In today's times of mature NLP, you will not be able to differentiate human mail from bot mail or spam. Only in person verification is trustworthy. No. Are you saying that only people who control the network should send mails? Well DNS exactly is for that. If you find I send spams, you can easily easily block mails from my domain humaaraartha.in but it is not wise nor ethical to by default not allow people to mail.
That issue lies because hardware is not mapped to people. There is no technological solution for trust hopping between machines. ssh should be discouraged and each machine, denoted by single IP address should be mapped to a human. So humaaraartha.in is run by Sagar Acharya. My configuration of whitelisting does exactly that. In today's world where each grain can potentially have an IPv6, I accept requests only from whitelist or at the very least accept from everyone and prioritize the whitelist. Well, what action should be implemented for sending emails. I don't get a sending action. I have changed conf to action "send" relay helo humaaraartha.inmatch from any for any action "send" Thanking you Sagar Acharya https://humaaraartha.in 7 Sept 2023, 14:53 by archa...@activis.me: > This is not the 80–90’s anymore. Internet is not a friendly place, and the > bulk of emails sent today are spams. So most actors are leveraging everything > they can to reduce that, and a high entrance barrier to email sending is > definitively part of this plan. > > That’s why we have (fc)rDNS, SPF, DKIM… And regarding residential IPs, they > are hosts of the biggest botnets in the world, so residential ISP tend to > block port 25 outgoing by default to limit spam. Some provide you the option > to disable the port blocking, but very rare are those that allow you setting > the reverse. > > On my receiving ends (plural, I handle multiple email servers of various > sizes including some with thousands of users), cutting down non (fc)rDNS > compliant senders kills 99+% of spam attempts and I’ve never been reached by > someone having a false positive on that policy. I don’t see why anyone would > want to not have this amazing first layer fence. > > Regards. > > Le 07/09/2023 à 13:12, Sagar Acharya a écrit : > >> Or maybe we can simplify mail systems more. If mail, a system used to send >> messages across computers cannot work on "residential" IPs, then we can make >> it work on "residential" network since most nodes are "residential". You can >> look at. >> >> humaaraartha.in. TXT >> >> And you'll find spf records there. Maybe it's just time to say, reduce the >> requirements of mail hosting to just static ip and DNS in a world where most >> don't even have a static ip! >> Thanking you >> Sagar Acharya >> https://humaaraartha.in >> >> P.S. I see that you're talking substance and truth to some extent but >> discarding residential IPs and this need for reverse dns is outrageous! What >> is the point of reverse DNS in today's world? >> 7 Sept 2023, 14:25 by archa...@activis.me: >> >>> Learn the basics. Unfortunately, you do not seem to understand MTA/SMTP. >>> >>> So read maybe https://github.com/poolpOrg/OpenSMTPD-book, also >>> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-dovecot-and-rspamd/, >>> and get a better understanding of SMTP/MTA requirements. >>> >>> A public IP is not enough, it has to be not residential or at least you of >>> course need port 25 to be open towards the world, which is not your case, >>> and you also need to be able to set the reverse for it, while currently >>> >>> humaaraartha.in. IN A 182.59.136.243 >>> >>> but >>> >>> 243.136.59.182.in-addr.arpa. IN PTR >>> static-mum-182.59.136.243.mtnl.net.in. >>> >>> And I do not expect “Mahanagar Telephone Nigam Limited” to let you set that >>> reverse. >>> >>> So back to our options : either get a VPS or dedicated server somewhere >>> that allow port 25 and setting reverse, or use an email service provider >>> that would allow you to relay emails. >>> >>> Actually I’m not even sure that your available SMTP options >>> (Tutanota/GMail) would allow sending with an arbitrary MAIL FROM (i.e. one >>> that is not @tutanota.tld or @gmail.com), and as I don’t have an account on >>> either I cannot test that. So you would have to look into >>> https://man.openbsd.org/smtpd.conf#host and >>> https://man.openbsd.org/smtpd.conf#auth, and check whether any of your >>> email providers allow you to send email as @humaaraartha.in (and then you >>> might want to provide SPF records allowing them to do so). >>> >>> Regards. >>> >>> Le 06/09/2023 à 23:40, Sagar Acharya a écrit : >>> >>>> So what's the solution? I have a public ip. Can you suggest an edit? >>>> Thanking you >>>> Sagar Acharya >>>> https://humaaraartha.in >>>> >>>> >>>> >>>> 7 Sept 2023, 00:43 by archa...@activis.me: >>>> >>>>> Hi, >>>>> >>>>> Le 06/09/2023 à 22:40, Sagar Acharya a écrit : >>>>> >>>>>> I checked all network settings. They are perfect. Here is my conf below >>>>>> exactly. There's some issue with it. >>>>>> >>>>>> ========== smtpd.conf ========== >>>>>> table aliases file:/etc/smtpd/aliases >>>>>> table whitelist file:/etc/smtpd/whitelist >>>>>> >>>>>> pki humaaraartha.in cert "path_to_fullchain" >>>>>> pki humaaraartha.in key "path_to_privkey" >>>>>> >>>>>> listen on 0.0.0.0 tls pki humaaraartha.in >>>>>> listen on 0.0.0.0 smtps pki humaaraartha.in >>>>>> >>>>>> action "local" maildir alias <aliases> >>>>>> action "relay" relay host "smtps://humaaraartha.in" mail-from >>>>>> "@humaaraartha.in" >>>>>> >>>>> This line cannot work. You are asking to relay outgoing emails to your >>>>> own server (host is the destination host — Jarod just linked the doc >>>>> while I was writing). They won’t go anywhere. You cannot workaround port >>>>> 25 being blocked by using another port, else port 25 would not be blocked >>>>> anywhere. You have to use an external relay that will accept submission >>>>> from you on port 465 (smtps) or 587 (submission) and then relay on port >>>>> 25 to the world. That will likely have to be one you have an account on >>>>> (gmail or tutatnota). >>>>> >>>>> Regards. >>>>>
