On Sun, Dec 29, 2024 at 17:25:40 +0000, mick.crane wrote:

hello
I'm not really understanding the internet.
Can I do my own SMTP server and send mail off to the right place without having the device open to random internet connections?

Are you envisioning mail as "outgoing only", with nobody ever able to
respond to you?

If so, then the answer is: maybe. If your ISP doesn't block outgoing
TCP port 25 connections, then you should be able to make SMTP connections
to other sites, to send them your email. (If your ISP blocks this port,
then the answer is: no.)

However, sites that receive your connections may choose whether they're
willing to accept your mail. Your mail may be considered "spam", either
by virtue of its content, or by virtue of your connection metadata (how
your IP address resolves to a DNS hostname, whether your IP address is
part of a dynamically allocated residential block, and so on).

Some sites, I've been told, may even attempt to make an SMTP connection
to the registered MX host for your sender's domain, and if they can't
make such a connection, they may consider your mail to be spam.

Also, what good is a one-way email connection to the world? How are
you going to carry on a conversation with someone if you're the only
one able to send messages?

That kind of sounds like the very essence of spam, doesn't it?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Dec 29, 2024 at 18:38:10 +0100, Jerome BENOIT wrote:

Second, your SMTP may allow to specify the port you desire to use. This the case with exim4.

You can listen on any port you like, but if people want to send email to
you, they will try to connect to you on TCP port 25.

There is no provision in SMTP for a variable port number.

The only way a variable port number would be useful is if you're part of
an isolated group of senders who have all elected to use an alternative
port when talking to each other. The rest of the world will not be able
to send to you.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On 29/12/2024 18:25, mick.crane wrote:

hello
I'm not really understanding the internet.
Can I do my own SMTP server and send mail off to the right place without having the device open to random internet connections?

You can first place your SMTP server behind a firewall to block the undesirable ports.
Second, your SMTP may allow to specify the port you desire to use. This the case with exim4.
With exim4 you can use certificate as well.

Cheers,
Jerome

mick

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 29 Dec 2024, mick.crane wrote:

hello
I'm not really understanding the internet.
Can I do my own SMTP server and send mail off to the right place without having the device open to random internet connections?

mick

Yes, but in practice many places won't accept mail from most home IPs
even if you can get the reverse DNS set up correctly - which most ISPs
don't support.

So except for eg AAISP in the UK and any similar ISPs elsewhere, doing
it from home is "impossible".

This is a real shame, as direct to MX smtp delivery can be as secure as
the recipient wants to make it and, more importantly, you actually know
if an email has been delivered.

One upon a time, many years ago, btinternet were particularly bad about
this, they pretty much never sent a bounce back when an email was
rejected, their forwarders just dropped the email.

An outbound mailserver does not have to receive email at all, it doesn't
have to accept inbound connections from anywhere and outbound only needs
port 25 (plus things like working DNS)

Tim.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 29 Dec 2024 17:25:40 +0000
"mick.crane" <mick.crane@gmail.com> wrote:

hello
I'm not really understanding the internet.
Can I do my own SMTP server and send mail off to the right place
without having the device open to random internet connections?

Yes, though it's becoming harder. You need a fixed IP address to make
it reliable, as though a dynamic IP generally does not change often, you
need to update Internet-held DNS records when it does change. There is
software that will do that.

Realistically, you need an ISP which is friendly towards SMTP servers,
and actively avoids getting on email blacklists. In the UK, Plusnet,
Zen and (for the rich) Andrews and Arnold are the largest alternatives.
I would doubt that the mass-market ISPs like Virgin will offer fixed IP addresses, and they won't care about getting on blacklists.

The SMTP port (either TCP/25 or TCP/587 for secure encrypted access)
does need to be open to the world, but it should only connect to your
SMTP server which is generally fairly secure against getting hacked.
Exim4 is the default Debian SMTP server, though Postfix is considered
slightly more secure.

Generally it's easier to pick a domain host which offers an SMTP server
to look after your domain name, and to send all mail through their
server. Receiving mail directly still is more reliable with a fixed IP
address, as it requires your domain host to hold the MX record pointing
to your public IP address.

