I just moved my mail server from hosteurope to OVH. And I was ready to find myself blacklisted. But, now, weeks later, zero problem. Mails flow from and to gmail, microsoft etc. I get DMARC reports and no blacklisting at all thus far. Fingers crossed :)
@mnw I'll post some blog entries on my setup of postfix/dovecot with DKIM, DMARC, SPF, multi-domain, mail-crypt in the next few days. If you're used to some Linux and config stuff, it should work.
Mail has a *lot* of moving parts, and doing one tiny thing wrong might breach security and/or get you blacklisted forever. So it really pays off to piggyback off communities who automated all those best practices into a single script or setup.
Contrary to most other self hosted tools, mail is the pivot point of all your online security. So must be solid
@jwildeboer the M$ or Google-banhammer may strike later due to "unaware" users.
1) users autoforwarding their account on your server to their account at Outlook.com, Gmail etc,
2) then receiving spam (slipped through your rspamd, or even accidental newletter via you server'
3) Hitting "it's spam" on the Webmail at the operators above.
been in that trap a few times, needing to educate users or disable the option of automatic forwarding. (YMMV)
@adorfer Sure. That is a risk. But not in my case because the only users I have are me, myself and I. And family members who have been through my School of Internet since many years (AKA as my kids ;)
@jwildeboer Did you also send to @t-online.de or @magenta.de?
These are 'special' for me, in that they do not accept mails from me, they requested me to put a full impressum including phone number etc. onto my site, which I refused to do. So they did set up own rules for systems they accepted mails from.
@globalc No, in all my years I have never sent an e-mail to any t-online/magenta address. If they blacklist themselves that way, that's not my problem. But it seems that according to their current policy, https://postmaster.t-online.de/index.en.html#t4.1 they have relaxed their requirements a bit in the last few years.
I just rechecked, but as since some years I get
[..] status=deferred (host mx03.t-online.de[..] refused to talk to me: 554 IP=[..] - A problem occurred. (Ask your postmaster for help or to contact firstname.lastname@example.org to clarify.))
..and tosa@ then says that since whois no longer provides name/phone number, I need that on my website hosted on the same domain. Name is good style, but phone I refuse. Anyway, made my peace with it. Was just curious how widely others are affected. :)
@globalc Well, they refuse to use SPF and DKIM, have completely over the top "requirements" that remind of the dark ages of Bundespost - I don't consider them a member of the normal e-mail community. So I ignore them since many years and it has never been a problem for me and my mailserver :)
@jwildeboer Yes, when I discussed these 'own requirements' from t-online in various communities, pointing out it's their own spleen/house rules and not something agreed upon in wide community and then recorded in RFC's was one of the things we did.
Mastodon instance for people with Wildeboer as their last name