Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: Is There a War Against Small Mail Servers?

Soulskill posted more than 3 years ago | from the lazy-spam-prevention dept.

Communications 459

softegg writes "My company hosts our own mail server. We have high-speed business connections through Verizon and Comcast. Recently, Verizon and Comcast have been blocking port 25, causing our private mail server to stop functioning. Additionally, a lot of ISPs just started blocking any mail coming from any IP in the address block of cable modems. This caused us to start laundering our mail through a third-party service called DNSExit. Now, McAfee's MAPS anti-spam system tells us they are blocking DNSExit for spam. Essentially, we are finding ourselves increasingly cut off from sending any outgoing mail. What is a small company supposed to do if you want to host your own mail?"

cancel ×

459 comments

Sorry! There are no comments related to the filter you selected.

Not much to do (5, Informative)

enec (1922548) | more than 3 years ago | (#35272714)

Most ISPs block outgoing port 25 because 99.99% of that traffic is viruses or otherwise malicious computers trying to send spam. Even more mail services block all dynamic pools used by major ISPs because of the same reason.

Just invest a few bucks a month into a cheap hosted VPS behind a static IP where you can run the server.

Re:Not much to do (2, Insightful)

Anonymous Coward | more than 3 years ago | (#35272764)

You have several options.
1) Get a real internet Service provider.
2) Host mail on a different server such as a vps
3) host mail on a different server and use Fetchmail to pull mail and send mail out bound.
4) Configure your server to send mail through your ISPs send mail server. Receiving mail may be a problem depending on ISP.

Re:Not much to do (2, Informative)

Anonymous Coward | more than 3 years ago | (#35272766)

Or stop using a dynamic IP for a business. I know static IPv4 addresses are an endangered species, but come on man.

Re:Not much to do (2)

pipatron (966506) | more than 3 years ago | (#35272810)

We have high-speed business connections through Verizon and Comcast

Would these be dynamic too?

Re:Not much to do (0)

Anonymous Coward | more than 3 years ago | (#35272918)

as backup to our T1 our company has 12mbit "business connection" through comcast with three bit routed subnet, no blocking of any ports. It just costs more than regular connection. If anyone is wondering, it still doesn't have the uptime of a T1, so owners are keeping the comcast as backup. That's actually great for the four of us who know how to point our workstations at it 8D

Re:Not much to do (1)

networkzombie (921324) | more than 3 years ago | (#35273166)

I would really like to know various solutions for cutting-over to the backup. How do you deal with DNS for internal email and web services? Are the solutions worth the effort to avoid a two hour downtime? Do you have the next priority MX record pointing to the backup connections IP as a cold stand-by? Does IPv6 offer any solution to these DNS problems of cutting over to a backup connection?

Re:Not much to do (1)

dosius (230542) | more than 3 years ago | (#35273018)

Maybe, maybe not. I have "high speed" (4 Mbps ADSL) through Verizon and it's static IP, though I pay out the arm for it.

-uso.

Re:Not much to do (0)

Anonymous Coward | more than 3 years ago | (#35273178)

As a current owner of a business fios line you have the option to choose static, or dynamic, business-class from Verizon does not block any ports on your connection, as I'm clearly able to send and receive mail from one of my servers, host http servers, and anything else that I've seen with no issues.

Re:Not much to do (3, Informative)

icebike (68054) | more than 3 years ago | (#35273180)

Or stop using a dynamic IP for a business. I know static IPv4 addresses are an endangered species, but come on man.

Agreed.

Our company has the business pacakge from Comcast which includes a static IP.
Its not a problem for our mail server. We don't get blocked, and our reverse is properly set up, and our IP is in a
non-dynamic pool. Yeah, we pay a tad more for this. But we can run all the services we want, and our mail
goes out.

Most of the blockage you get with dynamic SENDING IPs is on the the RECEIVING end, not always your local
ISP.

Re:Not much to do (5, Funny)

guybrush3pwood (1579937) | more than 3 years ago | (#35272770)

"First, they went after port 25, but I didn't care, because I didn't host my own mail server..."

blah blah blah, you know how it goes

Re:Not much to do (0)

Anonymous Coward | more than 3 years ago | (#35272964)

My previous ISP ran checks before letting stuff through on port 25 which I thought was a good thing - they checked for relaying etc, before letting you loose.

Postfix and ssl and dovecot worked just fine for me.

I've moved Companies since then, but it worked well I have to say.

Re:Not much to do (0)

Anonymous Coward | more than 3 years ago | (#35272772)

Or get commercial service from comcast!

Re:Not much to do (3, Informative)

PIBM (588930) | more than 3 years ago | (#35272792)

A lot of companies offer static ips for which you can set all the reverse dns & email information, and they are also out of their normal subscriber pool, thus allowing you to send emails from the computer behind it. The cost of that option is usually lower than 5$ per ip per month around here.

Re:Not much to do (0)

Anonymous Coward | more than 3 years ago | (#35272816)

That's basically it. A while back a friend of mine asked me to clarify something, AOL told her that viruses can't E-mail themselves. I chuckled and told her that one I was just looking into had its own SNMP engine. I know that Verizon offered companies relaying service, which we used until we switched to Comcast. So perhaps you can look into that.

