Re: Is there an easy way to "warm up" a new sending IP w/ Postfix
On Thu, Dec 01, 2022 at 04:37:41AM +, Sean Hennessey wrote: > I want to thank you a million for this. I finally read up on the docs > and got this working. I'm still going to do some more in depth > testing, but my quick little testing seems to be doing exactly what I > wanted. Good luck. You should generally follow the advice to prefix *SQL and LDAP table definitions with "proxy:", so that database connections are shared among multiple processes. This use case could perhaps be added as a worked-out example in PGSQL_README (in the spirit of the examples in LDAP_README). If you feel up to writing it up after working out the kinks, you could perhaps draft a patch to the "proto/PGSQL_README" source file. -- Viktor.
RE: Is there an easy way to "warm up" a new sending IP w/ Postfix
Viktor,
I want to thank you a million for this. I finally read up on the docs and got
this working. I'm still going to do some more in depth testing, but my quick
little testing seems to be doing exactly what I wanted.
-Original Message-
From: owner-postfix-us...@postfix.org On
Behalf Of Viktor Dukhovni
Sent: Tuesday, November 29, 2022 3:44 AM
To: postfix-users@postfix.org
Subject: Re: Is there an easy way to "warm up" a new sending IP w/ Postfix
On Mon, Nov 28, 2022 at 08:57:37PM +, Sean Hennessey wrote:
> I searched the list archives and saw the thread of gradual shift of
> traffic from back in February of this year. That gives me some ideas,
> but that seems to be for all traffic, not a subset.
>
> I'd really like a way to send X% of gmail.com traffic to one relay and
> the rest to another relay. Ditto for a couple of other major ESP's
> like Yahoo, MS, etc...
If you're willing to spin up a small Postgres database (modulo typos on my part
that should be easy to correct):
query = SELECT U."transport"
FROM (
SELECT CASE WHEN floor(random()*100) <= T."weight"
THEN T."transport"
END AS "transport"
FROM "transports" AS T
WHERE T."domain" = '%s'
) AS U
WHERE U."transport" IS NOT NULL;
Just populate a table:
CREATE TABLE IF NOT EXISTS "transports" (
"domain" TEXT PRIMARY KEY,
"transport" TEXT NOT NULL,
"weight" INTEGER NOT NULL
);
INSERT INTO "transports" ("domain", "transport", "weight")
VALUES ( "gmail.com", "relay:[gmail-relay.example]", 99),
( "yahoo.com", "relay:[yahoo-relay.example]", 50),
... ;
And gradually lower the weights until, at weight 0, 99% of the traffic is
direct to MX and just 1% of the traffic goes to the bypass relay and after that
the row can be deleted. Initially, at weight 99, all the traffic goes to the
bypass relay.
If you want to specify a custom transport even after removing the relay, add a
fourth (nullable) column and use that value in an ELSE clause of the CASE
statement, in which case that value will be used when the bypass is not
selected.
Keeping the Postgres database local to the MTA will improve performance and
reliability. I'd resist the temptation to centralise it, but that is an option
if you're willing to have Postfix stall when a remote DB server is unreachable
or slow, or can somehow avoid that.
It is not obvious to me, just at the moment, how to do this with the built-in
Postfix randmap, pipemap, uniomap, ...
--
Viktor.
Re: Backup MX with MySQL backend
On Tue, Nov 29, 2022 at 03:44:02PM -0500, Jonathan Capra
wrote:
>
> On Tue, 29 Nov 2022, raf wrote:
>
> > On Sun, Nov 27, 2022 at 11:40:01PM -0500, Jonathan Capra
> > wrote:
> >
> > > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> >
> > Not relevant, but the above line isn't needed (since Postfix 2.11).
>
> I commented this out.
>
>
> > > mydestination = $myhostname, ca2ceus.wtfayla.net, localhost
> >
> > Does the value of $myhostname refer to the primary MX host by any chance?
> > If so, the above line would cause the secondary MX host to deliver locally.
> > But that's probably not it (if all occurrences of refer to the
> > same hostname). The certificate there is for the host name
> > ca2ceus.wtfayla.net (presumably, the secondary MX's public hostname).
>
> Just looks like I forgot to s/ca2ceus.wtfayla.net//g for
> one instant. Now that the cat is out of the bag, caduceus.wtfayla.net is
> $myhostname, and ca2ceus.wtfayla.net is just a CNAME to the former.
There goes that theory. Sorry, I'm out of ideas.
> > > relayhost = #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> >
> > The line above looks wrong. Comments only start at the
> > start of a line (after spaces/tabs is ok). If this is
> > the cause of the problem (i.e., postfix trying to relay
> > to an incorrect hostname), there would probably be log
> > messages to indicate that. But that's probably not it
> > either. Postfix wouldn't deliver locally if it thought
> > it was supposed to relay but failed.
