On 8/17/20 6:10 AM, Wols Lists wrote:
Yup. If you've got mail DNS records pointing at your home server,
incoming mail shouldn't be a problem and your vps admin can't snoop
:-)
True.
But the ISP can still sniff the traffic and you can be subject to DPI.
Can't you tell your server to forward all outgoing mail to your
ISP's SMTP server? That way, you don't have to worry about all the
spam issues, and it *should* just pass through.
That can start to run afoul of some SPF configurations. Or you must
allow your ISP's SMTP server to send email as you. Which means that
other ISP users can also send email as you. You are also beholden to
the ISP's SMTP infrastructure not changing, lest a change on their end
breaking your SPF configuration. I would probably recommend an ESP's
SMTP service over your ISP's SMTP service as the ESP will have more
experience with this because it's part of their business model.
"Should" is the operative word.
There is also the fact that your outbound email will now potentially, if
not likely, sit in the ISP's SMTP server queue, thus re-introducing an
opportunity for it to be scrutinized.
The main worry for snooping is inbound mail waiting for collection -
outbound requires a dedicated eavesdropping solution and if they're
going to do that they can always snoop ANY outgoing SMTP.
It depends what you mean by "dedicated eavesdropping solution". General
network sniffing and / or DPI does not fall under many definitions of
dedicated.
Carte blanch redirecting / intercepting SMTP traffic through one of
their hosts is also possible.
Your local / residential ISP can't do anything if you tunnel your
outbound SMTP through an encrypted connection to a VPS. But that
re-introduces other complications of VPSs.
--
Grant. . . .
unix || die