Re:Not much to do (2)

Seng (697556) | more than 3 years ago | (#35272858)

Wow, they do their own network reporting? Perhaps SMTP?

Re:Not much to do (2)

SimonTS (1984074) | more than 3 years ago | (#35273116)

Moderator!! Above post +1 for sarcasm and +1 for being pedantic. Mustn't have had his coffee yet.

Ports (0)

Anonymous Coward | more than 3 years ago | (#35272746)

Switch the port to something ambiguous. It would cost nothing more than a company-wide e-mail to change your outlook e-mail settings. If they use exchange, simply change the exchange settings for everyone.

Re:Ports (1)

pipatron (966506) | more than 3 years ago | (#35272850)

Uhm. It would also require that they contact every other company they are doing business with and ask them to change their mail server port, right?

Re:Ports (2)

drhlx (580655) | more than 3 years ago | (#35273136)

Actually it would require a rewriting of the SMTP protocol :P However, the standard solution is to use port forwarding on an external unencumbered host accepting inbound port 25 and forwarding to your unblocked port (e.g. 1025). You can use a smarthost to similarly forward external email via another 'unblocked' host. This generally gets you closer to the benefits of a "local" mail server vs simply hosting your mail server external to your network.

ITs the end of the small business mail server (0)

Anonymous Coward | more than 3 years ago | (#35272754)

Nothing your going to do about it, thankfully, outsourcing mail is very cheap and more secure then running your own. Especially the bandwidth saved by not having spam enter your office.

Re:ITs the end of the small business mail server (3, Informative)

Sarten-X (1102295) | more than 3 years ago | (#35273128)

Outsourcing is often not feasible. As an example off the top of my head, any American company working with medical data needs to be certain that personal medical data does not leave their control, or they get hit with huge penalties from HIPAA and HITECH. That eliminates a lot of outsourcing options, and especially anything cloud-related, because one mistaken message, even from someone outside the company, can have devastating effects.

Re:ITs the end of the small business mail server (2)

SnoopJeDi (859765) | more than 3 years ago | (#35273140)

Outsourcing it is cheap because it needs to compete with these roll-your-own systems. If small mail were totally blacklisted, I wouldn't be surprised to find mail services prices bump a bit. Afterall, they'd be the only people with an ISP allowing port 25...

Sounds like an ISP problem. (5, Insightful)

raitchison (734047) | more than 3 years ago | (#35272756)

If your ISP (Verizon and Comcast) are blocking port 25 outbound it doesn't sound like they think you have a "Business" connection. Check your contract/TOS for any provisions that would prevent you from running a server (common for residential cable connections but not for business) and if there isn't one call and complain. If they won't unblock port 25 for your mail server (assuming it's properly configured) you need to find a new ISP.

Re:Sounds like an ISP problem. (0)

Anonymous Coward | more than 3 years ago | (#35272804)

Maybe nobody wants to talk to you.

Re:Sounds like an ISP problem. (0)

Anonymous Coward | more than 3 years ago | (#35272832)

This is it. A business connection costs more. I have "Business Class DSL err U-Verse" and they don't block my mail server at all. I get 5 static IPs as well and 24mb/3mb. Not bad IMO. My co-loc servers have a hell of a lot more bandwidth but for a mail server, svn and local testing/backups it comes in very handy.

Re:Sounds like an ISP problem. (-1)

Anonymous Coward | more than 3 years ago | (#35272888)

Listen, I have to tell you! My ass crack smells like CHEESE. Yes, that's correct, CHEESE. What kind, you may ask? NACHO cheese.

Re:Sounds like an ISP problem. (1)

yoghurt (2090) | more than 3 years ago | (#35272942)

How is "telnet smtp.example.com 25" a server? As per the RFC, outbound is NOT a server; it's a client. The SMTP server listens and receives mail on port 25. So I don't understand why a no server TOS clause should prevent sending mail. Another TOS clause is probably more relevant.

Re:Sounds like an ISP problem. (1, Informative)

commodore6502 (1981532) | more than 3 years ago | (#35272978)

>>>you need to find a new ISP.

That would be great, if the government had not given Comcast/Verizon an exclusive monopoly (or duopoly). And then decided not to regulate them.
Choice - we don't haze it.

Re:Sounds like an ISP problem. (1)

Anonymous Coward | more than 3 years ago | (#35273068)

>>>you need to find a new ISP.

That would be great, if the government had not given Comcast/Verizon an exclusive monopoly (or duopoly). And then decided not to regulate them.
Choice - we don't haze it.

If you're buying a serious business connection, you have a choice. We're not talking about grandma's cable/dsl connection here. If you're trying to run a business mailserver over a consumer broadband connection, you've got far bigger problems than blocked ports.

Re:Sounds like an ISP problem. (1)

raitchison (734047) | more than 3 years ago | (#35273186)

There are no DSL providers available in this area?

Even if there are not Cable or DSL providers there are always more traditional connectivity options, of course those might be cost prohibitive for a small company.

