I'm running my own mail server for my own domain (chmurka.net) on a
dedicated IP address in RamNode (81.4.124.88). Despite doing everything I >possibly can (I have SPF records, I have OpenDKIM running to add DKIM >headers, I have TLS enabled with a certificate from Let's Encrypt)
sometimes email sent by me ends up in spam folders.
Hi,Before moving to another VPS, I suggest move your dns to CloudFlare
I'm running my own mail server for my own domain (chmurka.net) on a
dedicated IP address in RamNode (81.4.124.88). Despite doing everything I possibly can (I have SPF records, I have OpenDKIM running to add DKIM headers, I have TLS enabled with a certificate from Let's Encrypt)
sometimes email sent by me ends up in spam folders.
I checked and I'm not in any RBLs (none I know of). Maybe the IP
reputation is bad, because it belongs to a VPS hosting company (even if
it's used exclusively by me for the last seven years and there's been no
spam or abuse coming from it since then).
Do any of you have any suggestions where to check the IP, how to de-list
it, or where to move the SMTP server? Or maybe there's some paid relay service that I could sign up to, and they will relay my mail?
I need to change only outgoing SMTP to work this way. Incoming mail works fine (because why wouldn't it...).
I'm running my own mail server for my own domain (chmurka.net) on a
dedicated IP address in RamNode (81.4.124.88). Despite doing everything I possibly can (I have SPF records, I have OpenDKIM running to add DKIM headers, I have TLS enabled with a certificate from Let's Encrypt)
sometimes email sent by me ends up in spam folders.
On 30/12/2023 19:33, Adam W. wrote:
I'm running my own mail server for my own domain (chmurka.net) on a
dedicated IP address in RamNode (81.4.124.88). Despite doing everything I
possibly can (I have SPF records, I have OpenDKIM running to add DKIM
headers, I have TLS enabled with a certificate from Let's Encrypt)
sometimes email sent by me ends up in spam folders.
I just checked your domain and YOU DON'T HAVE A CERTIFICATE (or you have
but not configured correctly). That could be the first problem. There
might be others but first configure the certificate correctly. Your
record is here:
<https://crt.sh/?q=chmurka.net>
Firefox, Edge and Chrome is flagging that the domain hasn't got a >certificate.
What would that have to do with mail? He might not even have a web
server on the domain, but that shouldn't affect mail filtering.
Before moving to another VPS, I suggest move your dns to CloudFlare
(FREE) and see if it works for you. I have all my domains on CloudFlare
and no problems so far.
Read the docs and if you have any questions post back. I think it is the
best way to manage Domains, Website and Emails.
<https://www.cloudflare.com/en-gb/developer-platform/email-routing/>
If you are still interested to USE a VPS then you can try Contabo. They
have fixed price plans and you can start with one month to see if it
works after which you can change it to 12 month plan.
<https://contabo.com/en/vps/>
What ISPs are doing this to your mail? Are they competent well-run ISPs
whose administrators you can contact, or is it just gmail?
Some ISPs use content filters and there is really nothing you can so to
avoid stuff being marked as spam other than to avoid certain patterns in
your text.
Some ISPs will put the filtering data in the headers so that if the final recipient can send you the original message with all headers included, you can figure out what filters were set off.
But I'd expect that to have very little to do with outbound email and placement of messages the OP sends.
I just checked your domain and YOU DON'T HAVE A CERTIFICATE (or you have
but not configured correctly). That could be the first problem. There
might be others but first configure the certificate correctly. Your
record is here:
<https://crt.sh/?q=chmurka.net>
Firefox, Edge and Chrome is flagging that the domain hasn't got a certificate.
Is it possible to use only their mail relay, without moving my domain to them? How much does it cost?
It would be best for me to keep the incoming SMTP as it is (and of courseYou use their DNS and other stuff except that you continue paying your
DNS and other stuff), and only use their outgoing SMTP relay.
Seems to be similarly priced to RamNode. Do you have an example IP from
them that I could check the reputation of?
Scott Dorsey <kludge@panix.com> wrote:
What ISPs are doing this to your mail? Are they competent well-run ISPs
whose administrators you can contact, or is it just gmail?
