Re: Virtual server host with reasonable mail policies?
On Fri, 2022-12-30 at 17:14 -0500, Benjamin Scott wrote: > > There's also something to be said for paying to make it somebody > else's problem. I don't think that's the right solution for me, due > to reasons including budget, as well as a desire to keep things "in- > house" so I know what's going on. Part of the reason I do this is so > I know how. https://www.linuxbabe.com/mail-server/postfix-smtp-relay-ubuntu-sendinblue "There are several email service providers (ESP) that can act as relay host. Some charge a little fee, some offer free quotas every month. In this article, I’d like to show you how to use Sendinblue, which is an email service provider that allows you to send 300 emails per day for free." The rest of the piece covers setting up the relay service. I did not get the authorization working with sendinblue (an old 18.04 Ubuntu server on digital ocean). I wound up relaying through my home Internet connection which is far from ideal, but my email volume is tiny. Also setting up SPF, DKIM and dmarc seemed to make a difference in the reliability of the email delivery. The dmarc reports also showed evidence of spoofed emails using my venix.com domain. I think those spoofed emails are now reliably reported as spam. I'm not sure if sendinblue is a reasonable solution for you. -- Lloyd Kvam 5 Foliage View Lebanon, NH 03766 802-448-0836 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
On 2022-12-30 16:37, Benjamin Scott wrote: > FWIW, my DO VM can initiate TCP to 25 outbound on both IPv4 and IPv6. > It is likely grandfathered, however. They have a somewhat > vaguely-defined blocking policy: > > https://docs.digitalocean.com/support/why-is-smtp-blocked/ O... nice to know. Last time I'd checked -- when IPv6 suddenly was blocking my outbound -- it was an intentional block, with no intention to remove it. I guess times have changed. (The rationale was that, apparently, RBLs were blocking entire v6 subnets, so rather than maybe not be able to send email, they'd save everyone the unpleasantness of uncertainty, and simply block it entirely.) > FYI, this was fixed in Postfix at some point. I don't recall when. Good deal. > There seems to be an increasing trend of DO having their > ASNs/netblocks ending up on blacklists. Allegedly (according to the > blacklists) this is because DO doesn't police their customers closely > enough and/or respond to abuse reports in a good fashion. Huh. I did have to bounce the first IP I got some six(?) years ago, but been smooth sailing since. However, it's good to know it's not a DO priority. I'll keep my eyes open for bounced/bitbucketed e-mails. Indeed, right now, I'm waiting on a reply to an e-mail I sent to a guy who's usually really quick with replies. But it's also a holiday, basically, so I'm not getting exercise jumping to conclusions. > They also have an official position of very strongly discouraging > running email within their systems: Boo! Hiss! -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
On 2022-12-30 17:04, Ted Roche wrote: > MS escalation and delisting is useless. I've had to hop IP addresses a > couple of times (which Linode support is awesome about!) but it's a > hassle. At this point, I don't want to abandon Linode after 15 years > of sterling service, but I may have to route outgoing email through > yet another (paid) service to get the mail delivered. I had this same problem with DO. I actually have not one, but _two_ VMs "out there," DO for $5/mo., and this other one -- I honestly don't even remember the vendor, but I can look if anyone's interested -- for something like 20 Euros a quarter or something. It's a relatively unknown vendor, I think, but the box is in Canada, so my latency isn't horrible, and it's got a big disk, so I can store stuffs there (e.g., my ~35 year-old mailbox is beginning to approach even the generous 25 GB on DO). It does my primary job -- secondary DNS -- just fine, as well as a few other things, but ALSO, by dint of, presumably, being relatively unknown, is where I've had Postfix route my MS-bound e-mail. It Just Works(tm). Assuming static IPs, I'd happily relay for either/both of you, if you're interested. And, yeah -- there are exactly zero guarantees that MS won't start rejecting e-mail from that host tomorrow, but so far, it's been ~5 years, and working fine. [Sidebar: I _think_ it's working fine. It's been a while since I've had need to mail an MS/outlook.com/hotmail.com/etc. address.] -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