Re:Sounds like an ISP problem. (5, Insightful)

jimicus (737525) | more than 3 years ago | (#35273164)

If your ISP is preventing 25 outbound, you don't have an ISP.

TBH, I'm not quite sure what you do have. I've met that sort of thing once before, I would describe them as a Web access provider.

Dump Comcast (2)

cstec (521534) | more than 3 years ago | (#35272768)

Comcast's idea of the Internet is an increasingly detached 'consumer endpoint' version of the Internet. If you're not in a rural area, then find a true Internet provider and move on.

Re:Dump Comcast (-1)

Anonymous Coward | more than 3 years ago | (#35272944)

Comcast's idea

That's a lot of bullshit. Comcast serves business customers well; very responsive support, high reliability and performance matching the advertised level. Your idea of the Internet, and that of all your fellow freetards, is getting commercial quality service at residential prices.

Re:Dump Comcast (2)

Steauengeglase (512315) | more than 3 years ago | (#35273142)

While I understand it 99% of the time, I'm not sure if I should get hit with violating the ToS for firing up a Quake server once a month. I mean, yes, I "should" get hit, but I'm not sure if it leaves me very satisfied with my service, especially when Netflix and torrent guys use much more bandwidth.

PS: Might want to find a better term to use than "freetards". It is kind of vague. Some days of the week tossing that term around means you are out to defend a man's right to feed his family and expand the market place, you know truth and virtue and all that jazz. On other days it means you are supporting rent seeking and people will assume you are a shill who don't want their stock dipping. All in all I find it best just to avoid the term. Granted it is a free country, you can say what you want, but for some people around here you might as well be saying, "faggot".

No problems here (0)

Anonymous Coward | more than 3 years ago | (#35272776)

You have options. Rent a small server in a co-lo just for mail OR get a Business Internet Connection, as those don't block mail, at least none that I have dealt with. I've had Bright House(Time Warner) Business AND Verizon FIOS Business with a static IP, both allow port 25 out and let me configure the reverse DNS for my IP address.

You should then be all clear.

~Matt

Comcast Business works for me... (2)

Frosty Piss (770223) | more than 3 years ago | (#35272786)

I haven't had this issue with Comcast Business (static IP). Port 25 works just fine. But, some recipients don't like us.

Re:Comcast Business works for me... (3, Informative)

edmudama (155475) | more than 3 years ago | (#35273102)

My Comcast Business account explicitly allows servers on the static IP, including mail, web, etc. Anything allowed unless it's against the law in the local jurisdiction. If you go over bandwidth caps, they reserve the right to promote you automatically to the next tier of service. At the top tier, there are no caps.

It costs a little extra, but it seems to me like a business big enough to run it's own mail server should be able to afford the ~$75-100/mo for a business cable modem account.

Get a commercial account with your ISP (0)

Anonymous Coward | more than 3 years ago | (#35272788)

And make sure they know you want port 25 open, and otherwise be reliable. The number of spam-bots on cable modems is rather high, and there's no surprise that you get blocked. It's like how businesses don't take money over a 20. The risk is not worth the reward.

Rent a hosted (virtual) server (0)

Anonymous Coward | more than 3 years ago | (#35272790)

You can get a hosted (maybe only virtual) server at RackSpace & friends. Let your mail server run there, which is anyway better in terms of fault-tolerant power supply and redundant network connections. Small companies usually don't operate a 24x7 data center, so you just get better in terms of reliability, and these IP addresses should not be black-listed anywhere.

Do they allow you to turn it off? (1)

a.koepke (688359) | more than 3 years ago | (#35272806)

Over here in Australia quite a few ISPs will have port blocking like this turned on but they do provide you the option to disable it. It can even be done online via their user control panel.

Have you spoken to your ISPs about this issue?

Business Account (0)

Chris_Stankowitz (612232) | more than 3 years ago | (#35272814)

1) You are more than likely breaking the ToS of your contract by using the connection for "business" purposes.

2) Switch to a Business plan. It will cost more... such is the cost of doing business.

CS

Re:Business Account (-1)

Anonymous Coward | more than 3 years ago | (#35272882)

1) Read the damn summary.
2) Read the damn summary.

Re:Business Account (2)

Manip (656104) | more than 3 years ago | (#35272986)

I read the summary. Don't believe him. He is using a consumer connection. I've never heard of an ISP blocking ports on a business connection since the entire point of the damn connection is to get servers on to the internet and to allow VPN passthrough. If they blocked ports required for e-mail they might have well discontinue offering business accounts at all.

Most business connections also come with fixed IPs for exactly that purpose, and those aren't ever blocked by spam lists, since again the entire point of a business line is to bring servers online - not clients.

Re:Business Account (0)

pipatron (966506) | more than 3 years ago | (#35272998)

Thank you, Chris, for this extremely insightful comment! However, I see a tiny flaw in your suggestion here, since I actually read what you replied to:

We have high-speed business connections through Verizon and Comcast.

Pay for a business connection? (2, Interesting)

way2trivial (601132) | more than 3 years ago | (#35272820)

they only (so far as I know) block ports on residential accounts
you don't mention it, I suspect you are using a residential class account.