>
> Turns out it's just a case of carriage returns somehow getting lost when
> pasting into the email. It really looks like this:
>
> relayhost =
> #mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
> #mynetworks = 127.0.0.0/8, 174.138.48.1/20
>
>
> But that means that relayhost is empty. Should it be set to $mynetworks?
No. It should be empty for an MX host. relayhost is mostly
used for home systems that send all outgoing email via
an ISP's SMTP server because they can't or don't want to
allow arbitrary outgoing connections to port 25.
> > > transport_maps = # hash:/etc/postfix/transport_maps,
> > > mysql:/etc/postfix/mysql_relay_transports.cf
> >
> > The apparent comment above is also wrong. Move it to a line
> > of its own. Perhaps that's relevant if transports are used
> > to relay to the primary MX host.
>
> Same deal with the email formatting. It really looks like this:
>
> transport_maps =
> # hash:/etc/postfix/transport_maps,
> mysql:/etc/postfix/mysql_relay_transports.cf
>
>
> > I hope that helps a bit. But it might not be enough to
> > solve the problem.
> >
> > cheers,
> > raf
> >
> >
delivery capacity reports
Hello, We have good delivery capacity to these providers for now, - Gmail - Outlook/Hotmail - Yahoo - iCloud - ATT/Currently - AOL - GMX/Web.de - T-Online - Vodafone - Mail.de - Freenet.de - Free.fr Thanks for everyone's helps in the past. If you have found our server has delivery issues to others (the account can be registered for free), please let me know. Regards Henry Roth
Re: how to deal with t-online's blocking
I was once charter's customer. But I leave them since charter was bought by Spectrum. And spectrum blocks all IP from DO and Linode. Thanks > > > > > "Henry" == Henry R writes: > > > > My mailserver once had some issues on sending messages to different > > providers. I have contacted the provders and most of them were kind > > enough to resolve the blocking issue. Thanks for them (ATT, GMX, > > 1and1 etc). > > > > I'm in the same boat with one provider, charter.net, to shame them > publicly. They block my mail host (with proper SPF records, reverse > DNS) mail.stoffel.org for some reason. Probably because the block all > of linode's address space. Jerks. > > > > > But t-online.de keep blocking me. I have contacted them twice and got the > > same answer: > > > > We only allow evidently commercial or similar operators to connect > > to our mailservers. So, as a private user please use an SMTP relay > > or e-mail gateway of your hoster or ISP, that you can use as part of > > your contract with them. Their support will surely help you to > > configure your system accordingly. > > > > Oh well... > > > > > That's so strange policy to permit only commercial company to send > > messages to them. But there are many small companies/org who have > > their own mailservers, which can't send messages to t-online > > directly. > > > > How do you think of this behavior? > > > > It sucks big time. But unfortunately I can see more and more large > providers going this route. > > I wonder if they block hosts in the .edu domains as well like this? >
Re: how to deal with t-online's blocking
The issue has been resolved by getting reply from t-online: "We will unblock your IP. Please notice that it may take up to 24 hours until the change shows acute effect. Please excuse any inconveniences, but we do not see other possibilities to react to the millions of junkmails we receive at present. Thank you for your appreciation." Thank you buddies. Henry > > Those are obligations for web sites. But what about a mail sending domain > without web site ? >
Re: how to deal with t-online's blocking
> "Henry" == Henry R writes: > My mailserver once had some issues on sending messages to different > providers. I have contacted the provders and most of them were kind > enough to resolve the blocking issue. Thanks for them (ATT, GMX, > 1and1 etc). I'm in the same boat with one provider, charter.net, to shame them publicly. They block my mail host (with proper SPF records, reverse DNS) mail.stoffel.org for some reason. Probably because the block all of linode's address space. Jerks. > But t-online.de keep blocking me. I have contacted them twice and got the > same answer: > We only allow evidently commercial or similar operators to connect > to our mailservers. So, as a private user please use an SMTP relay > or e-mail gateway of your hoster or ISP, that you can use as part of > your contract with them. Their support will surely help you to > configure your system accordingly. Oh well... > That's so strange policy to permit only commercial company to send > messages to them. But there are many small companies/org who have > their own mailservers, which can't send messages to t-online > directly. > How do you think of this behavior? It sucks big time. But unfortunately I can see more and more large providers going this route. I wonder if they block hosts in the .edu domains as well like this?
