0

I have a small piece of static IP4 space (5 IPs, /29) and general Linux sysadmin capabilities. I have run SMTP servers before, but I don't know what the current state-of-the-art for email and spam-filtering is.

I can set up the necessary authentication features to prevent spammers from abusing my server, but I'm concerned that mail from my site will be spamholed, RBL'd or refused for some authentication thing that I either don't know about or can't reasonably implement. (I guess one example would be if a neighboring /29 block was spamming, and the RBLs just kicked everything in the /24 out. That would be miserable.)

I would prefer to run my own server, because my experience with non-Google service providers is mixed (I'm not a big enough customer to get or afford RIGHT NOW tech support when they have problems) and I don't want Google reading my mail any more than they do already.

Is SMTP something that a "small company"-level entity can reasonably run themselves in 2020/2021? Or is the attack surface too large (so it requires a lot of administration)? Or do other mail exchangers downgrade/refuse mail from non-backbone sources in order to cut down on their spam?

Improve this question

2 Answers 2

Reset to default
1

If you are technically competent and if your IP block is not mapped to a DSL/home user range, yes its practical. You will want SPF records and reverse DNS at a minimum. You will also not want very large bursty volumes. Save for spam filtering incoming mail its fairly low effort to maintain - although doing decent spam filtering can be time consuming.

Another thought - your incoming and outgoing SMTP servers can be different, and I think most mailnservers arnt to concerned about reputation of who they send mail to (while being very concerned a out who they receive mail from)

If your ISP offers it, you can often set your outbound mail server to relay all outbound mail through them, which further reduces your delivery reputation concerns.

Improve this answer
4
  • Thanks! Is postfix the current server of choice? I used to use qmail, but I don't believe it's been updated much (IPv6, particularly). (I know there are patches, but they seem like more effort and smaller userbase, which leaves less time for my actual day job.)
    – Dave M.
    Commented Sep 26, 2020 at 14:39
  • I use Postfix+Dovecot (+spamassassin and other plugins).
    – davidgo
    Commented Sep 26, 2020 at 18:44
  • @davidgo What is the issue with the IP being mapped to home user range?
    – Almad
    Commented Nov 18, 2020 at 14:39
  • @ahmed In short - spam - Some isp's prevent home users from sending mail directly because home users are more likely to get hacked and turned into bots. Forcing them through an ISP mail server can mitigate this. Similarly a lot if these ranges are mapped out and added to RBLs, so even if ISPs allow them, other mail servers might reject email from those ranges. There is also the question of reversecdns not being correctly set up in some cases.
    – davidgo
    Commented Nov 18, 2020 at 18:30
1

Good answer from @davidgo and a shortcut might be to first look up your IPs - do a 'spam blocklist check' - google mentions first:

  1. https://mxtoolbox.com/blacklists.aspx
  2. https://www.dnsbl.info

If they're a mess to start, you'll see and maybe give up.

Beyond SPF, I you'll also need to know about rDNS, DMARC and DKIM if you're not relaying through your ISP's mail server for outgoing.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .