In my experience (10+ years of running my own mailserver) some problems have gone away. With SPF/DKIM/DMARC, getting blacklisted because of the IP address being at a hosting company is not happening the way it did, say 5-7 years ago.

Follow

I just moved my mail server from hosteurope to OVH. And I was ready to find myself blacklisted. But, now, weeks later, zero problem. Mails flow from and to gmail, microsoft etc. I get DMARC reports and no blacklisting at all thus far. Fingers crossed :)

My mail server runs all mails for 20+ domains. Not a lot of traffic, though. And no mailing lists newsletters. Really just mostly my private e-mail. I also don't get a lot of SPAM, surprisingly, even though I have no spam filter set up ATM.

@jwildeboer this is great to hear. I want to do this sometime this year

@mnw I'll post some blog entries on my setup of postfix/dovecot with DKIM, DMARC, SPF, multi-domain, mail-crypt in the next few days. If you're used to some Linux and config stuff, it should work.

@jwildeboer @mnw GMX/web.de tend to be the most unreasonably aggressive at blacklisting. Try them.

@jwildeboer @mnw They're the only ones regularity refusing email from me. But I worked at those spam factories, so I'm not really seeing much of a downside.

@jens @mnw Proof: I just sent an e-mail to my mum at web.de. From my mail-server at OVH. Convinced? ;)

@jwildeboer @jens very cool. Yes please on a write up on how you did it :-)

@jens @mnw Not even grey listing. Went through immediately, no questions asked.

@jens @mnw And because I know my mum, she immediately replied. Which also made it back to my mailserver without any problem.

@jens @mnw And thanks to the dovecot mail-crypt plugin, that mail is stored encrypted on my mailserver, so even if you get a dump of my machine, no dice in reading my mails ;)

@jwildeboer @mnw you might want to review mailinabox.email/ and mailcow.email/ for that too.

Mail has a *lot* of moving parts, and doing one tiny thing wrong might breach security and/or get you blacklisted forever. So it really pays off to piggyback off communities who automated all those best practices into a single script or setup.

Contrary to most other self hosted tools, mail is the pivot point of all your online security. So must be solid

@berkes @mnw Ive been doing Linux since 1993 and am lucky to have all those years of experience and knowledge so I can do this myself. And I will blog about all details. But for those who don't have that, your proposals are helpful too.

@jwildeboer @mnw I've been running my Linux servers since '95. Back then SUSE, though, sorry😋

But mailservers are hard, and eve moving. Today there is SPF, tomorrow DKIM, then DNSSEC. Hard to keep up with this year's best practice. So for mail I've moved to mailinabox, exactly because of that.

@mnw @berkes it took me 2 days to get DNS, SPF, DKIM, DMARC, mail-crypt, letsencrypt for my mailserver working. I‘ll blog all details. It’s not that complicated, when you know the basics of a linux box.

@jwildeboer the M$ or Google-banhammer may strike later due to "unaware" users.

example:
1) users autoforwarding their account on your server to their account at Outlook.com, Gmail etc,
2) then receiving spam (slipped through your rspamd, or even accidental newletter via you server'
3) Hitting "it's spam" on the Webmail at the operators above.

been in that trap a few times, needing to educate users or disable the option of automatic forwarding. (YMMV)

@adorfer Sure. That is a risk. But not in my case because the only users I have are me, myself and I. And family members who have been through my School of Internet since many years (AKA as my kids ;)

@jwildeboer Did you also send to @t-online.de or @magenta.de?
These are 'special' for me, in that they do not accept mails from me, they requested me to put a full impressum including phone number etc. onto my site, which I refused to do. So they did set up own rules for systems they accepted mails from.

@globalc No, in all my years I have never sent an e-mail to any t-online/magenta address. If they blacklist themselves that way, that's not my problem. But it seems that according to their current policy, postmaster.t-online.de/index.e they have relaxed their requirements a bit in the last few years.

@jwildeboer
I just rechecked, but as since some years I get
[..] status=deferred (host mx03.t-online.de[..] refused to talk to me: 554 IP=[..] - A problem occurred. (Ask your postmaster for help or to contact tosa@rx.t-online.de to clarify.))
..and tosa@ then says that since whois no longer provides name/phone number, I need that on my website hosted on the same domain. Name is good style, but phone I refuse. Anyway, made my peace with it. Was just curious how widely others are affected. :)

@globalc Well, they refuse to use SPF and DKIM, have completely over the top "requirements" that remind of the dark ages of Bundespost - I don't consider them a member of the normal e-mail community. So I ignore them since many years and it has never been a problem for me and my mailserver :)

@jwildeboer Yes, when I discussed these 'own requirements' from t-online in various communities, pointing out it's their own spleen/house rules and not something agreed upon in wide community and then recorded in RFC's was one of the things we did.

Sign in to participate in the conversation
social.wildeboer.net

Mastodon instance for people with Wildeboer as their last name