> On 6. Aug 2017, at 19:45, Walter Alejandro Iglesias <w...@roquesor.com> wrote:
> Hi Niels,
>> On Sun, Aug 06, 2017 at 07:19:04PM +0200, Niels Kobschätzki wrote:
>>>> On 6. Aug 2017, at 18:40, Walter Alejandro Iglesias <w...@roquesor.com>
>>>> On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote:
>>>> Like Martijn pointed out, you're sending mail from a IP which is not
>>>> intended for mail-servers.
>>> This was my main question. What is an "IP intended for mail-servers"?
>> The question should be "what are IPs **not** intended for mail-servers?"
>> The ranges of ISPs for home-users and the dsl-, cable-, whatever-connection
>> are well-known and pretty much on all of the blacklists since the only thing
>> you can usually expect from them is spam from botnets. Legitimate mails are
>> rather rare from those ranges, thus they get blocked.
> I cannot tell what happens in pratice, I've never run a big mail server.
> But the reasons that come to my mind someone wants to run their own
> server (at home or at a small enterprise) are opposed to what you state.
> Why would you want to send spam from the fixed IP you're paying for (in
> my case 5 euros mouth)?
I run a mail server-setup with an upper five-digit number of accounts. So it is
not huge but quite some users and I have to deal with a lot of spam (incoming
and outgoing from phished accounts for example). The thing is that I do not
know which IPs an ISP dedicates for fixed IPs and which IPs are legitimately
sent from mail servers and have probably responsible admins behind them. But I
subscribe to blacklists that have for example the whole IP-range of Vodafone
home-user IPs. And as I have written before: the chance is really low that from
those ranges a legitimate mail is sent. It's more like 99% are sent via botnets
from enslaved computers from those ranges. Thus "we" prefer to overblock in
> The question is still unanswered. What determines those "ranges", who
> regulates that?
Blacklist-providers and Google and co have properly their own and the bigger
setups rely on them. If I wouldn't have a blacklist for those IP-ranges, I
would build such a list for myself because it cuts down spam a lot. Luckily
other people did that already.
>> To not get blocked by google and hotmail you need an IP from some
>> hosting-provider, university or something like this;
> Which is the procedure followed by those entities to get an IP in what
> you called the "authorized range"? Authorized by who?
Get an ASN and ask the IANA, RIPE to provide you an IP. Or you get your server
placed in a colocation who can you provide with an IP or rent a server or VPN
from a hoster.
>> and at least an SPF-, even better a DKIM-record.
> I had these at first and removed them after seeing they don't help.
Even if you have a "proper" IP you need an SPF-record for Google and hotmail.
Otherwise you will run into problems (I am speaking from experience).
>> And if you
>> ever send out mail, you maybe want a secondary IP for temporary
>> failover-cases if you land temporarily on a black list.
> I have just two personal addresses. I don't need that complication. :-)
Yeah, most smaller mail servers don't need that. I do unfortunately :(