Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Monday September 02 2019, @09:45AM   Printer-friendly
from the needs-more-XML dept.

OpenBSD developer, Gilles Chehade, debunks multiple myths regarding deployment of e-mail services. While it is some work to deploy and operate a mail service, it is not as hard as the large corporations would like people to believe. Gilles derives his knowledge from having built and worked with both proprietary and free and open source mail systems. He covers why it is feasible to consider running one.

I work on an opensource SMTP server. I build both opensource and proprietary solutions related to mail. I will likely open a commercial mail service next year.

In this article, I will voluntarily use the term mail because it is vague enough to encompass protocols and software. This is not a very technical article and I don't want to dive into protocols, I want people who have never worked with mail to understand all of it.

I will also not explain how I achieve the tasks I describe as easy. I want this article to be about the "mail is hard" myth, disregarding what technical solution you use to implement it. I want people who read this to go read about Postfix, Notqmail, Exim and OpenSMTPD, and not go directly to OpenSMTPD because I provided examples.

I will write a follow-up article, this time focusing on how I do things with OpenSMTPD. If people write similar articles for other solutions, please forward them to me and I'll link some of them. it will be updated as time passes by to reflect changes in the ecosystem, come back and check again over time.

Finally, the name Big Mailer Corps represents the major e-mail providers. I'm not targeting a specific one, you can basically replace Big Mailer Corps anywhere in this text with the name of any provider that holds several hundred of millions of recipient addresses. Keep in mind that some Big Mailer Corps allow hosting under your own domain name, so when I mention the e-mail address space, if you own a domain but it is hosted by a Big Mailer Corp, your domain and all e-mail addresses below your domain are part of their address space.

Earlier on SN:
Protocols, Not Platforms: A Technological Approach to Free Speech (2019)
Re-decentralizing the World-Wide Web (2019)
Usenet, Authentication, and Engineering - We Can Learn from the Past (2018)
A Decentralized Web Would Give Power Back to the People Online (2016)
Decentralized Sharing (2014)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by RS3 on Monday September 02 2019, @04:10PM (4 children)

    by RS3 (6367) on Monday September 02 2019, @04:10PM (#888866)

    I've used Verizon personally as an ISP for 20 years, and professionally for 12.

    Looking back, I was so wrong when I thought they sucked 15 years ago. I had _no_ idea how much suckier they would aspire to. I've never hated AOL- it has served its market well, but not for me. When Verizon bought them and Yahoo!, then moved verizon.net email addresses to AOL, which are actually run on Yahoo! servers, things became annoying. Basically something they did disabled my pop3/smtp client, but they _refused_ to admit they did something to change things.

    Professionally, I was adminning some email servers. One I inherited was based in qmail, which needed to die anyway. It did also host Squirrel Mail (webmail) which I recall being pretty awesome (as much as webmail can be).

    I built ones using sendmail and postfix (don't read into that- different machines- some send only, and all are on postfix, but it's now a moot point...).

    Verizon "customer support" is horrific. What they first did is block all port 25 smtp traffic, instead opening port 587, which required authentication to then relay packets. No problem with sendmail / postfix, but qmail had port 25 hard-coded everywhere. I actually tried to find and replace every instance of port 25, but I could never get it to compile- not even from clean raw unchanged source. That was while I was under great pressure from customers who based their businesses on a now broken email. Within 1 day my boss moved everyone to a godaddy account. He's really smart that way; although I think godaddy is crap, at least he kept his customers.

    So then Verizon added some more layers of encryption and authentication, and sendmail / postfix handled it.

    Until, they now scan the "from" field in email headers, and flat-out refuse to relay any email packet that does not have a known valid verizon.net email address.

    Let's say you have a webserver hosting small local business's sites, and on those sites are some webforms which call up a script to send an email for, oh, maybe an order for a food catering business, or whatever. You want the email to look like it came from the prospective customer, so when the business owner / representative gets the inquiry email, they just hit "reply" and the "to" field is filled in correctly. Nope, Verizon won't allow that scenario. Comcast will, and maybe someday the boss will let me move to Comcast.

    Postfix is pretty cool.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by hwertz on Monday September 02 2019, @05:53PM (3 children)

    by hwertz (8141) on Monday September 02 2019, @05:53PM (#888899)

    "You want the email to look like it came from the prospective customer, so when the business owner / representative gets the inquiry email, they just hit "reply" and the "to" field is filled in correctly. Nope, Verizon won't allow that scenario. Comcast will, and maybe someday the boss will let me move to Comcast."

    It's an oversite on Comcast's part to NOT block this. Think about it this way... "A greasy spammer wants the e-mail to appear to come from some random schlub, so when the spam receiver who doesn't look at e-mail headers complains they complain about the wrong address. Yep, shockingly Comcast allows this."

    The setup you had is convenient, but there's very good reasons for it to not be allowed, not just to inconvenience you.

    • (Score: 3, Interesting) by RS3 on Monday September 02 2019, @06:43PM (2 children)

      by RS3 (6367) on Monday September 02 2019, @06:43PM (#888915)

      Yup, I'm very smart, I know this. But how do you fix it? I tried using the "reply to" field but most email clients don't honor it. Everyone has to have a verizon.net account?

      Or we just break email and maybe the whole internet just because there are bad actors out there? Nevermind that the technology exists to trace their IP- they have to be connected through an ISP somewhere in the world. So punish everyone for the wrongdoings of a few? I call that laziness on the part of the "authorities" and advocate replacing them.

      In my case, the "greasy spammer" has to manually fill in the form, and there might have been re-captchas on them too, so there was very little spam.

      Oh, and Verizon have implemented very effective spam filtering long ago. It's computers (servers) running scripts and spam scanners. So I don't understand what all the whining is about.

      • (Score: 1, Informative) by Anonymous Coward on Tuesday September 03 2019, @02:32PM (1 child)

        by Anonymous Coward on Tuesday September 03 2019, @02:32PM (#889191)

        You need to use Mailgun or some other special service. You will also need to configure whatever authority dujour is popular and required in DNS to sanction it or all your mail will end up blackholed. I think DKIM or DMARC is the new hawtness for that.
        https://en.m.wikipedia.org/wiki/DomainKeys_Identified_Mail [wikipedia.org]
        The requirements seem to change every few months.

        • (Score: 2) by RS3 on Wednesday September 04 2019, @01:11AM

          by RS3 (6367) on Wednesday September 04 2019, @01:11AM (#889337)

          Yes, and thanks for the info. In fact I looked into many SMTP relay providers, including Mailgun, but the company owner would not pay for them. It's a low-budget tight business, and probably his smallest / least significant. Years ago he hosted some very very major websites, but businesses change like the wind, he lost the accounts, and moved his time and attention to other things (that are very successful). Of course I'd love to grow the hosting business, but I'm not a marketing / sales-type. And it's impossible to compete with the godaddys of the world.