Virtual server host with reasonable mail policies?
Benjamin Scott
gnhlug at dragonhawk.org
Fri Dec 30 16:37:46 EST 2022
At 2022 Dec 30 Fri 03:06 PM -0500, Ken D'Ambrosio <ken at jots.org> wrote:
>> - Send email directly (initiate outbound connections to TCP port 25)
>
> NOT IPv6 -- which is annoying AF.
FWIW, my DO VM can initiate TCP to 25 outbound on both IPv4 and IPv6. It is likely grandfathered, however. They have a somewhat vaguely-defined blocking policy:
https://docs.digitalocean.com/support/why-is-smtp-blocked/
> if you have both enabled, and are using (at least) Postfix, IPv6 apparently
> gets the ball, first, and will block _all_ outbound e-mail until disabled.
FYI, this was fixed in Postfix at some point. I don't recall when.
>> - Hand-holding software like "CPanel" is actively unwanted
>
> Not there (I don't think) unless you want it.
FWIW: AFAIK, the traditional DO VM just has whatever the distribution provides, so unless you "{dnf,apt} install cpanel", you won't get it. More recently they've apparently bought/merged/partnered with an entity called "Cloudways", which I gather from the banner ad is more like a managed do-it-for-you host, which likely has such things.
>> - Make sure IP traffic keeps flowing
>
>?? Not sure what you're looking for, here.
The network shouldn't go down a lot.
>> - Respond to abuse reports to keep reputation at least somewhat OK
>
> I generally go and do my own reputation maintenance by talking to RBLs
> directly. Are there providers that do that for you??
That's not what I mean.
There seems to be an increasing trend of DO having their ASNs/netblocks ending up on blacklists. Allegedly (according to the blacklists) this is because DO doesn't police their customers closely enough and/or respond to abuse reports in a good fashion.
They also have an official position of very strongly discouraging running email within their systems:
https://www.digitalocean.com/community/tutorials/why-you-may-not-want-to-run-your-own-mail-server
There are also unofficial sources that corroborate my interpretation, e.g. from someone's support ticket:
>>> DigitalOcean is not a dedicated email host and does not have a postmaster to maintain our IP reputation. As a result, some DigitalOcean IP ranges are blacklisted. We do not recommend sending mail from our platform directly and we will not request delisting.
https://www.digitalocean.com/community/questions/how-to-removed-my-ip-as-blacklisted-in-uceprotectl3-spam?comment=145886
Now, reputation/blacklist systems are unreliable at best, and something of a racket at worst, but given that DO's official policy is "you shouldn't do this in the first place, and we'll block you if you try", I don't see any point in trying to defend them on this aspect. They clearly don't want it.
If one isn't trying to run a mail system, it's a non-issue, and DO would be fine. But since I *am* trying to run a mail system, the fact that they have been very good otherwise doesn't really matter.
-- Ben
More information about the gnhlug-discuss
mailing list