One example is poczta.fm, but there are many other ISPs. I had a similar >problem with gmail and with Microsoft-handled mail (hotmail, outlook.com). >It's not a problem with a single ISP.
Some ISPs use content filters and there is really nothing you can so to
avoid stuff being marked as spam other than to avoid certain patterns in
your text.
It doesn't seem to be content-related.
Some ISPs will put the filtering data in the headers so that if the final
recipient can send you the original message with all headers included, you >> can figure out what filters were set off.
One person told me it was the "IP reputation". I don't know if it's
related, but:
https://www.ipqualityscore.com/ip-reputation-check/lookup/81.4.124.88
https://www.ipqualityscore.com/ip-reputation-check/lookup/176.56.237.216
"IP Reputation Reputation Issues Detected
This IP address has been detected as a proxy connection, which could be >hurting your IP reputation."
Scott Dorsey <kludge@panix.com> wrote:
One person told me it was the "IP reputation". I don't know if it's
related, but:
https://www.ipqualityscore.com/ip-reputation-check/lookup/81.4.124.88
https://www.ipqualityscore.com/ip-reputation-check/lookup/176.56.237.216
"IP Reputation Reputation Issues Detected
This IP address has been detected as a proxy connection, which could be hurting your IP reputation."
"Proxy/VPN Proxy/VPN Detected
This IP address appears to be a low risk proxy connection."
I do have a certificate, but not on a web server. I'm only talking about
the SMTP server, not about the web. Here's how it works for incoming SMTP.
$ openssl s_client -connect mx.chmurka.net:25 -starttls smtp -quiet
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mx.chmurka.net
verify return:1
250 DSN
ivo@flamingo ~ $ host mx.chmurka.net
mx.chmurka.net has address 81.4.124.88
ivo@flamingo ~ $ host 81.4.124.88
88.124.4.81.in-addr.arpa domain name pointer vps.chmurka.net.
ivo@flamingo ~ $
A lot complaining if the name on the certificate don't match the reverse
of the ip('s). I suggest to change your certificate or your reverse.
Okay, now THIS is a major issue. If your rDNS doesn't match up with
your forward DNS, a lot of sites are going to drop email.
BTW, Grant, did you receive my email?
You were in Bcc, because I sent it to all my feeds.
If not, it might be the same problem (and if you have it somewhere in the spam folder, it would be helpful if I could see the spam-related
headers)...
A lot complaining if the name on the certificate don't match the reverse
of the ip('s). I suggest to change your certificate or your reverse.
This will cause major problems for web services,
but the SSL certs on the web server have nothing to do with email.
I advocate for having sending server hello with an FQDN that matches the
name that forward & reverse DNS.
ivo@flamingo ~ $ host mx.chmurka.net
mx.chmurka.net has address 81.4.124.88
ivo@flamingo ~ $ host 81.4.124.88
88.124.4.81.in-addr.arpa domain name pointer vps.chmurka.net.
ivo@flamingo ~ $
Okay, now THIS is a major issue. If your rDNS doesn't match up with your forward DNS, a lot of sites are going to drop email.
BTW, Grant, did you receive my email?
Yes, I did.
Sorry for not responding yet. I've been slow / lackadaisical to respond
to things over the holidays.
No, it delivered to my Inbox.
So, why IS it called vps.chmurka.net if it is not a vps? This may
also be causing some alarm bells to go off.
I advocate for having sending server hello with an FQDN that matches the
name that forward & reverse DNS. -- Many will say that this isn't as >important. I think it shows good intentions. And I believe that
visible good intentions are a Good Thing (TM) when trying to make your
system stand out as a good netizine.
I did it too (I'm not sure which configuration option affects EHLO, maybe
it takes it from smtpd_banner, or maybe from hostname, but I checked that
it sends vps.chmurka.net now). Thanks.
On 1/1/24 10:34, Scott Dorsey wrote:
So, why IS it called vps.chmurka.net if it is not a vps? This may
also be causing some alarm bells to go off.
I've found that what something is called is of less importance than it >consistently using that name; rDNS, fDNS, HELO/EHLO, etc.
