[Cialug] Email server
Matthew Nuzum
newz at bearfruit.org
Fri May 12 18:51:03 UTC 2017
I realize I'm coming late to the game (half the messages to CIALUG go to a
"special place"). I just wanted to explicitly point out something that has
been kind of said in this thread.
One of the biggest challenges of running your own e-mail server is the
blocklists. These are services that most major e-mail providers use to
auto-block mail from untrustworthy sources. E-mail sent from IP addresses
in the blocklist never even get to the SPAM filters, they just get
auto-dropped or auto-rejected.
Sometimes (often?) entire IP address blocks and subnets are added to these
lists, and it is quite common for low-cost hosting providers to be in these
blocks. One customer will send a bunch of SPAM and for a day or week or
month an entire subnet will get blocked. If you are in the same subnet,
this means anyone using Hotmail, Yahoo, Gmail and etc will be unable to
send you messages or receive yours, and they/you may not even get a bounce
message indicating that the delivery failed.
For me, this was the last straw and I stopped running my own server. I
don't even run an outgoing server any more. Technically, I do, but it's
smart hosted to Send Grid or, rarely, gmail. This means if my website sends
an email (contact form, error log, etc) it gets queued into Postfix which
then forwards it to Sendgrid for delivery.
Like others here, I also use GSuite in addition to Send Grid and Mailchimp
for my various e-mail needs.
One last footnote: If you want to run a mail-server in house, you can. One
of the oldest methods of mail delivery was to have a "sometimes-online"
host periodically connect to a remote mail-queue to fetch and send e-mail.
Keeping the above in mind, it is not an issue to have a cheap VPS be your
queue and then have your internal host connect to it to fetch e-mail and
use the VPS as a smart-host. You could even VPN into your VPS (grin) so
that you have an "almost-always-online" type connection. You still need to
worry about reverse DNS on your VPS, but it does give you the comfort of
having very limited processes running on that host, making it a smaller
attack target.
On Mon, May 1, 2017 at 3:26 PM David Champion <dchamp1337 at gmail.com> wrote:
> Technically not always your ISP, although that is usually the case. You can
> tell for sure by doing a "whois 8.8.8.8" (substitute your IP) and find out
> who owns the netblock range that you fall into.
>
> You can use "dig -x 8.8.8.8" to see what the current PTR is.
>
> mxtoolbox has a bunch of nifty tools available for doing various dns
> queries. This Arin lookup is nice:
>
> https://mxtoolbox.com/arin.aspx
>
> -dc
>
>
> On Mon, May 1, 2017 at 2:26 PM, Nicolai <nicolai-cialug at chocolatine.org>
> wrote:
>
> > On Mon, May 01, 2017 at 12:53:59PM -0500, khamil8686 at gmail.com wrote:
> >
> > > One thing I wondered, if I set up an authoritative nameserver on port
> 53
> > > using my domain name, point dns towards there, and put reverse lookup
> > > for my home mail server, would emails be rejected?
> >
> > > Purely an academic example that I was curious about.
> >
> > Well, your authoritative nameserver wouldn't be responsible for
> > answering reverse DNS queries for your IP address; that's your ISP's
> > job. In other words, nobody would ask your NS for the PTR record of
> > e.g. 53.2.0.192.in-addr.arpa. All those queries would go to your ISP's
> > nameservers.
> >
> > dig +short ns cialug.org.
> > dig +short cialug.org. # currently 67.224.64.36
> > dig +short ns 64.224.67.in-addr.arpa.
> >
> > Nobody asks the cialug.org nameservers questions about 67.224.64.36.
> >
> > To get a specific PTR record for your IP address, you'd have to ask
> > your VPS/colo provider.
> >
> > Nicolai
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list