At 2022 Dec 30 Fri 05:04 PM -0500, Ted Roche wrote: >I've been adminning a couple of boxes on Linode for years ... Thanks for the detail, that's good info. >Love 'em for ops and support, but email might not be the right platform. The problems you describe are somewhat endemic to running any mail system, and far more common on the VM hosts (since they, by design, make it so easy to build new VMs and tear them down). I'm willing to do the work if a provider is OK with the concept in the first place. There's also something to be said for paying to make it somebody else's problem. I don't think that's the right solution for me, due to reasons including budget, as well as a desire to keep things "in-house" so I know what's going on. Part of the reason I do this is so I know how. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
I've been adminning a couple of boxes on Linode for years, and while I'm generally not skilled enough to run my own mail server, some of the client apps need send-only capability (SMTP out, not POP/IMAP in). Linode has been great for that, but some of the receiving ISPs (*cough**cough* Microsoft and Hotmail *cough*) have taken to blocking entire IP ranges on Linode because of a few bad spammers. MS escalation and delisting is useless. I've had to hop IP addresses a couple of times (which Linode support is awesome about!) but it's a hassle. At this point, I don't want to abandon Linode after 15 years of sterling service, but I may have to route outgoing email through yet another (paid) service to get the mail delivered. As for hardware and support, nearly all downtime in the past 15 years has been pre-planned and notified maintenance weeks in advance. (Once, a machine failed imminently and I was migrated and up and running on a new box very quickly.) Tickets submitted have been answered promptly. Love 'em for ops and support, but email might not be the right platform. On Fri, Dec 30, 2022 at 2:33 PM Benjamin Scott wrote: > > Hi everybody! > > Can anyone recommend a VPS/VM host that understands people might want to use > email? (VPS=Virtual Private Server, VM=Virtual Machine) > > I (and GNHLUG) have been with Digital Ocean for several years now, and > they've generally been good, but their attitude towards email has devolved to > "Go away" and that doesn't meet my/our needs. > > I'm not looking for someone to hold me hand or run a relay for me. As long > as they (1) allow use of mail service ports, (2) don't tell me I don't want > to run email, and (3) respond to abuse reports against their other customers, > I'm good. > > Linode, for example, blocks mail ports by default, but provides a > reasonable-sounding procedure to get them unblocked, and claims to care about > mail abuse. But that's one provider of many; I'd like to hear if others have > experience. > > I/we need to be able to: > - Receive email directly (run an SMTP listener on TCP port 25) > - Send email directly (initiate outbound connections to TCP port 25) > - Run a web server (HTTP/SSL listener on TCP ports 80 and 443) > - Run an SSH listener on a non-standard port (remote access) > - Run a DNS server on UDP and TCP port 53 (authoritative name server) > - Install and run arbitrary Linux software > - Fairly low volume for all traffic (mail, DNS, web, IP) > - Fairly low CPU, disk, and RAM usage > - Hand-holding software like "CPanel" is actively unwanted > > All I/we want the provider to do is: > - Provide some kind of UI for low-level VM maintenance >- Installation of operating system (canned images are fine) >- Recovery of OS when SSH can't be used > - Make sure the VM doesn't go down due to power or hardware fault > - Make sure IP traffic keeps flowing > - Respond to abuse reports to keep reputation at least somewhat OK > > -- Ben > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
At 2022 Dec 30 Fri 03:06 PM -0500, Ken D'Ambrosio wrote:
>> - Send email directly (initiate outbound connections to TCP port 25)
>
> NOT IPv6 -- which is annoying AF.
FWIW, my DO VM can initiate TCP to 25 outbound on both IPv4 and IPv6. It is
likely grandfathered, however. They have a somewhat vaguely-defined blocking
policy:
https://docs.digitalocean.com/support/why-is-smtp-blocked/
> if you have both enabled, and are using (at least) Postfix, IPv6 apparently
> gets the ball, first, and will block _all_ outbound e-mail until disabled.
FYI, this was fixed in Postfix at some point. I don't recall when.
>> - Hand-holding software like "CPanel" is actively unwanted
>
> Not there (I don't think) unless you want it.
