[Cialug] Email server

David Champion dchamp1337 at gmail.com
Fri May 12 19:15:34 UTC 2017


I know that some ISPs have IP blocks that ARIN still considered to be
dynamic, even though the ISP assigned them statically. So, people using
addresses in that range may have trouble running a email server.

-dc


On Fri, May 12, 2017 at 2:10 PM, Matthew Nuzum <newz at bearfruit.org> wrote:

> What he means is that the blocks they assign your IP address from can be
> tagged as dial up, dynamic, etc. So your static IP address probably won't
> be tagged as dynamic, but it never hurts to be certain.
>
> On Fri, May 12, 2017 at 2:08 PM <khamil8686 at gmail.com> wrote:
>
>> I won’t be, I’ll have a static IP with a business account. Can it be
>> dynamic even if they said it would be static?
>>
>> From: David Champion
>> Sent: Friday, May 12, 2017 2:05 PM
>> To: Central Iowa Linux Users Group
>> Subject: Re: [Cialug] Email server
>>
>> Yes, you should also verify (with the tools mentioned above) that you're
>> not in a "dynamic" or "dial-up" network block.
>>
>> -dc
>>
>>
>> On Fri, May 12, 2017 at 1:58 PM, Matthew Nuzum <newz at bearfruit.org>
>> wrote:
>>
>> > Then you should be well situated. The nice thing about having a business
>> > account is that you get an SLA and Mediacom will watch the blocklists
>> for
>> > you. Also, malicious spammers aren't going to sign up for it, so only
>> > accidental spammers will be problematic, and Mediacom will handle that
>> too.
>> >
>> > On Fri, May 12, 2017 at 1:55 PM <khamil8686 at gmail.com> wrote:
>> >
>> > > Good point, thanks! I found I could upgrade to a business account for
>> the
>> > > same price that I could rent a VPS (+$20) so figured I’d give it a
>> shot
>> > to
>> > > try my own. I will try and see if I run into the same stuff. Time will
>> > > tell, I plan to set It all up this weekend 😊 We will see if I make
>> it a
>> > > week or not, lol. The spammers sound pretty hardcore!
>> > >
>> > >
>> > >
>> > > *From: *Matthew Nuzum <newz at bearfruit.org>
>> > > *Sent: *Friday, May 12, 2017 1:52 PM
>> > >
>> > >
>> > > *To: *Central Iowa Linux Users Group <cialug at cialug.org>
>> > > *Subject: *Re: [Cialug] Email server
>> > >
>> > >
>> > >
>> > > I realize I'm coming late to the game (half the messages to CIALUG go
>> to
>> > a
>> > >
>> > > "special place"). I just wanted to explicitly point out something that
>> > has
>> > >
>> > > been kind of said in this thread.
>> > >
>> > >
>> > >
>> > > One of the biggest challenges of running your own e-mail server is the
>> > >
>> > > blocklists. These are services that most major e-mail providers use to
>> > >
>> > > auto-block mail from untrustworthy sources. E-mail sent from IP
>> addresses
>> > >
>> > > in the blocklist never even get to the SPAM filters, they just get
>> > >
>> > > auto-dropped or auto-rejected.
>> > >
>> > >
>> > >
>> > > Sometimes (often?) entire IP address blocks and subnets are added to
>> > these
>> > >
>> > > lists, and it is quite common for low-cost hosting providers to be in
>> > these
>> > >
>> > > blocks. One customer will send a bunch of SPAM and for a day or week
>> or
>> > >
>> > > month an entire subnet will get blocked. If you are in the same
>> subnet,
>> > >
>> > > this means anyone using Hotmail, Yahoo, Gmail and etc will be unable
>> to
>> > >
>> > > send you messages or receive yours, and they/you may not even get a
>> > bounce
>> > >
>> > > message indicating that the delivery failed.
>> > >
>> > >
>> > >
>> > > For me, this was the last straw and I stopped running my own server. I
>> > >
>> > > don't even run an outgoing server any more. Technically, I do, but
>> it's
>> > >
>> > > smart hosted to Send Grid or, rarely, gmail. This means if my website
>> > sends
>> > >
>> > > an email (contact form, error log, etc) it gets queued into Postfix
>> which
>> > >
>> > > then forwards it to Sendgrid for delivery.
>> > >
>> > >
>> > >
>> > > Like others here, I also use GSuite in addition to Send Grid and
>> > Mailchimp
>> > >
>> > > for my various e-mail needs.