I have a comcast business account.. 2 actually.
pay for an account where the TOS allow servers... they won't block the port

before I had a 2nd commercial account, (at my home)
my biggest gripe was connections from my home to work
  took too many hops to go 8 miles in very different ip ranges...

see if comcastbusiness.net is on the block lists you fear..

Re:Pay for a business connection? (2)

slashdotard (835129) | more than 3 years ago | (#35273126)

Comcast & Verizon have been known to routinely treat business customers as residential customers. ,

Use Google Mail (0)

Anonymous Coward | more than 3 years ago | (#35272838)

Just use google business apps for your mail. Hosting it yourself is a huge headache.

Re:Use Google Mail (0)

Anonymous Coward | more than 3 years ago | (#35272992)

And leave your privacy in the hands of Google? A company not well known for respecting the rights of others. The only company
worse is Facebook. Its also a lot easier for feds to go snooping on their servers than yours.

Your ISPs 'smart host' (1)

W3bbo (727049) | more than 3 years ago | (#35272840)

Usually when ISPs block port 25 (ostensibly because of all the botnets sending spam, a wise precaution that I advocate) they will provide a mail relay for their customers to connect to. They might not advertise it as that, but if your ISP (still?) provides a POP3 mail service, then they're going to give you an SMTP one too. Failing that, why not put a relay on any server you have in a datacenter or colocated? Configure it so only your computers can relay though it and it'll be fine.

more like casualty of war (1)

trybywrench (584843) | more than 3 years ago | (#35272844)

this seems more like a casualty of war with spammers.

Re:more like casualty of war (2)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35273062)

I suspect that it is a mixture of "collateral damage in the war on spammers" and "convenient mechanism for price discrimination".

Back in the day, the ISPs could use the simple "dialup=cheap gits(unless they inquire about worldwide availability of dial-in numbers, in which case Soak 'em), T1=Soak 'em" heuristic to more or less distinguish between business and home users.

Now that a T1 is pitifully slow by consumer broadband standards(and, depending on location and providers, not much more reliable than a faster and cheaper consumer broadband connection, never mind two or more coming in over different wires for redundancy...) they need something else to keep business users paying more. Crippling common server functions is, conveniently, both a plausible reaction to spambots and a good way of making consumer-priced connections less useful...

This is a big deal for me. :-( (5, Interesting)

Omnifarious (11933) | more than 3 years ago | (#35272846)

I've run my own mailserver for over a decade. It's IP has changed every few years if I switch ISPs, but otherwise it remains stable. I have a static IP on a DSL line and have reverse mappings set up. I have SPF records. I've registered with a whitelist. I've done everything I can. And still nobody who uses hotmail gets email from me. And I have increasing difficulty getting email to anybody else.

And I do not believe a single spam message has ever made it out from my network. I even block outgoing port 25 for the network segment my roommates use (when I have roommates) unless I'm administrating their computers.

This whole trend is really upsetting to me, and totally broken. I never have a problem sending email to someone with a gmail.com address, and they have the best spam filtering of any email provider I've ever used. The shortcut of blocking any DSL IP is clearly unnecessary if Google can do such a good job without it.

Re:This is a big deal for me. :-( (0)

Anonymous Coward | more than 3 years ago | (#35272906)

Check to see where your ip is actually being blocked. If it's on the PBL or one of the other equally retarded spamhaus blacklists you'll never get mail out until you isp requests to have it removed (which they probably won't).

When you say you can't deliver to hotmail what is the actual messaged returned by their MTAs?

Re:This is a big deal for me. :-( (1)

Omnifarious (11933) | more than 3 years ago | (#35272994)

I actually do check blocklists periodically because I use them myself and understand the danger. I don't think I've ever found myself listed in any of them.

That's another thing, my email is always just eaten. I always make sure that either delivery is refused when the email is being sent (in the case of a blocklist) or that it's delivered. I do not reject mail after I've accepted it for delivery to avoid being a source of backscatter spam. But I do use RBLs and other cheap-to-execute tools to reject mail before I accept it for delivery. I consider it to be the polite thing to do. If someone sends me an email that has no chance of ever reaching me, they should at least be told why.

Re:This is a big deal for me. :-( (2)

anom (809433) | more than 3 years ago | (#35273038)

I remember once upon a time when I was first setting up my mail server I experienced this exact problem. As I recall, there was some kind of hotmail-ish website I went to that helped me get its IP allowed by their system.

Here are some great resources on sending email to hotmail:

http://mail.live.com/mail/troubleshooting.aspx [live.com] (generic troubleshooting page for sending to hotmail)

https://postmaster.live.com/snds/ [live.com] (Signing up here lets you see what hotmail thinks of a specific IP, assuming you control RDNS for it. This might have been what I did once upon a time)

Finally, if none of those help, you can ask them directly here:

https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts&st=1&wfxredirect=1 [msn.com]

Regards,

Anom

Residential or business service? (3, Interesting)

peacefinder (469349) | more than 3 years ago | (#35272862)

I had a customer (a small town government) recently have port 25 outbound blocked by Comcast. After going around with Comcast for a bit, it turned out that they were subscribed to a residential-class service, which has port 25 outbound blocked by an implacable policy. The only way to get the port unblocked in this case would have been to move them to a business-class service with a static IP. (Fortunately the block wasn't a big deal for them, we were just using it for automated status reporting rather than running an inhouse mailserver.)

