DoH plugin for BIND

Michael De Roover isc at nixmagic.com
Sat May 2 14:08:25 UTC 2020 

To put it very simply, I consider myself very lucky that I have control 
over every mail client that interfaces with my mail server. Most of them 
are well-behaved and use 587 for submission. My mail server has also 
disabled it on port 25 to reduce spam. Port 587 on my mail server is 
also only visible within my VPN's to allow submission only within. That 
is an edge case and a privilege since all the mail clients are local. If 
your mail clients go outside your network or VPN's, that's when you'll 
need to either expose 587 to the internet or allow it on 25, with all 
those related issues.

Submission on port 25 is something I disabled on my mail server since it 
reduces the amount of spamhausen that try to submit email to my mail 
server, assuming that it's an open relay. It's purely traffic- and 
load-related. The reason why residential ISP's disallow it - to my 
knowledge which is admittedly limited - is because few postmasters 
consider the limitations that are applied to residential connections in 
general endurable. That includes dynamic IP's, down-/upload ratio, 
blocked ports, lack of SLA, and many other things.

As far as the "completl different story" goes, it's part of a whole. 
Good luck getting deliverability to other mail servers from a 
residential range even if the ISP itself allows it. Mail servers are an 
inherently reputation-driven thing. Reputation of your sender IP 
addresses to be precise. Is it good? No, email sucks. If you can get 
away with not running a mail server, don't run one. They suck so much. 
But if you do, a home IP is not where you'll want to start regardless. 
Get a VPS if anything.

On 5/2/20 3:51 PM, Reindl Harald wrote:
>
> Am 02.05.20 um 15:41 schrieb Michael De Roover:
>> In my experience and from what I've heard, very few.
> if that would be true how comes that most mail clients still default to
> 25 for submission and years after closing port 25 on our mailserver i
> still struggle with customers smartphones still not using 587?
>
> in fact 10 years ago some ISP's *tried* to kill outbound port 25 because
> there is no point in using it from a homemachine and at that time we
> struggeled also to explain our customers that 25 is plain wrong
>
> finally they gave up because the damage of open port 25 is killed with
> dnsbl but the customer support went crazy with "why can't i send email
> with my internet connection"
>
>> Even if your ISP allows it, chances are that other mail servers will reject it
> that's a completl different story
>
>> On 5/2/20 3:30 PM, Paul Kosinski via bind-users wrote:
>>> How many ISPs allow traffic on port 25? My impression is that even many
>>> (non-enterprise) business customers can't use port 25
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Met vriendelijke groet / Best regards,
Michael De Roover

More information about the bind-users mailing list