Thanks Bill, Josh and Jeffrey for answering my question. It was my
ISP. (So easy, I wish I had thought of that. I somehow managed to
figure out they were blocking 80 a month or so ago.)
I'm still a little fuzzy on legal entries for hostname and domain. I
set them to be mine, and it worked, and then for kicks, set it to
google.com, and that worked too. I looked at the headers, and can see
that the source can be traced back to my machine, but that still seems
kind of easy to spoof. Anyway, it's not something I'm overly worried
about; I'm just not clear on what I SHOULD be using for hostname and
domain.
Any words of wisdom appreciated. Otherwise, thanks again for the
already super help!
e.
On 3/11/07, Jeffrey Goldberg <[EMAIL PROTECTED]> wrote:
On Mar 11, 2007, at 8:27 PM, jekillen wrote:
> If you will allow me to break in on this exchange;
> Does this advise [don't run your own direct to MX mail server]
> apply if you have static ip service and are running web servers
> from these addresses, with the ISP's blessing? (meaning you also
> have at least two name servers running for the registered sites)
First let's separate questions. One is dealing with your own
incoming mail. The other is with sending mail out direct to MX.
These two can (and often should) be separated.
For the question of hosting your own MX there are positives and
negatives. Here is a list off of the top of my head. It is far from
complete.
Positive:
(1) You get to fully control your rejection/acceptance policy from the
beginning.
(2) You get the learn about running such a system.
(3) You dramatically reduce your lock-in with an ISP (who can
change their
email policy or practice at any time.
(4) You don't have to pay for some outside service (I use
fastmail.fm) for
hosting your incoming mail if you want something better than
the "free"
email service your ISP provides.
Negatives:
(a) You have to maintain what is really a surprisingly complex system
for such a simple protocol.
(b) You have to defend your system against attacks it otherwise
wouldn't
receive, including DoS attacks.
(c) Damage of being overwhelmed (either by deliberate attack or
spam blowback)
may be harder to contain.
(d) Your system needs to fail appropriately. For example, if you use
something like LDAP to maintain username or email address
information, you
need to make sure that if your LDAP service fails your mail
server fails
in an appropriate way (say a complete shutdown) or issuing
temporary (4xx)
rejections instead of in an inappropriately issuing 5xx for
mail that
would be accepted normally.
If (1) (or (2)) is really important to you, then go ahead. But
probably the best way to see whether (1) really matters is to ask
yourself what things you would like to do that you couldn't do unless
you ran your own MX. For example, if you have strong feelings about
whether DNSbls should be used prior to content filtering or as part
of it. Or whether you want spam and virus rejections to occur at
SMTP time or later. Whether you want SPF failures to generate
immediate rejections. Whether you want to make use of sophisticated
IMAP features that ISPs can't provide. If you don't have strong
feelings about these sorts of questions, then I doubt that (1)
applies to you.
Now there is the second question about doing direct to MX for mail
sending instead of going through your ISP or some third party service.
Positives
(i) You control queing and retry rates.
(ii) For bulk mailing (mailing lists) there is an advantage of how
out-going
STMP session are organized.
(iii) You are not as dependent on your ISP or a third party for
getting your
mail out, if they are slow or unreliable with mail
(iv) If your ISP's mail server provide crappy bounce information
and you
need better information.
(v) If your ISP adds junk to your mail or sends out mail in
unfriendly so as
to get itself on blacklists or leads to other forms of needless
rejections.
(vi) You get to learn about running such systems
Negatives:
(A) Even with a static IP address, your assigned address may look
dynamic
to other servers who may then reject mail coming directly from
you.
(B) Your ISP blocks/disallows this sort of thing (not a problem in
your case)
(C) The reverse DNS records for your IP need to correspond
reasonably well
to your domain name, otherwise lots of servers will reject
mail from you.
(D) You need to follow the RFCs and conventions strictly so that
you don't
get yourself added to blacklists
(E) It is probably a little less network efficient for you to talk
directly
to servers all over the planet when you could just talk to
your ISPs
server which will be much closer to you.
Here again, if (vi) is your primary reason for wanting to run your
own direct to MX system, then use it just for one of your minor
domains. That way, if you mess up, you won't get your major domains
blacklisted. If (i) and (ii) really matter for you, then go ahead,
but I think that you should have a real reason beyond "I can,
therefore I ought" if it is going to be your primary way
of getting mail out.
In the end it is a matter of individual taste and need. With good
DSL or FiOS lines, along with a proper backup regime and
Uninterruptible Power Supply hosting your own website makes plenty of
sense. But mail is a tricker thing to maintain than apache, so my
view remains that unless you have some specific need for the kind of
control you can get by running your own, let someone else handle your
mail transport to the rest of the world.
I hope this helps. And keep in mind that different people will offer
different advise. I certainly believe my advise is good advise
(otherwise I wouldn't have offered it), but I'm also aware that I
could well be wrong.
Cheers,
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