Re:Residential or business service? (0)

Anonymous Coward | more than 3 years ago | (#35273120)

I've heard lots of bad things about Comcast, but my experience has been very good. I have business-class service, and was able to negotiate a price less than residential service with a 2-year commitment. I run web and mail servers, usually get my rated speed both directions, and have had very little downtime over about 4 years with them. I would recommend calling the comcast business service desk and see what they can do for you.

Spam (1)

sketchbag (1946222) | more than 3 years ago | (#35272868)

I think it should be up to ISPs to block port 25 from their own client pool. That way, you can get whitelisted if you want to run your own mail server by your ISP. If all ISPs did this, it would be an obstacle for spam. Or if there were a registry of approved mail servers, so botnet zombies on cable pools cant easily dump thousands of spam messages per day. I think it is a step in the right direction, as long as your ISP is willing to open up port 25 to users upon request.

Stop hosting your own mail (0)

realmolo (574068) | more than 3 years ago | (#35272878)

Seriously. It's not worth it. Google/Postini does it better than you can. Pay them to be the MX record for your domain, and let it handle all of the SMTP traffic, and then spit the non-spam mail to your on-site mail server. Much better.

Running your own internet-facing mail server these days is a colossal pain-in-the-ass. Let Google do it.

Re:Stop hosting your own mail (0)

Anonymous Coward | more than 3 years ago | (#35273000)

Except if, you know, he works for a law office, or a doctors office, and they have have reason to believe that someone wants into their mail, so hosting their own (encrypted, personally controlled) mail server is the best option for them. Or maybe he works for a high level security contractor for the DoD or NSA or CIA and they need their own encrypted mail servers. I can think of a myriad of reasons why a company would need their own, trusted mail servers and not want to have servers hosted by a company who will let, literally, anyone with a gov't subpeona in before they fight it on your behalf.

Business class service (1)

Anonymous Coward | more than 3 years ago | (#35272886)

Are you getting business class service from your provider? Verizon, Comcat, TWC, Cox, etc all give unfiltered access to business customers. If you have business class service and are being filtered call your rep or open a ticket with support and tell them to fix it. Any ISP I have ever worked with will provide you with appropriate PTR records or delegate your netblock to you allowing you to run your own reverse DNS which in turn allows proper MX reverse DNS verification which in turn helps see mail accepted on the far end. Also using SPF and/or DKIM along with a properly configured mail server are all critical to avoiding problems with blacklists and other filtering mechanisms these days.

Just call them. (1)

TheDarkener (198348) | more than 3 years ago | (#35272910)

I have Comcast business class, but I used to have Comcast at my home and both setups just required a call to customer service to ask to unblock port 25 because you're hosting your mailserver there. They're usually pretty helpful about doing what you need done - I even had them put in a reverse DNS (ptr) record for my mailserver's IP addy because some mailservers do reverse lookups to see if the IP points to a/the hostname (try "nslookup -> set q=ptr -> ip.add.re.ss" to check it) for spam control.

get a real Internet connection... (1)

pak9rabid (1011935) | more than 3 years ago | (#35272912)

Sounds like your company is extremely cheap & stupid for not just getting a real Internet connection. I don't blame companies for straight-up blocking any mail traffic originating from blocks of cable modem IPs...it's generally a source of illegitimate spam. Tell your boss to put down the money for a T1 to use for email. Route all other traffic through your cable connection.

Re:get a real Internet connection... (0)

Anonymous Coward | more than 3 years ago | (#35272982)

Tell your boss to put down the money for a T1 to use for email. Route all other traffic through your cable connection.

T1 is too expensive, just rent a virtual server or dedicated server monthly for a fraction of the cost. You could get away with around $40/mo for a virtual server vs $250 for a T1.

Re:get a real Internet connection... (1)

pak9rabid (1011935) | more than 3 years ago | (#35273096)

That works too...hell, if they're really that cheap, they could just use their ISP's SMTP server (aka, Smart Host), and rely all outgoing mail through there.

Re:get a real Internet connection... (0)

pak9rabid (1011935) | more than 3 years ago | (#35273054)

...or ya know, stop hosting your own mail server. Companies like Rackspace offer very affordable email hosting for companies...complete with a very powerful and easy-to-use web interface for managing mailboxes and aliases. They also offer web-based chat support, which in my experience has always been responsive (no wait times).

Re:get a real Internet connection... (1)

Baloo Uriza (1582831) | more than 3 years ago | (#35273162)

Let's just ignore the fact the Internet is supposed to be peer to peer and equal access! That's the answer! Seriously, the idea that one shouldn't host their own services is the kind of mentality that makes me hope the fleas of a thousand camels infest the erogenous zones of the people who suggest that.

Let me google that for you (-1)

Anonymous Coward | more than 3 years ago | (#35272914)

http://lmgtfy.com/?q=company+mail+hosting

both comcast and verizon (3, Interesting)

nimbius (983462) | more than 3 years ago | (#35272920)

are inappropriate for small businesses yet continue to grow in popularity due to their heavy marketing and low cost.

