Is there a war on small mail servers?

A few days ago, a Slashdot user asked, “Is there a war on small mail servers?” The admin went on to state that he or she works for a company hosting their own mail server. Their two ISPs (Comcast and Verizon) both block port 25 outbound, and they’re complaining of getting caught in blacklisting crossfire when trying to relay mail out through a third party service. In short, they’re telling us, the world is preventing them from hosting a small mail server.

As somebody who runs two separate small mail servers myself, hosted on two separate ISPs, I can tell you that it’s not really a problem to send mail from a small mail server. I think there’s a huge misconception in this admin’s mind about what constitutes a business-grade internet connection and how best to configure your connection and/or server to mitigate any potential issues.

Allow me to run through the stated issues.
  1. Help, both of my ISPs are blocking port 25 outbound. This strongly suggests that the company this admin is working for does NOT have business level connectivity. I host a tiny little server on the end of a slow and inexpensive, but business-grade, RCN cable connection here in Chicago, with a dedicated IP address and no port blocking. I investigated previously and found that the same thing is available is available from Comcast. I rather suspect that something similar is available from Verizon. In short, this company probably has a consumer-grade service, and is complaining that it’s not a business-grade service. ISPs regularly block port 25 connections for consumers, because consumers’ computers are easy to infect and zombify. To prevent them from becoming a useful part of the botnet army, ISPs block port 25 outbound, making the connection less useful for serving spam. Like it or not, this is a long standing practice.
  2. “A lot of ISPs just started blocking any mail coming from any IP in the address block of cable modems.” That’s true – sort of. ISPs often use blacklists like the Spamhaus Policy Block List (PBL) – to reject mail from machines that should not be serving mail, according to the ISP or owner of the network space. If your IP address is listed in one of these “dynamic” blacklists, again, you probably have a dynamic, consumer-grade connection, not a business-grade connection. Many ISPs subscribe to these “dynamic” blacklists for the same reason that ISPs block port 25 – to help mitigate the spam attack from infected zombie computers. If your ISP doesn’t block it on the way out, a dynamic blacklist will help me block it on the way in. Either way, a significant amount of spam gets blocked. Like it or not, this is a long standing practice.
  3. Help, I’m caught in the middle of a blacklisting situation. The admin mentions both MAPS and McAfee (who are not the same company – MAPS is part of Trend Micro), and I don’t entirely know what the issue there might be. It sounds like the provider this company chose to SMTP relay their mail through is blacklisted as a spammer. Your options there are limited. Either move away from this provider, or nudge the provider to resolve the issue to the blacklist’s satisfaction. Some blacklists are not widely used, and perhaps can be ignored. I don’t know if that’s the case here. Ultimately, if you fixed your connectivity issues as identified above, and went for that business-grade connection, you could stop routing your mail through a third party.
Note that I’m not even touching on the typical issues any email admin has, dealing with IP address reputation, blacklists and whitelists, rate limiting, and so forth. Everybody deals with these issues; they’re not specific to operators of small mail servers.

Running your own mail server can be challenging, that’s for sure. Maybe that explains why email service providers and similar services are so popular nowadays. But is this a war against small mail servers? Absolutely not.

1 comment:

  1. I agree with Al. I run two mailservers on two colocated servers, both the epitome of small mail servers and one in the middle of heavily abused Cloud computing space. However, as best I know I've never been blocked anywhere.

    Of course, I'm careful about security, configure rDNS properly, and any bulk email that I send (some) is to a legitimate, confirmed opt-in mailing list. (In almost all cases, a participatory list, not a one-way announcements list.)

    If you *pay attention* to the details of behaving like a good citizen on the Internet, you'll rarely run into trouble and, when you do, find that it's easily fixed.


Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.