ISP's only block port 25 on residential dynamically assigned accounts they do not do this on accounts with static IP addresses
It's likely a TOS violation for you to run a mailserver on a dynamic IP, but most ISP's bury their TOSes so you probably haven't read it. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Loren M. Lang Sent: Wednesday, November 12, 2025 12:21 AM To: Portland Linux/Unix Group <[email protected]> Subject: Re: [PLUG] Mail not delivered message (rejecting linux?) On Sat, Nov 08, 2025 at 12:12:56PM -0800, Rich Shepard wrote: > On Sat, 8 Nov 2025, Ted Mittelstaedt wrote: > > > You may not need to bother with DKIM, SPF may be sufficient but you > > will need DMARC. > > Ted, > > A few years ago I did set up SPF and (IIRC) DKIM (which was a PITA). > Didn't do DMARC. > > > I see you don't run your own nameservers you are on Namecheap's > > stuff so you might want to review the following: > > https://www.namecheap.com/support/knowledgebase/article.aspx/317/223 > > 7/how-do -i-add-txtspfdkimdmarc-records-for-my-domain/ > > Will certainly do so. Another level you might want to consider would be a front-end service like Rollernet. I originallly used them just as a secondary MX for those times when my server is down or being rebooted. However, do to all the more recent filtering by ISPs, I now use them as outgoing MX relay as well as incoming primary. I still run my own Postfix mail server and have SPF, DKIM signing, mailbox filtering/sorting, etc., but I don't have to worry about my ISP blocking port 25 incoming or outgoing as many do now or convincing my ISP to set up correct PTR records. Rollernet acts as a pair of secondary MX servers for incoming mail, but they are the only MX records I have published since my ISP now blocks 25 by default. It works fine and I use them as a first-level filter blocking SPF and ClamAV exceptions before they even get to my primary MX. Then, all my outgoing mail is relayed from their mail submission service so I don't have to worry about my personal IP being blocked. They also offer secondary and primary DNS services as well including DNSSEC support if you don't want to use Namecheap or run your own DNS. http://rollernet.us/ -Loren > > > It's not really that difficult to set all this stuff up, I'm sure > > you can get it done in an hour or so. > > That'll be my goal. :-) > > > "The nice thing about standards is that there are so many of them to > > choose from." - Andrew S. Tanenbaum > > I've used his quote many times, especially with water quality reglations. > > Thanks for the advice and pointers. > > Regards, > > Rich -- Loren M. Lang [email protected] http://www.north-winds.org/ IRC: penguin359 Public Key: http://www.north-winds.org/lorenl_pubkey.asc Fingerprint: 7896 E099 9FC7 9F6C E0ED E103 222D F356 A57A 98FA