There's plenty of stuff on the Net about this, here's an example: https://serverfault.com/questions/698842/is-setting-up-my-own-smtp-server-to-send-email-a-waste-of-time-with-regards-to-d

I've run my own mail server for about twenty years, without much
trouble. I used to send successfully to my accountant, who was on AOL, a notoriously picky destination. I'm not aware of anyone who currently
refuses mail from me.

--
Joe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Sun, Dec 29, 2024 at 06:02:33PM +0000, mick.crane wrote:

On 2024-12-29 17:38, Jerome BENOIT wrote:

You can first place your SMTP server behind a firewall to block the undesirable ports.
Second, your SMTP may allow to specify the port you desire to use. This
the case with exim4.
With exim4 you can use certificate as well.

I'm uncertain who validates the certificate.

As others have mentioned, there are a great many hurdles in place to
getting email you send out from your own system to be accepted by the
large mailbox providers.

They start with "are you able to set matching forward and reverse DNS
for your IP address that do not look too 'generic'"?

But there are many more after this, including having to have a real
domain name of your own whose DNS records you can change in order to add
SPF and/or DKIM.

So I really wouldn't bother looking into this unless you can do the
first one (matching DNS for a static IP) and are prepared for what
follows.

Most people send email out of their access provider's outbound email
servers. Most of the rest who want to send their own email send it
through an email service provider that takes care of all that. Only a
tiny tiny percentage of people send email out through mail servers that
they run themselves.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, 29 Dec 2024 17:51:34 +0000 (GMT)
Tim Woodall <debianuser@woodall.me.uk> wrote:

On Sun, 29 Dec 2024, mick.crane wrote:

hello
I'm not really understanding the internet.
Can I do my own SMTP server and send mail off to the right place
without having the device open to random internet connections?

mick

Yes, but in practice many places won't accept mail from most home IPs
even if you can get the reverse DNS set up correctly - which most ISPs
don't support.

So except for eg AAISP in the UK and any similar ISPs elsewhere, doing
it from home is "impossible".

Plusnet seems OK, despite being part of BT, I've not been caught on a
blacklist in about four years with them. I believe Zen is OK, also. A&A
has an excellent reputation, but rather high prices.

This is a real shame, as direct to MX smtp delivery can be as secure
as the recipient wants to make it and, more importantly, you actually
know if an email has been delivered.

One upon a time, many years ago, btinternet were particularly bad
about this, they pretty much never sent a bounce back when an email
was rejected, their forwarders just dropped the email.

I've advised three clients not to use BT, and they all ignored me, and
they all had email trouble because of it. One was a household-name multinational (small UK subsidiary) who got a BT 'business' account,
and was then told that BT didn't offer any email provision and that the
staff should all get free Yahoo accounts. I'm not joking. BT still
doesn't do email, it was outsourced to Yahoo when it finally started 'providing' email, and then shifted to the Microsoft blob. MS now only
allows webmail access or, for an extra price, Outlook to Exchange
connection.

An outbound mailserver does not have to receive email at all, it
doesn't have to accept inbound connections from anywhere and outbound
only needs port 25 (plus things like working DNS)

It still needs SPF or DKIM in the DNS records. My server requires that
a sender has complementary A and PTR records and that the HELO/EHLO and
the MX record contain hostnames which are resolvable in public DNS, and
that the sending email address is a valid one. (A very well-known UK
restaurant chain sends out order acknowledgements 'from' an invalid
address, and it is therefore impossible to tell them they're doing it
wrong). So a sender really needs a fixed IP address to be reliable,
even if he's not receiving to it.

--
Joe

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sent: Sunday, December 29, 2024 at 12:25 PM
From: "mick.crane" <mick.crane@gmail.com>
To: debian-user@lists.debian.org
Subject: SMTP servers

hello
I'm not really understanding the internet.
Can I do my own SMTP server and send mail off to the right place without having the device open to random internet connections?

mick

google smarthost

I use dovecot and opensmtpd

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

On Sun, Dec 29, 2024 at 06:12:47PM +0000, mick.crane wrote:

I have various email accounts, the web hosting, a paid for one, the gmail, the ISP one.