What something is called can start to be a problem if recipients are
trying to do pattern matching to filter out things that are generic
reverse DNS, often found on residential IPs.
But why it is called that?
Yes, and people will sometimes use that technique on address blocks that it is not suited for.
But why is it called that?
If you're going to advocate for changing it, forgo the question and go
to the discussion around changing it and supporting reason therefor.
But, on the whole, having "vps" in the name is likely to get you marked
as a vps, in the same way having "mail" in the name is likely to get you marked as a new server or -gw is likely to have you marked off as a gateway by one of the many "reputation" services out there.
Are you marked that way? From your previous discussion it seems that
you may be.
I did it too (I'm not sure which configuration option affects EHLO, maybe >>it takes it from smtpd_banner, or maybe from hostname, but I checked that >>it sends vps.chmurka.net now). Thanks.
So, why IS it called vps.chmurka.net if it is not a vps?
I can't tell you if it makes any difference or not without knowing if the mail clients are thinking you are a VPS or not. But the headers of one of the messages from the spam folder should tell you a whole lot. Most mail systems will let you see all the marks against you on the Baysian filters
and how much the ISP is weighting each one. Once you see that, you know where to concentrate efforts.
But, on the whole, having "vps" in the name is likely to get you marked
as a vps, in the same way having "mail" in the name is likely to get you marked as a new server or -gw is likely to have you marked off as a gateway by one of the many "reputation" services out there.
Scott Dorsey <kludge@panix.com> wrote:
I can't tell you if it makes any difference or not without knowing if the
mail clients are thinking you are a VPS or not. But the headers of one of >> the messages from the spam folder should tell you a whole lot. Most mail
systems will let you see all the marks against you on the Baysian filters
and how much the ISP is weighting each one. Once you see that, you know
where to concentrate efforts.
I hope I'll be able to get them soon (I'll contact poczta.fm).
Curiously, another email sent to another person using poczta.fm (before I >changed the EHLO, revDNS and certificate) arrived to them without any >problem.
I don't have a reason to distrust the person who claims he didn't receive
my email, but I also don't have any particular reason to trust him. He >accused me (on a newsgroup) of not responding to him, I told him when I
did and asked him to check his spam folder, and he never answered back.
So I can't be really sure.
But, on the whole, having "vps" in the name is likely to get you marked
as a vps, in the same way having "mail" in the name is likely to get you
marked as a new server or -gw is likely to have you marked off as a gateway >> by one of the many "reputation" services out there.
But this is a VPS. Is this something that should be concealed or avoided >(from the perspective of email deliverability)?
On 1/1/24 12:13, Scott Dorsey wrote:
But, on the whole, having "vps" in the name is likely to get you marked
as a vps, in the same way having "mail" in the name is likely to get you
marked as a new server or -gw is likely to have you marked off as a gateway >> by one of the many "reputation" services out there.
That speaks to purported reputation services doing something I consider
to be very questionable.
Scott Dorsey <kludge@panix.com> wrote:
I did it too (I'm not sure which configuration option affects EHLO, maybe >>>it takes it from smtpd_banner, or maybe from hostname, but I checked that >>>it sends vps.chmurka.net now). Thanks.
So, why IS it called vps.chmurka.net if it is not a vps?
But it is on a VPS.
But this is a VPS. Is this something that should be concealed or
avoided (from the perspective of email deliverability)?
Hi,
I'm running my own mail server for my own domain (chmurka.net) on a
dedicated IP address in RamNode (81.4.124.88). Despite doing everything I possibly can (I have SPF records, I have OpenDKIM running to add DKIM headers, I have TLS enabled with a certificate from Let's Encrypt)
sometimes email sent by me ends up in spam folders.
I checked and I'm not in any RBLs (none I know of). Maybe the IP
reputation is bad, because it belongs to a VPS hosting company (even if
it's used exclusively by me for the last seven years and there's been no
spam or abuse coming from it since then).
Do any of you have any suggestions where to check the IP, how to de-list
it, or where to move the SMTP server? Or maybe there's some paid relay service that I could sign up to, and they will relay my mail?
