011-02-21 11:08 · Score: 5, Insightful
  
  If your ISP is preventing 25 outbound, you don't have an ISP.
  TBH, I'm not quite sure what you do have. I've met that sort of thing once before, I would describe them as a Web access provider.
This is a big deal for me. :-( by Omnifarious · 2011-02-21 10:41 · Score: 5, Interesting

I've run my own mailserver for over a decade. It's IP has changed every few years if I switch ISPs, but otherwise it remains stable. I have a static IP on a DSL line and have reverse mappings set up. I have SPF records. I've registered with a whitelist. I've done everything I can. And still nobody who uses hotmail gets email from me. And I have increasing difficulty getting email to anybody else.
And I do not believe a single spam message has ever made it out from my network. I even block outgoing port 25 for the network segment my roommates use (when I have roommates) unless I'm administrating their computers.
This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.

--
Need a Python, C++, Unix, Linux develop
1. Re:This is a big deal for me. :-( by bcrowell · 2011-02-21 13:31 · Score: 5, Informative
  
  I've had similar problems.
  The clueful email service providers are yahoo and gmail. They both support dkim and sign all their outbound mail with dkim. They both have mechanisms for reporting dkim-signed spam from their users ( http://mail.google.com/support/bin/request.py?hl=en&contact_type=abuse and http://help.yahoo.com/l/us/yahoo/mail/classic/spam.html ). If you dkim-sign your own outgoing email, you can go through a process with yahoo http://help.yahoo.com/l/us/yahoo/mail/postmaster/forms_index.html to tell them that, and if the info you provide satisfies them, your mails are less likely to end up in users' spam boxes.
  The one that doesn't work for me is AOL. Any email I send to their users goes straight to the bitbucket. I have never been able to find any mechanism for convincing them that I'm not a spammer. I'm sending mail from a dedicated server with a permanent IP address, SPF, DKIM, and reverse DNS all set up properly.
  
  This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.
  It baffles me that some large email providers like hotmail and AOL don't implement DKIM. The added CPU load is negligible on a modern machine. I'm not saying that DKIM is a cure-all, but it works much better than these silly, ad hoc measures like blocking all vanity domains. If someone with a yahoo account sends spam to someone's gmail account, the user can report it to yahoo, yahoo can verify the dkim signature so they know it really came from that account, and they can deactivate the account. If someone sends spam to a gmail account, and they claim to be a yahoo user but they aren't, google can detect that it isn't properly signed and trash the mail.
  
  --
  Find free books.
This is just plain wrong by sgent · 2011-02-21 12:27 · Score: 5, Informative

As long as you have a business associate agreement there is no problem outsourcing medical information. Hospitals and clinics routinely outsource everything up to and in including electronic medical record systems.