> On 6. Aug 2017, at 19:45, Walter Alejandro Iglesias <w...@roquesor.com> wrote: > > Hi Niels, > >> On Sun, Aug 06, 2017 at 07:19:04PM +0200, Niels Kobschätzki wrote: >> >>>> On 6. Aug 2017, at 18:40, Walter Alejandro Iglesias <w...@roquesor.com> >>>> wrote: >>>> >>>> On Sun, Aug 06, 2017 at 06:02:25PM +0200, Jesper Wallin wrote: >>>> Like Martijn pointed out, you're sending mail from a IP which is not >>>> intended for mail-servers. >>> >>> This was my main question. What is an "IP intended for mail-servers"? >> >> The question should be "what are IPs **not** intended for mail-servers?" >> >> The ranges of ISPs for home-users and the dsl-, cable-, whatever-connection >> are well-known and pretty much on all of the blacklists since the only thing >> you can usually expect from them is spam from botnets. Legitimate mails are >> rather rare from those ranges, thus they get blocked. > > I cannot tell what happens in pratice, I've never run a big mail server. > But the reasons that come to my mind someone wants to run their own > server (at home or at a small enterprise) are opposed to what you state. > Why would you want to send spam from the fixed IP you're paying for (in > my case 5 euros mouth)?
I run a mail server-setup with an upper five-digit number of accounts. So it is not huge but quite some users and I have to deal with a lot of spam (incoming and outgoing from phished accounts for example). The thing is that I do not know which IPs an ISP dedicates for fixed IPs and which IPs are legitimately sent from mail servers and have probably responsible admins behind them. But I subscribe to blacklists that have for example the whole IP-range of Vodafone home-user IPs. And as I have written before: the chance is really low that from those ranges a legitimate mail is sent. It's more like 99% are sent via botnets from enslaved computers from those ranges. Thus "we" prefer to overblock in that case. > The question is still unanswered. What determines those "ranges", who > regulates that? Blacklist-providers and Google and co have properly their own and the bigger setups rely on them. If I wouldn't have a blacklist for those IP-ranges, I would build such a list for myself because it cuts down spam a lot. Luckily other people did that already. >> To not get blocked by google and hotmail you need an IP from some >> hosting-provider, university or something like this; > > Which is the procedure followed by those entities to get an IP in what > you called the "authorized range"? Authorized by who? Get an ASN and ask the IANA, RIPE to provide you an IP. Or you get your server placed in a colocation who can you provide with an IP or rent a server or VPN from a hoster. <snip> >> and at least an SPF-, even better a DKIM-record. > > I had these at first and removed them after seeing they don't help. Even if you have a "proper" IP you need an SPF-record for Google and hotmail. Otherwise you will run into problems (I am speaking from experience). >> And if you >> ever send out mail, you maybe want a secondary IP for temporary >> failover-cases if you land temporarily on a black list. > > I have just two personal addresses. I don't need that complication. :-) Yeah, most smaller mail servers don't need that. I do unfortunately :( Niels