I need to change only outgoing SMTP to work this way. Incoming mail works fine (because why wouldn't it...).
I've been impressed with Panix, primarily because they actually phoned
me to verify my account when I signed up. I also exchanged emails with
their staff before signing up, and they claim to be pretty careful about >spammers operating out of their IP space, responsive to complaints about >abuse, etc. -- personally I think the extra step of phone verification
is probably enough to make most spammers stick to DigitalOcean.
Anyway, I've been running a mail server with Panix for a few months and
have had no deliverability problems.
Indeed. I have not encountered any ISP as generally conscientious and willing to support actual computer people as Panix.
However, I did receive spam from a Panix user once, I think from an address scraped from Usenet. It was not entirely off-the-wall though:
--cut here--
From: <ht@panix.com>
Message-Id: <200803192227.m2JMRXG03522@panix1.panix.com>
To: kludge@panix.com
Subject: rs232 to vga converter
Status: R
rs232 to vga converter
The Rs-Big-Print converts an rs232 serial input to a
vga output compatible with most vga monitors. It turns a spare
video monitor into a cost effective readout for all sorts of
applications requiring large letters and numbers viewable from
ten, twenty and thirty feet.
Two text sizes are included. The larger has 6 lines
with 12 characters on each line. The smaller has 8 lines with
20 characters each.
Come to WWW.RS-BIG-PRINT.COM to see examples of the
display, a photograph of the device and further description.
kludge@panix.com (Scott Dorsey) writes:
Indeed. I have not encountered any ISP as generally conscientious and
willing to support actual computer people as Panix.
However, I did receive spam from a Panix user once, I think from an address >> scraped from Usenet. It was not entirely off-the-wall though:
--cut here--
From: <ht@panix.com>
Come to WWW RS-BIG-PRINT . COM to see examples of the
display, a photograph of the device and further description.
Hey, look, the first time a spam email actually advertised something
that's kind of interesting to me!
On Fri, 12 Jan 2024 03:29:58 +0000, John wrote:
kludge@panix.com (Scott Dorsey) writes:
Indeed. I have not encountered any ISP as generally conscientious
and willing to support actual computer people as Panix.
However, I did receive spam from a Panix user once, I think from
an address scraped from Usenet. It was not entirely off-the-wall
though:
--cut here--
From: <ht@panix.com>
That address might be valid.
Come to WWW RS-BIG-PRINT . COM to see examples of the
display, a photograph of the device and further description.
Hey, look, the first time a spam email actually advertised
something that's kind of interesting to me!
Hope you're not ordering alone for the fact that it is spam.
On Friday, 12 January 2024 14:24 -0500,
in article <87h6jil5ij.fsf@usenet.ankman.de>,
Andreas Kohlbach <ank@spamfence.net> wrote:
On Fri, 12 Jan 2024 03:29:58 +0000, John wrote:
kludge@panix.com (Scott Dorsey) writes:
Indeed. I have not encountered any ISP as generally conscientious
and willing to support actual computer people as Panix.
However, I did receive spam from a Panix user once, I think from
an address scraped from Usenet. It was not entirely off-the-wall
though:
--cut here--
From: <ht@panix.com>
That address might be valid.
It is.
Come to WWW RS-BIG-PRINT . COM to see examples of the
display, a photograph of the device and further description.
Hey, look, the first time a spam email actually advertised
something that's kind of interesting to me!
Hope you're not ordering alone for the fact that it is spam.
Remember the Boulder Pledge!
Grant Taylor <gtaylor@tnetconsulting.net> wrote:[snip]
If you're going to advocate for changing it, forgo the question and go
to the discussion around changing it and supporting reason therefor.
But, on the whole, having "vps" in the name is likely to get you marked
as a vps, in the same way having "mail" in the name is likely to get you marked as a new server or -gw is likely to have you marked off as a gateway by one of the many "reputation" services out there. Are you marked that
way? From your previous discussion it seems that you may be.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 465 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 69:19:15 |
| Calls: | 9,411 |
| Calls today: | 3 |
| Files: | 13,575 |
| Messages: | 6,101,236 |