>> > >
>> > >
>> > >
>> > > One last footnote: If you want to run a mail-server in house, you can.
>> > One
>> > >
>> > > of the oldest methods of mail delivery was to have a
>> "sometimes-online"
>> > >
>> > > host periodically connect to a remote mail-queue to fetch and send
>> > e-mail.
>> > >
>> > > Keeping the above in mind, it is not an issue to have a cheap VPS be
>> your
>> > >
>> > > queue and then have your internal host connect to it to fetch e-mail
>> and
>> > >
>> > > use the VPS as a smart-host. You could even VPN into your VPS (grin)
>> so
>> > >
>> > > that you have an "almost-always-online" type connection. You still
>> need
>> > to
>> > >
>> > > worry about reverse DNS on your VPS, but it does give you the comfort
>> of
>> > >
>> > > having very limited processes running on that host, making it a
>> smaller
>> > >
>> > > attack target.
>> > >
>> > >
>> > >
>> > > On Mon, May 1, 2017 at 3:26 PM David Champion <dchamp1337 at gmail.com>
>> > > wrote:
>> > >
>> > >
>> > >
>> > > > Technically not always your ISP, although that is usually the case.
>> You
>> > > can
>> > >
>> > > > tell for sure by doing a "whois 8.8.8.8" (substitute your IP) and
>> find
>> > > out
>> > >
>> > > > who owns the netblock range that you fall into.
>> > >
>> > > >
>> > >
>> > > > You can use "dig -x 8.8.8.8" to see what the current PTR is.
>> > >
>> > > >
>> > >
>> > > > mxtoolbox has a bunch of nifty tools available for doing various dns
>> > >
>> > > > queries. This Arin lookup is nice:
>> > >
>> > > >
>> > >
>> > > > https://mxtoolbox.com/arin.aspx
>> > >
>> > > >
>> > >
>> > > > -dc
>> > >
>> > > >
>> > >
>> > > >
>> > >
>> > > > On Mon, May 1, 2017 at 2:26 PM, Nicolai <nicolai-cialug at chocolatine.
>> > org>
>> > >
>> > > > wrote:
>> > >
>> > > >
>> > >
>> > > > > On Mon, May 01, 2017 at 12:53:59PM -0500, khamil8686 at gmail.com
>> > wrote:
>> > >
>> > > > >
>> > >
>> > > > > > One thing I wondered, if I set up an authoritative nameserver on
>> > port
>> > >
>> > > > 53
>> > >
>> > > > > > using my domain name, point dns towards there, and put reverse
>> > lookup
>> > >
>> > > > > > for my home mail server, would emails be rejected?
>> > >
>> > > > >
>> > >
>> > > > > > Purely an academic example that I was curious about.
>> > >
>> > > > >
>> > >
>> > > > > Well, your authoritative nameserver wouldn't be responsible for
>> > >
>> > > > > answering reverse DNS queries for your IP address; that's your
>> ISP's
>> > >
>> > > > > job.  In other words, nobody would ask your NS for the PTR record
>> of
>> > >
>> > > > > e.g. 53.2.0.192.in-addr.arpa.  All those queries would go to your
>> > ISP's
>> > >
>> > > > > nameservers.
>> > >
>> > > > >
>> > >
>> > > > > dig +short ns cialug.org.
>> > >
>> > > > > dig +short cialug.org. # currently 67.224.64.36
>> > >
>> > > > > dig +short ns 64.224.67.in-addr.arpa.
>> > >
>> > > > >
>> > >
>> > > > > Nobody asks the cialug.org nameservers questions about
>> 67.224.64.36.
>> > >
>> > > > >
>> > >
>> > > > > To get a specific PTR record for your IP address, you'd have to
>> ask
>> > >
>> > > > > your VPS/colo provider.
>> > >
>> > > > >
>> > >
>> > > > > Nicolai
>> > >
>> > > > > _______________________________________________
>> > >
>> > > > > Cialug mailing list
>> > >
>> > > > > Cialug at cialug.org
>> > >
>> > > > > http://cialug.org/mailman/listinfo/cialug
>> > >
>> > > > >
>> > >
>> > > > _______________________________________________
>> > >
>> > > > Cialug mailing list
>> > >
>> > > > Cialug at cialug.org
>> > >
>> > > > http://cialug.org/mailman/listinfo/cialug
>> > >
>> > > >
>> > >
>> > > _______________________________________________
>> > >
>> > > Cialug mailing list
>> > >
>> > > Cialug at cialug.org
>> > >
>> > > http://cialug.org/mailman/listinfo/cialug
>> > >
>> > >
>> > >
>> > _______________________________________________
>> > Cialug mailing list
>> > Cialug at cialug.org
>> > http://cialug.org/mailman/listinfo/cialug
>> >
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>


More information about the Cialug mailing list