At 2022 Dec 30 Fri 03:06 PM -0500, Ken D'Ambrosio <k...@jots.org> wrote: >> - Send email directly (initiate outbound connections to TCP port 25) > > NOT IPv6 -- which is annoying AF.
FWIW, my DO VM can initiate TCP to 25 outbound on both IPv4 and IPv6. It is likely grandfathered, however. They have a somewhat vaguely-defined blocking policy: https://docs.digitalocean.com/support/why-is-smtp-blocked/ > if you have both enabled, and are using (at least) Postfix, IPv6 apparently > gets the ball, first, and will block _all_ outbound e-mail until disabled. FYI, this was fixed in Postfix at some point. I don't recall when. >> - Hand-holding software like "CPanel" is actively unwanted > > Not there (I don't think) unless you want it. FWIW: AFAIK, the traditional DO VM just has whatever the distribution provides, so unless you "{dnf,apt} install cpanel", you won't get it. More recently they've apparently bought/merged/partnered with an entity called "Cloudways", which I gather from the banner ad is more like a managed do-it-for-you host, which likely has such things. >> - Make sure IP traffic keeps flowing > >?? Not sure what you're looking for, here. The network shouldn't go down a lot. >> - Respond to abuse reports to keep reputation at least somewhat OK > > I generally go and do my own reputation maintenance by talking to RBLs > directly. Are there providers that do that for you?? That's not what I mean. There seems to be an increasing trend of DO having their ASNs/netblocks ending up on blacklists. Allegedly (according to the blacklists) this is because DO doesn't police their customers closely enough and/or respond to abuse reports in a good fashion. They also have an official position of very strongly discouraging running email within their systems: https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server There are also unofficial sources that corroborate my interpretation, e.g. from someone's support ticket: >>> DigitalOcean is not a dedicated email host and does not have a postmaster >>> to maintain our IP reputation. As a result, some DigitalOcean IP ranges are >>> blacklisted. We do not recommend sending mail from our platform directly >>> and we will not request delisting. https://www.digitalocean.com/community/questions/how-to-removed-my-ip-as-blacklisted-in-uceprotectl3-spam?comment=145886 Now, reputation/blacklist systems are unreliable at best, and something of a racket at worst, but given that DO's official policy is "you shouldn't do this in the first place, and we'll block you if you try", I don't see any point in trying to defend them on this aspect. They clearly don't want it. If one isn't trying to run a mail system, it's a non-issue, and DO would be fine. But since I *am* trying to run a mail system, the fact that they have been very good otherwise doesn't really matter. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
