Follow

Decentralized SMTP is for the greater good

TL;DR:
- SMTP is the way computers exchange e-mails

- it is a decentralized protocol meaning that ANYONE can run a node and be independent

- it is being centralized at companies that have a history of abuse

- it is being centralized in a country that has a history of abuse

poolp.org/posts/2019-12-15/dec

@cstrotm I am running one. Unfortunately, what happens is that residential/ broadband IPs are all blacklisted ....

@loweel

Blacklisted by the big mail providers, yes.

I contact the users that I have problems reaching and I explain the situation, and I offer them an account on one of the mail servers that I operate. That works in approx 50% of all cases, and these people are happy to leave the GMails and Yahoo.

We need more "community" ISPs that provide essential Internet services (mail, web, chat, social media) for their communities and are run by people from these communities.

@cstrotm @loweel - well, running a mailserver behind dynamic dialups/IPs is not the best idea anyway, but there are tons of cheap VPS with static IPs that can be used as smarthost.

@ij @cstrotm smtp does not cares much about IP, it cares about hostname. Once you get a mx backup and a dynamic dns, it must work.

@loweel - except of course for those sites that implement a lookup a database of dialup IPs...

deny message = X-blacklisted-at: $dnslist_domain
dnslists = dialup.mail-abuse.org

@cstrotm

@ij @cstrotm which are, a problem. Actually I think spam was just an excuse for this.

The reason is, when I wanted to stop spam, I just forced STARTTLS on port 25, forcing to only accept mail from servers using a valid certificate. Since no spammer buys a certificates for smtp spambots, I got almost no spam.

Good providers usually set the certificate for smtp servers properly (but Amazon, grrrr), so I can receive mail normally.

So the idea of setting rbl lists, for me, Is just an excuse to centralize smtp.

@cstrotm I feel called out by this (since it's what we had been doing 20 years ago), but every time I bring up the topic nowadays I'm blocked by the likes of "email is dying anyway" and "the cloud providers are better at running services, why even bother"...

Never mind, I completely missunderstood the original toot,
I Thought op talked about some new P2P email thing

@bortzmeyer
@cuniculus @cstrotm @loweel @amolith

@cstrotm @loweel

Usually the telecom regulator requires that residential ISPs block outgoing 25/tcp

@cuniculus @cstrotm not that I know. I can reach almost any port 25 in Germany, and the same was when I used to live in EIRE , France and Italy.

Just one ISP blocked the port in my memory, but he defaulted.

I think there is no need to act at tcp level. At the end we want the SMTP transport be encrypted and authenticated, so checking if the SMTP server provides a proper certificate and forcing the STARTTLS in my experience blocked all the spam.

This is nothing strange, because actually no spammer is buying a valid certificate for their spam-sending servers, it would cost too much.

@loweel @cstrotm

>I can reach almost any port 25 in Germany

It may technically work, but it's usually blocked on the receiving end.

See: spamhaus.org/query/ip/46.92.25 (mail.keinpfusch.net)

> Outbound Email Policy of Deutsche Telekom AG for this IP range:
> Deutsche Telekom advises against accepting e-mail from dialup IPs. We provide these IP addresses dynamically to our customers for internet access. Proper e-mail delivery should use dedicated servers, which is why attempts of e-mail delivery from dialup-ranges generally can be traced to compromised computers or other misuse.

>buying a valid certificate
It's not 2013 anymore

@cuniculus @cstrotm infact. But this is because of this idiotic spamhaus, which has the clear purpose to centralize email.

And again, my calendar works pretty well, calendar aren't arguments, and perhaps I can see in my logs spammers being blocked because they can't start a proper STARTTLS connection with a proper certificate. This happens in 2020.

The point is, being the self-appointed sheriff pays a lot, and many people likes to get money. So that, spamhaus & co are very happy about how they centralized the SMTP thing, so that the usual actors may spy your mail...

@cstrotm @loweel

>We need more "community" ISPs that provide essential Internet services (mail, web, chat, social media) for their communities and are run by people from these communities.

To get to this, we'd need more IPv6 adoption, as IPv4 addresses are expensive as hell.

(and CGNAT sucks)

@cstrotm @loweel

Most ISPs submit their residential ranges to Spamhaus PBL and nearly all mail servers are using their lists.

spamhaus.org/pbl/

@cstrotm
Yeah but its a pain in the ass to convince your ISP to create new reverse DNS records :/. Which also means both Google and Microsoft simply blacklisted my fqdn and my ip in the meanwhile

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!