Contact your local bell, or find a t1/t3 reseller, and let them know you need a fractional leased line. the cost is higher, but you get a real service level agreement to which the provider is contractually obligated.

using a dedicated/shared server for email hosting has its drawbacks. the shared server may become overloaded by spammer accounts and other users, and its generally not a priority for most hosting companies as they get very little money off a shared hosting sale. dedicated hosting is just as bad because you're commonly forced through one relay host, or a set of relay hosts that routinely become overwhelmed by spammers on your providers other dedicated hosting boxes. the dedicated and shared boxes are also notorious for floating in and out of various blacklists and sender reputation services, so you can expect mail to break-down about once every few weeks.

Re:both comcast and verizon (1)

Attila Dimedici (1036002) | more than 3 years ago | (#35273152)

Both Comcast and Verizon are inappropriate for small businesses yet continue to grow in popularity due to their heavy marketing and low cost. Contact your local bell, ...

Verizon would be his local bell.

Use smarthost mode (1)

hidden (135234) | more than 3 years ago | (#35272930)

Most mail server software is capable of routing the outbound mail through the isp's mail server in such a way that it gets listed as the origin. You get to keep running your mail server, but the spam labelling and port blocking issues all go away.

The only time this is an issue is if the isp's mail servers do some kind of filtering or mangling, but most of the ones I've dealt with don't

Virtual Private Server, Lease, or Co-Lo (0)

Anonymous Coward | more than 3 years ago | (#35272934)

Get a VPS host, or lease a hardware host, or co-locate your equipment at a proper data center. This is karma for running NAT.

Use a SmartHost! (0)

Anonymous Coward | more than 3 years ago | (#35272938)

Best bet would be to use your ISP's SMTP server as a smarthost for your email server. I've had great success going this route when faced with similar obstacles as you.

Cable modem mail server? No (1)

19thNervousBreakdown (768619) | more than 3 years ago | (#35272950)

Rent a dedicated server, or get your own co-location space. I have one that I pay $70 a month for with 1and1 [1and1.com] . I use 'em because I was able to install my own OS image on there, and they're generous with the bandwidth, although I'm not sure I'd run a company's e-mail server through them--the network connection can be flaky. About a year ago they went down after 5pm for an hour or so for a week or two due to a DDoS, then the last week they have been not accepting new connections (existing connections work fine) for periods of 1-3 hours during business hours. Seems to have cleared up now, and those are the only issues I can recall. Not sure if they have a multihomed network connection available for more money.

Of course, pretty much anything would be a step up from running it off a cable modem.

Anyway, rent a dedicated server, or get to a co-lo. 1U would be plenty, and shouldn't cost too much. Preferably one run by an ISP, as they have plenty of experience being on both sides of the spam issue and if you're on a nearby address space, a personal interest in keeping that address space off of spam lists.

Are you sure you need to host your own? (1)

facebiff (1142535) | more than 3 years ago | (#35272954)

Are you in the business of running mail servers? If not, then odds are that another company is better at running mail servers than you. They can probably do it more reliably than you, more securely than you, and in a more cost-effective way.

If you're being paid somewhere near market salary for a tech job in the US, then you've probably spent hundreds of dollars worth of man-hours addressing these issues already. Is it worth it?

dying technology... (0)

Anonymous Coward | more than 3 years ago | (#35272966)

Whats with the obsession with SMTP around here, move along its a dying technology and being replaced fastly by other means.

Gmail/Yahoo/etc.. rules all....

Move to another port (0)

Anonymous Coward | more than 3 years ago | (#35272974)

You can move your mail server to some other port. I use FuseMail and they use port 2500 for sending to get around this problem. You could also begin moving everyone to SSL encrypted mail over another port.(463 is often used). You probably should be sending your mail encrypted anyway since virtually every client now supports SSL encrypted email for SMTP, POP3, and for IMAP.

In principle (1)

mysidia (191772) | more than 3 years ago | (#35273004)

You should be able to run your own mail server.

Pragmatically... to get your mail out, either upgrade to leased lines with your own IP allocation, or subscribe to a reputable spam filtering service that offers outbound relay and filtering of spam, e.g. Postini.

The general idea is your 'outbound filtering' service will have a good reputation for mail deliverability, and they will be able to more accurately model your mail profile and recognize spam/malicious activity than any third party not beholden to you.

Business Cable blocking Port 25? (2)

EMR (13768) | more than 3 years ago | (#35273026)

My dad's server is on Business Cable and Port 25 is not blocked and we have had no issues running our mail server on that connection.. Now one thing that we did do to aid in preventing us from being blocked is requesting our 5 IPs setup with reverse DNS entries to our domains instead of the Generic "ISP looking" ones that comcast assigns by default. You should contact Comcast and Verizon to set that up.

Also, make sure when you are testing if port 25 is "open" that you aren't yourself on an ISP that blocks 25 outbound. And make sure you setup port 587 (SMTP submission.. Authenticated SMTP) so that users can send mail from any ISP.