FWIW: AFAIK, the traditional DO VM just has whatever the distribution provides,
so unless you "{dnf,apt} install cpanel", you won't get it. More recently
they've apparently bought/merged/partnered with an entity called "Cloudways",
which I gather from the banner ad is more like a managed do-it-for-you host,
which likely has such things.
>> - Make sure IP traffic keeps flowing
>
>?? Not sure what you're looking for, here.
The network shouldn't go down a lot.
>> - Respond to abuse reports to keep reputation at least somewhat OK
>
> I generally go and do my own reputation maintenance by talking to RBLs
> directly. Are there providers that do that for you??
That's not what I mean.
There seems to be an increasing trend of DO having their ASNs/netblocks ending
up on blacklists. Allegedly (according to the blacklists) this is because DO
doesn't police their customers closely enough and/or respond to abuse reports
in a good fashion.
They also have an official position of very strongly discouraging running email
within their systems:
https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server
There are also unofficial sources that corroborate my interpretation, e.g. from
someone's support ticket:
>>> DigitalOcean is not a dedicated email host and does not have a postmaster
>>> to maintain our IP reputation. As a result, some DigitalOcean IP ranges are
>>> blacklisted. We do not recommend sending mail from our platform directly
>>> and we will not request delisting.
https://www.digitalocean.com/community/questions/how-to-removed-my-ip-as-blacklisted-in-uceprotectl3-spam?comment=145886
Now, reputation/blacklist systems are unreliable at best, and something of a
racket at worst, but given that DO's official policy is "you shouldn't do this
in the first place, and we'll block you if you try", I don't see any point in
trying to defend them on this aspect. They clearly don't want it.
If one isn't trying to run a mail system, it's a non-issue, and DO would be
fine. But since I *am* trying to run a mail system, the fact that they have
been very good otherwise doesn't really matter.
-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
On 2022-12-30 14:33, Benjamin Scott wrote: > Hi everybody! Hi back! I have a DO node, ad... well, it does most all that you mentioned. I'll respond to particulars in-line. > - Receive email directly (run an SMTP listener on TCP port 25) Yes. > - Send email directly (initiate outbound connections to TCP port 25) NOT IPv6 -- which is annoying AF. But IPv4 works fine. NOTE: if you have both enabled, and are using (at least) Postfix, IPv6 apparently gets the ball, first, and will block _all_ outbound e-mail until disabled. See again: annoying AF. > - Run a web server (HTTP/SSL listener on TCP ports 80 and 443) Yes. > - Run an SSH listener on a non-standard port (remote access) Yes. > - Run a DNS server on UDP and TCP port 53 (authoritative name server) Yes. > - Install and run arbitrary Linux software Yes. > - Fairly low CPU, disk, and RAM usage They've "recently" -- the past few years -- bumped their $5/mo. VM to 1 GB. 25 GB of disk, and one vCPU. Note that it's been a while since I set up my current VM, so these may have changed. > - Hand-holding software like "CPanel" is actively unwanted Not there (I don't think) unless you want it. > All I/we want the provider to do is: > - Provide some kind of UI for low-level VM maintenance Yes. >- Installation of operating system (canned images are fine) Yes. >- Recovery of OS when SSH can't be used Yes. > - Make sure the VM doesn't go down due to power or hardware fault Haven't _had_ it go down, ever, except I think twice: once for a proactive remediation against one of the nastier attacks, and once for proactive migration because some storage was failing. > - Make sure IP traffic keeps flowing ?? Not sure what you're looking for, here. > - Respond to abuse reports to keep reputation at least somewhat OK I generally go and do my own reputation maintenance by talking to RBLs directly. Are there providers that do that for you?? -Ken ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Virtual server host with reasonable mail policies?
