undefined | Better HN

0 pointsjlkuester74y ago0 comments

Yeah, my solution for low-volume self-hosted email is to relay my outgoing SMTP traffic through Amazon SES. I get good delivery to all the big players, bit still control all the parts of the email stack that I care about. (Plus at low volume, SES is basically free...)

0 comments

15 comments · 4 top-level

ireflect4y ago· 5 in thread

I have had very few troubles sending outbound email directly, however there was one email provider that always rejected me because they were blocking all of DigitalOcean's IP space. This provider was quite niche, but it still bothered me.

My solution was to set up SMTP relaying based on the recipient domain. So nearly all my email can still be sent direct, but I have a list of domains that get routed through mailgun.com (or you could use SES or whatever).

More info here: https://github.com/docker-mailserver/docker-mailserver/issue...

WarOnPrivacy4y ago

> there was one email provider that always rejected me because they were blocking all of DigitalOcean's IP space.

This would be me. DO traffic is overwhelmingly hostile traffic. It's like Psychz or MCColo got massively scaled up.

OVH is a close 2nd. Amazon was a solid third, beginning in 2019. Not sure if they still are.

stevenicr4y ago

I've also blocked tens of thousands of ips from DO, and AWS on several web sites. Mostly for attempts at logging into wordpress admin accounts, some were spammers I'm guessing were using vpns that sometimes go through them. Those and tens of thousands from brasil, and several other countries.

There was a time when I looked at sending in reports -

and a time when I asked someone in the wp plugin directory who had a detector-like plugin to have it spit out a chunk of fields that would be ready to fill in the amazon complaint form and to do a cidr lookup to port over to iptables.. but that never got made.

This was all made worse when maxmind went registration needed and ruined the most effective security plugin for wordpress I'd been depending on for years.

I've noticed an increase in the microsoft ips I'm blocking these days to.

for now I don't mind doing an ip lookup when I can block 64,000 ips or more at a time I find it's a solid win.

ireflect4y ago

You work at Mega? Nice to meet you!

Is there anything I can do to get whitelisted? How can I contact you?

Not a huge deal if not, I've implemented the workaround already. But to be whitelisted after a chance meeting on HN would be a nice way to finish this story.

hda1114y ago

I always wondered why there isn’t a config option in MTAs that tries to route an email over different other MTA‘s submission port and tries until delivered. I mean a automated setup not static rules you mention. This would make self hosted setups so much easier. The chance that someone blocked your cloud server‘s IP address 4 years ago and never bothered removing it is high.

wink4y ago

My "favorite" story is a certain not to be named French university which was polite enough to inform me that they block all email from .org domains.

bla15e4y ago· 3 in thread

Do you have any more details on implementing this? Sounds like something a lot of people would be interested in

teitoklien4y ago

I have set up the same thing for myself and have been using it for several years now, so i’ll join in.

Aws ses has this offer where for a few thousand emails per month, email sending is free.

The steps are this:

1- Signup for aws ses, once you do that they’ll put you in a sandbox environment

2- After that they’ll ask you a few questions on why you need it, just tell them its because you’re a growing startup who expects to send thousands of emails per month, (make sure to say this, they don’t crosscheck later, if you dont say something along the lines of this, they usually reject your application to avoid having to serve small customers who might not scale their business later. )

3- After you’re approved, they provide you with a mail relay api key, just take that api key and attach it to your postfix or other smtpd installation

I use docker-mailserver[0] which packages everything I need for my mailserver into a small container and was good to go, it consumes minimal resources too.

For me, i just had to add the ses relay api key to the config file of my docker-mailserver install and it was all setup.

However you can do the same with any provider that gives you an option to act as your email relay, I remember both aws ses and sendgrid provide this service, but I’m sure there are more niche businesses providing this too.

[0](https://github.com/docker-mailserver/docker-mailserver)

brotherofsteel4y ago

>2- After that they’ll ask you a few questions on why you need it, just tell them its because you’re a growing startup who expects to send thousands of emails per month, (make sure to say this, they don’t crosscheck later, if you dont say something along the lines of this, they usually reject your application to avoid having to serve small customers who might not scale their business later. )

I have the same setup as you, relaying outbound mails through SES. I told exactly how I was going to use it and was accepted promptly. Maybe I just got lucky.

jlkuester7OP4y ago

As others have mentioned, setting up SES is straightforward (as much as anything AWS) and for the rest of my setup I just use mailu.io containers. The config for setting up the relay is here: https://mailu.io/1.8/configuration.html?highlight=relay#mail...

speedgoose4y ago· 2 in thread

Your solution makes a lot of sense if sending emails through AWS is acceptable, but I'm not sure we can say it's self-hosted.

xanaxagoras4y ago

When you send an e-mail, as soon as it leaves your mail server it's out of your control and you have no say in where it goes before it ends up at the recipient. There's no such thing as self hosted sent e-mail.

speedgoose4y ago

Sending an email through AWS has strong implications regarding privacy though.

2 more replies

varenc4y ago· 1 in thread

Do you run into any issues with your outgoing mail being marked as spam by the recipient? Particularly with GMail’s aggressive filtering?

I imagine 99% of outgoing Amazon SES traffic is transactional or marketing email for various online services. I worry this could make my personal emails look more like spam to the big providers. Or maybe it works out fine.

kevincox4y ago

FWIW running a service who's job is to send email, I have found that GMail is one of the best providers to send to. They strongly value domain reputation and are popular enough that it was quick to build up a basic reputation. Now my messages are rarely flagged as spam even coming from a Digital Ocean IP address. I just rely on DKIM.

This is in contrast to Microsoft which seems to rely mostly on IP reputation and trying to send from a new server is incredibly difficult as they (reasonably) treat unknown Digital Ocean IPs as likely spam but (unreasonably) don't allow a good domain reputation to override that.

j / k navigate · click thread line to collapse