Use a different host. (0)

mrbcs (737902) | more than 3 years ago | (#35273040)

Hostmonster for $75 a year is a very good deal. Real tech support, excellent service. I'm a customer and obviously very happy.

Google Mail (0)

Runefox (905204) | more than 3 years ago | (#35273046)

I've been using Google Mail (separate from GMail) for a while now for my mail needs, and it's actually working out pretty well. Better uptime and performance than hosting the server myself, and it's generally just a lot easier. Then again, you have to ask yourself if you want Google to potentially be able to see your mail.

Yes, but the problem is spam filters (2)

proxima (165692) | more than 3 years ago | (#35273048)

Even if you have a non-cable modem IP, it can be difficult to send (opt-in) business email from a small mail server. The reason is that spam filters at major email providers like Yahoo are turning to whitelisting [yahoo.com] , and you have to contact each major provider to avoid getting your email sent straight to the spam filter.

Since the implementations of spam filters at the server level seem to vary quite a bit, I tend to avoid sending particularly important single emails through my own small email server for fear they just end up in the spam folder of the recipient.

That said, in general I wouldn't trust a business-class cable modem connection to host an email server for business purposes. Virtualized servers are commonplace now and quite affordable (I pay $15/mo for mostly personal use). Set up the backup on your own connection.

Relay thru smtp.comcast.com (2)

WaffleMonster (969671) | more than 3 years ago | (#35273070)

Most likely your system is misconfigured and sending misdelivery reports rather than rejecting the smtp request in realtime or worse (open relay)

Comcast and Verizon are reacting by shutting you down...you have to beg to get it restored from what I understand...

There is no good solution for most of us other than to just relay thru comcasts SMTP server.

Comcasts user networks are in the subscriber block lists of many RBLs however typically business class accounts are exempted from these lists.

For outgoing mail if you can't send directly your best bet is to configure your SMTP server to relay all messages thru comcast smtp.comcast.com which is less than ideal.

Comcast runs with aggressive dns timeouts and their mail system does not properly translate DNS timeout to a temporary condition.. This sometimes cause emails to valid destinations in distant countries with slower links to bounce.

Re:Relay thru smtp.comcast.com (1)

Alworx (885008) | more than 3 years ago | (#35273184)

I agree...

I too got tired of ending up in black-lists so I just relay all outgoing email to my provider's SMTP.

Piece of cake

Small CoLo's aren't safe either (3, Informative)

Bigbutt (65939) | more than 3 years ago | (#35273090)

I host my personal server with a Mosaic forum (Mosaic and Stained Glass.org) out of a CoLo in Florida. It's not the cheapest solution but I do get 100% access to the server to do what I want and a reasonable time on reboots when necessary.

Still, Microsoft will randomly block my mail for a month at a time with no recourse. I've attempted to contact them but they send me to a troubleshooting page which tells me I'm configured correctly but they still won't accept email. This wouldn't be too bad of a problem except that other ISPs use them to manage their e-mail. So I can't get any e-mail to Shaw.ca or AT&T in Canada. They don't even have a whitelist option for their users.

And there are a few smaller ISPs in the US that use anti spam blocking sites that don't have any way to let them know that I'm not spamming.

Most others though have contact information in their bounce and I've used it to check the various sites in the block list, then forward the results to the postmaster at the offended site. Then I get it opened up for the folks on the forum.

Heck, one ISP replied that I needed to get in touch with them and their Postmaster account won't accept further e-mail. I had to send them a note from my Yahoo account. Then they said it was a problem with my ISP and they should fix it. My ISP had no idea what they could do to fix it.

Even the company I work at, who uses MX-Logic can't receive e-mails from me because I'm not able to convince MX-Logic I'm not a spammer.

On the plus side, if I did want to spam Microsoft, they have a program where if I pay them, they'll open their servers up so I can send e-mail to their clients.

I'm not doing any real business on the server. I have my consulting website there but traffic is pretty much non-existent. The biggest impact is when the forum folk try to send the other folks e-mails (the PM notifications). I have a note in the Site Agreement to let folks know on shaw.ca, frontier, and the others that they might want to use a Yahoo e-mail to manage their forum account.

[John]

When the going gets tough, (1)

No2Gates (239823) | more than 3 years ago | (#35273092)

The tough get carrier pidgeons.

CableOne's been that way for years (2)

RogueWarrior65 (678876) | more than 3 years ago | (#35273094)

CableOne has blocked outgoing mail for years. It's annoying to have to reconfigure your mail program every time you travel somewhere. And it hasn't stopped the flow of prescription drug e-mails and Nigerian-ish scam e-mails. Hell, if all of those e-mail from barristers in foreign countries telling me a long lost relative left me several million dollars were real, I could by that 30,000 acre ranch in western Wyoming...and a helicopter. And why is it always a seven-figure inheritance? Wouldn't more stupid people believe $20,000?

VPS (3, Informative)

dlevitan (132062) | more than 3 years ago | (#35273098)

Get a VPS. You can get one for $20/month and set up a full e-mail server on it. You'll get better hardware and better connectivity than your own server. Your IP will be seen as coming from a data center, not a cable modem pool of addresses. You can also host your own website, and leave the server you have at your office for internal things only. For mail access, just set up IMAP and SMTP with TLS, with the latter on port 587 (known as the submission port) which is generally not blocked like 25 is.