Probably at least one of those comes with an SMTP server for sending
mail out, so probably just use that and always set your from address to
be appropriate for the provider you are sending out from (to satisfy
their SPF records)?

Longer term it is a good idea to register your own domain name and get
email services somewhere that lets you user your own domain, so you are
not tied to any of these providers and their fates. I like Fastmail.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

LWN recently reviewed a new self-published book, "run your own
mailserver": <https://lwn.net/Articles/998153/>

The review (worth reading) opens with "The most common piece of advice
given to users who ask about running their own mail server is don't."

I'd pretty much concur with that advice, despite running my own email
servers since the 20th century. I persist partially out of inertia. I
did recently outsource SMTP outbound delivery (only) to Mythic Beasts,
a small UK ISP with a good reputation, and that has proved to be a
success. I may follow up by moving more of the infrastructure over to
them, in time.

With that out of the way, the book looks pretty good.


--
Please do not CC me for listmail.

👱🏻 Jonathan Dowland
✎ jmtd@debian.org
🔗 https://jmtd.net

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thu, Jan 02, 2025 at 06:28:47PM +0800, jeremy ardley wrote:

I have been running my own inbound and outbound mail servers for over
30 years using ISP connections. The only time I ran into trouble was
with gmail recently and only because of mismatched SPF records for a
domain I host.

You're lucky, and your ISP is IMO atypical. Most ISP dialup
(consumer/dynamic) IP ranges are identified and blocked by various
anti-spam filters. Many ISPs also block outbound SMTP. My ISP does both,
and provides (provided? I haven't tried it a decade) an outbound SMTP
server which rewrote the Date: header (because why not), making it
impossible to use DKIM at all. Static IPs can usually be "unlocked", but
it's another hoop to jump through and static IPs often have a
significant cost premium over dynamic IPs. Even if your ISP lets you use
your IP for outbound SMTP, if it was previously used by a spammer you
can forget it. For anyone just starting out I absolutely agree that
running a mail server isn't worth the effort. For those of us who have
been running one for decades, it at least provides a nice excuse to periodically complain about what the internet has become.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

I also belong to the group of long time mailserver owners. I started it
way back at Debian 8, and upgraded along the way. The biggest time
requirement was at the beginning, setting up every thing properly. Since
then, I have had almost no problems at all, that couldn't be solved
reasonably quickly.

All that said, I also would concur with the voices that say, it might
not be worth it. The initial hassle of getting everything working properly--like contacting others to unblock my ip, setting up fail2ban (absolutely necessity!), amongst other things. Originally, it was mostly
to "see if I could do it." Then, over time, I started giving out
accounts to family members and friends. Also, it was nice to have
unlimited space, accounts, as I ever wanted. But, now, I am responsible
for all these people's emails, which is more weight than I would want,
because for me, email isn't so day-to-day requirement. But, others live
by email =) Like, I could shut down my server today, and it really
wouldn't affect me too much at all, however all the rest would be
devastated. hehe So, I am "baked in" now. I have to keep it going.

I just keep it running...

On 02/01/2025 23:31, Michael Stone wrote:

On Thu, Jan 02, 2025 at 06:28:47PM +0800, jeremy ardley wrote:

I have been running my own inbound and outbound mail servers for over
30 years using ISP connections. The only time I ran into trouble was
with gmail recently and only because of mismatched SPF records for a
domain I host.

You're lucky, and your ISP is IMO atypical. Most ISP dialup (consumer/dynamic) IP ranges are identified and blocked by various
anti-spam filters. Many ISPs also block outbound SMTP. My ISP does
both, and provides (provided? I haven't tried it a decade) an outbound
SMTP server which rewrote the Date: header (because why not), making
it impossible to use DKIM at all. Static IPs can usually be
"unlocked", but it's another hoop to jump through and static IPs often
have a significant cost premium over dynamic IPs. Even if your ISP
lets you use your IP for outbound SMTP, if it was previously used by a spammer you can forget it. For anyone just starting out I absolutely
agree that running a mail server isn't worth the effort. For those of
us who have been running one for decades, it at least provides a nice
excuse to periodically complain about what the internet has become.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)