PMG with a residential FTTH connection

[turnicus]

Hello,

I am testing PMG with a residential FTTH connection (port 25 works in and out). I am measuring my spam score with mail-tester.com but there are 2 problems I can't solve:

problem1 (not so important): My IP is considered as dynamic (even if it never changed since I got this connection ~3 years ago):

SpamAssassin thinks you can improve

-0.001        KHOP_DYNAMIC        KHOP_DYNAMIC
-0.001        RCVD_IN_SORBS_DUL        SORBS: sent directly from dynamic IP address
-0.363        RDNS_DYNAMIC        Delivered to internal network by host with dynamic-looking rDNS

problem2 (much more important): I can't set up the PTR record

Your reverse DNS does not match with your sending domain.
Reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address.
Some companies such as AOL will reject any message sent from a server without rDNS, so you must ensure that you have one.
You cannot associate more than one domain name with a single IP address.

Your IP address <myIP> is associated with the domain 44.79.206.77.rev.sfr.net.
Nevertheless your message appears to be sent from <pmg_hostname>.

You may want to change your pointer (PTR type) DNS record and the host name of your server to the same value.

I can't edit the DNS for the domain 44.79.206.77.rev.sfr.net because it's owned by my ISP, so I changed the smtp_helo_name to "44.79.206.77.rev.sfr.net" in PMG but SpamAssassin kills my score if I do that:

-2.893        HELO_DYNAMIC_SPLIT_IP        Relay HELO'd using suspicious hostname (Split IP)
-0.001        KHOP_DYNAMIC        KHOP_DYNAMIC
-0.001        RCVD_IN_SORBS_DUL        SORBS: sent directly from dynamic IP address
-0.363        RDNS_DYNAMIC        Delivered to internal network by host with dynamic-looking rDNS
-0.001        TVD_RCVD_IP        Message was received from an IP address

I am now thinking about installing PMG on a VPS (in a public cloud) to avoid these problems... Do you have any better solution?

Thanks for any help!

 

[dcsapak]

I am now thinking about installing PMG on a VPS (in a public cloud) to avoid these problems... Do you have any better solution?

not really... the reason most residential ptrs/ip ranges are blacklisted or flagged is that it seems to be a good metric for spam
and if you cannot set the ptr entry, then there is nothing really what you can do besides using a different ip

caution: even some ip ranges from public cloud hosters are not good for sending mails, since spammers use them often to send spam...

 

[turnicus]

Hello Dominik and thank you very much for your answer!

So I went for a public cloud instance on OVH. I used this great tutorial https://harrytang.xyz/blog/ovh-public-cloud-custom-iso to install from ISO (instead of on top of debian).

The associated IP I received from OVH is not listed on spamhaus but I see that emails are sent to spam on Google and Yahoo though I have a 10/10 score at https://www.mail-tester.com. I guess the previous owner of this IP was a spammer or it is part of a "bad range". Anyway I hope it will build its good reputation over time. I am using a domain I recently created for PMG (which will host various domains when everything runs smoothly) so it might be related too. I added the gmail entry in the DNS record as suggested on https://www.gmail.com/postmaster. Let's wait and see...

Regarding the setup, I used the OVH public cloud firewall to deny all incoming traffic to PMG except:

- port 25 from any IP
- port 26 from my LAN public IP's
- port 22 from my LAN public IP's
- port 8006 from my LAN public IP's

I enabled TLS on PMG and I sniffed the traffic to double check it was indeed encrypted.

I guess I am good to go but don't hesitate to comment if you think I forgot something.

Thanks again for this amazing product!

 

[turnicus]

caution: even some ip ranges from public cloud hosters are not good for sending mails, since spammers use them often to send spam...

Hello dcsapak.

I am replying about this comment you wrote 18x months ago... Unfortunately, you were right!
We are a small company and our mail activity is very normal:
- we send/receive emails to/from clients/suppliers
- we never spam
- we never send newsletters
All in all, I think we send and receive about ~100x emails per day...