Re:VPS (1)

Brama (80257) | more than 3 years ago | (#35273182)

I second this. I've been using a VPS for the last 5 years for mail and DNS, and don't regret it for a moment.

How to setup a SMB mail server (4, Informative)

DigiShaman (671371) | more than 3 years ago | (#35273104)

Being that I setup SBS 2003 and SBS 2008 boxes, let me explain what you really need to make it work.

1. A business class ISP subscription. Along with this classification, you get a netblock of IP/s that (usually) wont be preemptively blacklisted by SORBS (I hate them).
2. Reverse DNS (PTR) record. Not having one is almost guaranteed to get your sent e-mails blocked. Getting one created is easy as pie if you subscribe to a business class ISP.
3. SPF record. They're many online wizards to help you create one. My favorite is from Microsoft.
4. DNS that will host TXT records. Needed for that SPF record you just created.

Once all completed, be sure you test out your handy work over at http://www.mxtoolbox.com/ [mxtoolbox.com] Good luck.

There are other solutions... (1)

eld101 (1566533) | more than 3 years ago | (#35273106)

Depending on the amount of email you want/need to host, you could turn to a vps like Linode [linode.com] . I have a few small servers with them and their performance is great. There is a small cost associated with it but that is probably well worth it considering you are obviously posing potential important emails.

Re:There are other solutions... (1)

eld101 (1566533) | more than 3 years ago | (#35273168)

I forgot to mention you get full Root access to do what ever you want (as long as its legal)

A few things to try (4, Informative)

chrisgeleven (514645) | more than 3 years ago | (#35273132)

1) Get a static IP address for your mail server if you don't already have one. Many mail servers use DNSBL blacklists that distrust anyone with a Dynamic IP address.
2) Get your ISP to configure Reverse DNS for your mail server's IP address. Many mail servers reject mail because Reverse DNS isn't configured properly.
3) Make sure your server is set to not run as an open relay.
4) Have a proper abuse@ and postmaster@ e-mail addresses so e-mail providers who claim to have spam complaints against your domain can actually send them to you.
5) Setup an SPF record (openspf.org has a great wizard for this) for your domain. SPF records basically specify which mail servers are allowed to send mail from your domain. This will help cut down on spammers spoofing e-mail addresses at your domain and increases the odds of legit e-mail not being marked as spam.

Not all of these will guarentee delivery of any e-mail, but they can certainly improve the odds.

HEre is how you do it with COMCAST (0)

Anonymous Coward | more than 3 years ago | (#35273134)

Poster....the answer to your question is simple....first off...purchase BUSINESS service from Comcast (or ATT)........do not use personal service which is what you are using and why you are being blocked....nothing against small business's but it is against business's trying to use the home service for business....or actually to keep spammers from abusing their network.

SO if you buy business service you can have your own MAIL server no problem...mine is running on a MAC Mini Server about 15feet behind me.

The problem your having is that your level of service and ToS prohibit you from running a mail server.....and they enforce this by only allowing you to send via their mail servers......

Sorry about it...but if you want to play.....you must pay. Plain and simple.

SMTP with AUTH and SSL and/or TLS (1)

Anonymous Coward | more than 3 years ago | (#35273148)

Unencrypted, open authentication SMTP on 25 is dangerous and can get you on a blacklist easily.

Use SMTP AUTH combined with SSL (465) and/or TLS (587)

Forward 25 port to SSL one (2)

paziek (1329929) | more than 3 years ago | (#35273156)

Forward 25 port to SSL one - thats how we do it at company where I work. 25 port is blocked cause of spam.

What to do? (0)

Anonymous Coward | more than 3 years ago | (#35273160)

What is a small company supposed to do if you want to host your own mail? Find a better ISP and, when you do, tell your existing ISP why you're leaving.

ISP Link (2)

Imagix (695350) | more than 3 years ago | (#35273170)

First question... do you have a residential or a business link? That usually changes the network preferences. As I recall most residential agreements prohibit running servers on the network to begin with.

A couple of options (1)

a9db0 (31053) | more than 3 years ago | (#35273212)

1) Talk to your ISP and get the block removed.
2) Change registrars / DNS providers to EasyDNS. They do mail forwarding for customers. Don't bother if you send spam - they'll quickly shut you down.
3) Set up a VPS somewhere - Linode's are great. They all come with dedicated IP addresses.
4) Farm it out - let Google handle it for you.

Are you sure you're on business class service? (1)

Omeganon (104525) | more than 3 years ago | (#35273218)

1) If you're being blocked then you're hosting your mail server on IP space that Comcast and Verizon have designated as dynamic. Don't do that. Either get them to properly classify your block as non-dynamic _or_ make sure that you're really on non-dynamic space.

2) Ensure that you have proper reverse DNS configured for your server. If you have business class service, they should be completely understanding of your need to change PTR names for the IP's you use.

3) If you really are running on dynamic IP space and have no way around that (that's not painful to you), you always have the option of smarthosting your mail through the Comcast or Verizon mail servers. That's what they're there for.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>