Hashemian Blog
Web, Finance, Technology, Running

Does It Make Sense To Self-Host Mail Server?

by @ 9:51 pm
Filed under: email,internet — Tags: ,

I have operated hashemian.com for over 2 decades now, earlier on hosted servers and eventually on my own server. During that time the domain has also been email capable, accepting and delivering emails sent to/from addresses such as [email protected] This was also originally hosted but was eventually ported to my own server. The product of choice for hosting my own mail server (MTA) has been Sendmail. At one time Sendmail was the king of the hill. It's still in use today, albeit vastly eclipsed by other products such as Exim and Postfix, as can clearly be seen here.

Years ago I would use email clients such as Squirrelmail to read emails but eventually for the sake of convenience I configured Sendmail to forward all @hashemian.com emails to my Gmail account. With Gmail I also gained great spam detection but there are also potential adverse effects in forwarding emails. One drawback is Gmail could and in fact does block access from my server, especially if a few too many emails are forwarded. Gmail does not recognize that the forwarded emails are from various original senders and instead assume all the emails originate from my server and takes punitive measures against what it perceives to be an abusive server. This periodic blacklisting has been happening for years now and I’m sure it doesn’t bode well for my server’s reputation.

421 4.7.28 [XXX.XXX.XXX.XXX] Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been temporarily rate limited. Please visit https://support.google.com/mail/?p=UnsolicitedRateLimitError to review our Bulk Email Senders Guidelines. - gsmtp

There are steps I can take to correct or at least mitigate this issue. One would be to identify and block spammers from my server and I do that from time to time when I find egregious activities. It helps, but it’s a manual chore and hardly efficient. Another would be utilizing products such as Fail2ban and SpamAssassin to combat spammers at network and application levels. But that would mean more work for me in terms of configuring, tweaking, updating and patching, and I’m too lazy for that. Also instead of pushing emails to it, I can have Gmail pull emails utilizing IMAP or POP. But that means maintaining another product such as Dovecot and opening ports on my server inviting additional exploit activity. No thanks, not at this time, even if those ports can be restricted to Gmail’s IP addresses only.

Recently I undertook the effort to build from source and update Sendmail to its latest available version 8.15.2 on my ancient but functional Fedora 14 server. As can be imagined it wasn’t a simple task, especially since I wanted to bring as many features of ESMTP aboard as possible, including support for STARTTLS on TLS 1.2. In some cases that meant hunting around for newer library source codes to build into Sendmail. The effort was an eventual success, specially after I installed and started the service and mail began to flow. Then to build on that momentum, I also added DKIM authentication to Sendmail by building and installing dkim-milter.

I must admit that even though the effort was successful it wasn’t really cause for celebration. The latest version of Sendmail, while stable and rock solid, is nevertheless 5 years old now, not as ancient as the kernel it’s running on but still pretty aged as software goes these days. Still doubtful I would have felt any better had I switched the MTA to the more modern Exim or Postfix.

Fact is times have changed and with cloud services maturing and prices falling, there’s little reason to maintain a server. Sure, there’s the educational aspect to it and some pride and autonomy, but it can be exhausting to keep up with all the updates and patches when you can spin up a fully loaded droplet on Digital Ocean for $5 or get cheap domain email service on G Suite or Office 365 (soon called Microsoft 365).

And with that in mind, I am slowly warming up to moving my domain’s email setup to my G Suite account. It’s an account I registered for years ago and thankfully Google has kept it free so far. It’ll be a bittersweet moment when I shut down Sendmail for the last time (although I may continue to use it for a bit longer for outbound messages) handing over the reigns to G Suite. I suppose one concern would be if on that same day Google will flip the existing free G Suite accounts to paid versions.

To be continued…

1&1 Missing SPF Record

by @ 11:08 pm
Filed under: email — Tags: , , , , ,

One of my Web applications is hosted on 1&1 and it generally performs fine except for one problem. I have the application set up to send me emails based on certain events and I have noticed that some of those emails land in my spam folder. Here's why.

The problem with applications on 1&1 shared hosting (and maybe other hosting companies) is that outbound emails undergo Sender Rewriting Scheme (SRS) which changes the return path in the mail envelope to a domain owned by 1&1. For example the return path is changed from [email protected] to [email protected] and the email is launched from one of the 1&1 email servers, for example a server at ip address 74.208.4.194.

Since I don't own the domain srs.perfora.net, I can't add that ip address to the list of authorized senders. A quick SPF record check for srs.perfora.net shows the following:

"v=spf1 ip4:217.160.230.0/25 ?all"

This is telling other servers that any @srs.perfora.net email originating from 217.160.230.0/25 is legitimate, and all others may or may not be spam. And so receiving servers could route incoming emails from unknown ip addresses to spam folders and that is what's happening in my case.

I contacted 1&1 support regarding this issue, but they replied that spf record is not
supported for 1&1 domains and referred me to this link.

So at this point I have no choice but to check my spam folders frequently looking for misidentified emails. And if you have a 1&1 hosted application that sends emails, be warned. Those emails could be landing in your users' spam folders.

And finally to 1&1, the time to fix this issue is way overdue, and it's so simple to fix.

1&1 Missing SPF Record

by @ 11:08 pm
Filed under: email — Tags: , , , , ,

One of my Web applications is hosted on 1&1 and it generally performs fine except for one problem. I have the application set up to send me emails based on certain events and I have noticed that some of those emails land in my spam folder. Here's why.

The problem with applications on 1&1 shared hosting (and maybe other hosting companies) is that outbound emails undergo Sender Rewriting Scheme (SRS) which changes the return path in the mail envelope to a domain owned by 1&1. For example the return path is changed from [email protected] to [email protected] and the email is launched from one of the 1&1 email servers, for example a server at ip address 74.208.4.194.

Since I don't own the domain srs.perfora.net, I can't add that ip address to the list of authorized senders. A quick SPF record check for srs.perfora.net shows the following:

"v=spf1 ip4:217.160.230.0/25 ?all"

This is telling other servers that any @srs.perfora.net email originating from 217.160.230.0/25 is legitimate, and all others may or may not be spam. And so receiving servers could route incoming emails from unknown ip addresses to spam folders and that is what's happening in my case.

I contacted 1&1 support regarding this issue, but they replied that spf record is not
supported for 1&1 domains and referred me to this link.

So at this point I have no choice but to check my spam folders frequently looking for misidentified emails. And if you have a 1&1 hosted application that sends emails, be warned. Those emails could be landing in your users' spam folders.

And finally to 1&1, the time to fix this issue is way overdue, and it's so simple to fix.

Powered by


Read Financial Markets  |   Home  |   Blog  |   Web Tools  |   News  |   Articles  |   FAQ  |   About  |   Privacy  |   Contact
Donate Bitcoin: 1K9TzBvQ2oaEb4tX9t2vKDtZouMcpfV6QF
paypal.me/rhashemian
© 2001-2020 Robert Hashemian   Powered by Hashemian.com