Nevertheless, the IP range of the VPS I have installed PMG on gets frequently blacklisted by spam lists. Note I am talking about the complete range and not our single PMG IP. So as an example, if our PMG IP is 123.123.123.123:
- 123.123.123.123 is not blacklisted specifically
- 123.123.123.0/24 is blacklisted, so 123.123.123.123 gets included unfortunately

I understand it happens because other customers of our host (ovh.com) are stupid spammers, so the spam lists don't bother and include the complete range! At first, I found it unfair as I have no control over other OVH customers... But then I understood the spam lists use this method to force people like me to move out of "bad hosts" who don't fight spam enough.

So I have a simple question: can you guys advise me a good host where:
- I could install PMG (on a VPS)
- with a IP dedicated to me (and not shared with anyone else of course)
- which fights spam successfully so I am sure my IP will never be part of a "bad range"
- possibly in the Euro zone

Thanks for any help!

 

[Robstarusa]

Hello dcsapak.

I am replying about this comment you wrote 18x months ago... Unfortunately, you were right!
We are a small company and our mail activity is very normal:
- we send/receive emails to/from clients/suppliers
- we never spam
- we never send newsletters
All in all, I think we send and receive about ~100x emails per day...

Nevertheless, the IP range of the VPS I have installed PMG on gets frequently blacklisted by spam lists. Note I am talking about the complete range and not our single PMG IP. So as an example, if our PMG IP is 123.123.123.123:
- 123.123.123.123 is not blacklisted specifically
- 123.123.123.0/24 is blacklisted, so 123.123.123.123 gets included unfortunately

I understand it happens because other customers of our host (ovh.com) are stupid spammers, so the spam lists don't bother and include the complete range! At first, I found it unfair as I have no control over other OVH customers... But then I understood the spam lists use this method to force people like me to move out of "bad hosts" who don't fight spam enough.

So I have a simple question: can you guys advise me a good host where:
- I could install PMG (on a VPS)
- with a IP dedicated to me (and not shared with anyone else of course)
- which fights spam successfully so I am sure my IP will never be part of a "bad range"
- possibly in the Euro zone

Thanks for any help!

Many companies that "host their own mail" OWN their own ips. You can always apply for your own with your local registry. There will be a wait however (sometimes in years). Another option will be a lot of work -- get an "Static IP Block" from ISP and make sure its' delegated to you. Make sure ISP will either delegate reverse dns, doesn't block smtp, etc etc. A whois on it should show it as dedicated to you at regional registry. Then you have your work cut out for you to get removed from any spam blacklists you are on.

Getting a VPS on a single IP where you are sharing a block with many other people won't work as usually "ip blocks" are blacklisted, not single ips since "ip walk spam" is (or used to be) very common.

I run my own email but have had my own (same) block for 10+ years so I kind of lucked out.

 

[turnicus]

Hello and thank you for your reply. It's crazy how spam made it complicated to run its own mail server nowadays...

I first installed PMG on a VPS as a workaround (to get a static IP), but then I realized it had 2x bonus features:
- the VPS is always online (while our mail server is occasionally down for reboots for example)
- the IP associated with the VPS is like a "portable" IP because PMG can reach our mail server via our FTTH-1, or FTTH-2, or LTE IP's (we are using 2x FTTH and 1x LTE connections in multiwan failover mode). It means I can change ISP and not lose my IP reputation

But if I understand you correctly, you think there is no host out there who is fighting spam strongly enough to maintain a clean IP block?

 

[Robstarusa]

Hello and thank you for your reply. It's crazy how spam made it complicated to run its own mail server nowadays...

I first installed PMG on a VPS as a workaround (to get a static IP), but then I realized it had 2x bonus features:
- the VPS is always online (while our mail server is occasionally down for reboots for example)
- the IP associated with the VPS is like a "portable" IP because PMG can reach our mail server via our FTTH-1, or FTTH-2, or LTE IP's (we are using 2x FTTH and 1x LTE connections in multiwan failover mode). It means I can change ISP and not lose my IP reputation

But if I understand you correctly, you think there is no host out there who is fighting spam strongly enough to maintain a clean IP block?

From VPS Providers? I doubt it...that doesn't mean there isn't one....

Very few people host their own email anymore, so I don't think it's a priority for VPS providers to really care about that. I'm happy to be proven wrong as it would be useful for me as well.