I started running my own e-mail servers in the days when there was no other way to have e-mail. I used to consult for ISP and co-location companies who let me install my own hardware in their racks, but I transitioned out of that in 2009. For over a decade, I've done all of this with BuyVM — https://buyvm.net/kvm-dedicated-server-slices/ — on a dedicated KVM slice running Debian. I pay $10 per month, but that's a grandfathered plan; they have current shared-CPU plans starting at $2 per month and dedicated-CPU plans starting at $15 per month. I've been very happy with ServaRICA — https://servarica.com/all-offers/ — and have their "Horse" plan (3TB storage for $10 per month), but have not run a mail server there although I'm fairly sure they allow it. Many independent vendors offer excellent deals on Low End Box — https://lowendbox.com/ — and most would allow e-mail. If your budget is in the $100-200 per month range, we've had superb corporate service from In Motion Hosting — https://www.inmotionhosting.com/dedicated-servers — but that involves serious mission-critical commitments to a public-facing WordPress host, as well as e-mail, and live 24x7 support. -- Mike On 12/30/22 14:33, Benjamin Scott wrote: > Hi everybody! > > Can anyone recommend a VPS/VM host that understands people might want to use > email? (VPS=Virtual Private Server, VM=Virtual Machine) > > I (and GNHLUG) have been with Digital Ocean for several years now, and > they've generally been good, but their attitude towards email has devolved to > "Go away" and that doesn't meet my/our needs. > > I'm not looking for someone to hold me hand or run a relay for me. As long > as they (1) allow use of mail service ports, (2) don't tell me I don't want > to run email, and (3) respond to abuse reports against their other customers, > I'm good. > > Linode, for example, blocks mail ports by default, but provides a > reasonable-sounding procedure to get them unblocked, and claims to care about > mail abuse. But that's one provider of many; I'd like to hear if others have > experience. > > I/we need to be able to: > - Receive email directly (run an SMTP listener on TCP port 25) > - Send email directly (initiate outbound connections to TCP port 25) > - Run a web server (HTTP/SSL listener on TCP ports 80 and 443) > - Run an SSH listener on a non-standard port (remote access) > - Run a DNS server on UDP and TCP port 53 (authoritative name server) > - Install and run arbitrary Linux software > - Fairly low volume for all traffic (mail, DNS, web, IP) > - Fairly low CPU, disk, and RAM usage > - Hand-holding software like "CPanel" is actively unwanted > > All I/we want the provider to do is: > - Provide some kind of UI for low-level VM maintenance > - Installation of operating system (canned images are fine) > - Recovery of OS when SSH can't be used > - Make sure the VM doesn't go down due to power or hardware fault > - Make sure IP traffic keeps flowing > - Respond to abuse reports to keep reputation at least somewhat OK > > -- Ben > ___ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Virtual server host with reasonable mail policies?
Hi everybody! Can anyone recommend a VPS/VM host that understands people might want to use email? (VPS=Virtual Private Server, VM=Virtual Machine) I (and GNHLUG) have been with Digital Ocean for several years now, and they've generally been good, but their attitude towards email has devolved to "Go away" and that doesn't meet my/our needs. I'm not looking for someone to hold me hand or run a relay for me. As long as they (1) allow use of mail service ports, (2) don't tell me I don't want to run email, and (3) respond to abuse reports against their other customers, I'm good. Linode, for example, blocks mail ports by default, but provides a reasonable-sounding procedure to get them unblocked, and claims to care about mail abuse. But that's one provider of many; I'd like to hear if others have experience. I/we need to be able to: - Receive email directly (run an SMTP listener on TCP port 25) - Send email directly (initiate outbound connections to TCP port 25) - Run a web server (HTTP/SSL listener on TCP ports 80 and 443) - Run an SSH listener on a non-standard port (remote access) - Run a DNS server on UDP and TCP port 53 (authoritative name server) - Install and run arbitrary Linux software - Fairly low volume for all traffic (mail, DNS, web, IP) - Fairly low CPU, disk, and RAM usage - Hand-holding software like "CPanel" is actively unwanted All I/we want the provider to do is: - Provide some kind of UI for low-level VM maintenance - Installation of operating system (canned images are fine) - Recovery of OS when SSH can't be used - Make sure the VM doesn't go down due to power or hardware fault - Make sure IP traffic keeps flowing - Respond to abuse reports to keep reputation at least somewhat OK -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
