In my experience (10+ years of running my own mailserver) some problems have gone away. With SPF/DKIM/DMARC, getting blacklisted because of the IP address being at a hosting company is not happening the way it did, say 5-7 years ago.
@mnw I'll post some blog entries on my setup of postfix/dovecot with DKIM, DMARC, SPF, multi-domain, mail-crypt in the next few days. If you're used to some Linux and config stuff, it should work.
Mail has a *lot* of moving parts, and doing one tiny thing wrong might breach security and/or get you blacklisted forever. So it really pays off to piggyback off communities who automated all those best practices into a single script or setup.
Contrary to most other self hosted tools, mail is the pivot point of all your online security. So must be solid
@jwildeboer the M$ or Google-banhammer may strike later due to "unaware" users.
1) users autoforwarding their account on your server to their account at Outlook.com, Gmail etc,
2) then receiving spam (slipped through your rspamd, or even accidental newletter via you server'
3) Hitting "it's spam" on the Webmail at the operators above.
been in that trap a few times, needing to educate users or disable the option of automatic forwarding. (YMMV)
@adorfer Sure. That is a risk. But not in my case because the only users I have are me, myself and I. And family members who have been through my School of Internet since many years (AKA as my kids ;)
@jwildeboer Did you also send to @t-online.de or @magenta.de?
These are 'special' for me, in that they do not accept mails from me, they requested me to put a full impressum including phone number etc. onto my site, which I refused to do. So they did set up own rules for systems they accepted mails from.
@globalc No, in all my years I have never sent an e-mail to any t-online/magenta address. If they blacklist themselves that way, that's not my problem. But it seems that according to their current policy, https://postmaster.t-online.de/index.en.html#t4.1 they have relaxed their requirements a bit in the last few years.
I just rechecked, but as since some years I get
[..] status=deferred (host mx03.t-online.de[..] refused to talk to me: 554 IP=[..] - A problem occurred. (Ask your postmaster for help or to contact firstname.lastname@example.org to clarify.))
..and tosa@ then says that since whois no longer provides name/phone number, I need that on my website hosted on the same domain. Name is good style, but phone I refuse. Anyway, made my peace with it. Was just curious how widely others are affected. :)
@globalc Well, they refuse to use SPF and DKIM, have completely over the top "requirements" that remind of the dark ages of Bundespost - I don't consider them a member of the normal e-mail community. So I ignore them since many years and it has never been a problem for me and my mailserver :)
@jwildeboer Yes, when I discussed these 'own requirements' from t-online in various communities, pointing out it's their own spleen/house rules and not something agreed upon in wide community and then recorded in RFC's was one of the things we did.
@jwildeboer I think one of the worst thing at the moment is T-Online when it comes to self hosting mail. They blacklist all IPs per default and require you to have a full imprint with name and address on the webpage of your domain, even if you only host a private mail server...
@j_r Which s not a problem for me, as I run my blog jan.wildeboer.net on the same domain, with full Impressum as required by German law/EU regulations.
@jwildeboer okay that's convenient, but at jugendhacker.de I just run a small website and I don't see why I should doxx myself just for a shitty mail provider... rather my server now bounces mails coming from them with a nice message, that their provider is garbage and that the person who wants to write me should think about switching to somewhere else...
@jwildeboer Yeah, I had the same experience. It's just Telekom (or was it T-Online?) are making a hassle again, requiring a postal address and phone number permanently on the mail servers website or they deny incoming mail.
@blindcoder the fact that they ask you for an imprint is not really annoying in my option. Microsoft and its email policies are much more annoying and sometimes they won't accept your mail even if you have implemented all the modern anti spam techniques...
Microsoft and email is cancer - no matter where you look.
Mastodon instance for people with Wildeboer as their last name