AW: how to deal with t-online's blocking
Hi, only commercial websites and those of entities (e.V. etc.) require an imprint in germany. The "TOL problem" also occurs for private persons who do nothing wrong legally. And it also affects commercial services who do not host a website under the mail domain. Greets, Ludi -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org Im Auftrag von Jaroslaw Rafa Gesendet: Mittwoch, 30. November 2022 15:10 An: postfix-users@postfix.org Betreff: Re: how to deal with t-online's blocking Dnia 30.11.2022 o godz. 23:41:53 Nikolai Lusan pisze: > > My question is: How do they deal with non-european entities who do not > have such legal impediments in their jurisdiction? While it is actually a legal requirement *in Germany* (not in whole Europe!) and for *German* websites to have such an imprint in general, in this case it seems to have actually nothing to do with legislation - there is no such legal requirement for mail senders, and they seem just to pick up an existing legal construction and put it into their own requirements for mail senders. So you either comply to their requirement or the don't accept mail from you. [...]
Re: how to deal with t-online's blocking
> Those are obligations for web sites. But what about a mail sending domain > without web site ? As far as I'm aware there is no obligation (by law) to provide a website with legal info for e-mail only domains. Companies in Germany are required to include that information inside *every* email anyway (usually in footer). T-online wants to know your mailserver's ip addresses, checks matching forward/reverse dns and (usually) a website within your mailserver's domain with legal info - this is all about your mailserver. You do not have to provide this info for customer domains relayed through your mailserver. Best regards Gerald
Re: Is there an easy way to "warm up" a new sending IP w/ Postfix
On 11/30/2022 12:42 AM, Sean Hennessey wrote: I'm going to toy w/ that one tomorrow, I don't recall seeing in your original post though the plumbing to config postfix to use the postgress db. I was going to send a mail on that tomorrow, but while you are here 😉 As with everything in Postfix, it is documented: https://www.postfix.org/PGSQL_README.html https://www.postfix.org/pgsql_table.5.html and see also: https://www.postfix.org/DATABASE_README.html -- http://rob0.nodns4.us/
Re: how to deal with t-online's blocking
Dnia 30.11.2022 o godz. 16:45:02 Gerald Galster pisze:
>
> I'm not a lawyer but this should be part of local legislation in every
> country of the European Union (e-commerce directive):
>
> https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN
>
> Article 5
>
> 1. In addition to other information requirements established by Community law,
> Member States shall ensure that the service provider shall render easily,
> directly and permanently accessible to the recipients of the service and
> competent authorities, at least the following information:
But there is different understanding of who is a "service provider" in
various local jurisidictions.
>From what I know, in Germany everyone having a website (even a purely
private one) is considered a "service provider" and therefore must have the
mentioned information on their website. Maybe it can be applied to everyone
having a mail server (which is able to receive mail) as well.
In Poland, where I live, our Electronic Services Act ("Ustawa o świadczeniu
usług drogą elektroniczną"), which regulates this, clearly says that only an
entity which provides services electronically to customers as a part of
business activity (these services can be free for customers, but must
be a part of a business that generates revenue in other way - eg. via ads)
may be considered a "service provider" with regard to this regulation. This
seems much more reasonable for me than the German approach.
--
Regards,
Jaroslaw Rafa
r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: how to deal with t-online's blocking
Those are obligations for web sites. But what about a mail sending domain without web site ?
Re: how to deal with t-online's blocking
> Dnia 30.11.2022 o godz. 23:41:53 Nikolai Lusan pisze: >> >> My question is: How do they deal with non-european entities who do not >> have such legal impediments in their jurisdiction? > > While it is actually a legal requirement *in Germany* (not in whole Europe!) > and for *German* websites to have such an imprint in general, in this case [This is not postfix-related, so I won't comment further] I'm not a lawyer but this should be part of local legislation in every country of the European Union (e-commerce directive): https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN Article 5 1. In addition to other information requirements established by Community law, Member States shall ensure that the service provider shall render easily, directly and permanently accessible to the recipients of the service and competent authorities, at least the following information: (a) the name of the service provider; (b) the geographic address at which the service provider is established; (c) the details of the service provider, including his electronic mail address, which allow him to be contacted rapidly and communicated with in a direct and effective manner; [...] > it seems to have actually nothing to do with legislation - there is no such > legal requirement for mail senders, and they seem just to pick up an > existing legal construction and put it into their own requirements for mail > senders. So you either comply to their requirement or the don't accept mail > from you. Right, in this case it is solely a t-online requirement. The mentioned mailop thread can be found here: https://www.mail-archive.com/mailop@mailop.org/msg17702.html Best regards Gerald
Re: how to deal with t-online's blocking
Dnia 30.11.2022 o godz. 23:41:53 Nikolai Lusan pisze: > > My question is: How do they deal with non-european entities who do not > have such legal impediments in their jurisdiction? While it is actually a legal requirement *in Germany* (not in whole Europe!) and for *German* websites to have such an imprint in general, in this case it seems to have actually nothing to do with legislation - there is no such legal requirement for mail senders, and they seem just to pick up an existing legal construction and put it into their own requirements for mail senders. So you either comply to their requirement or the don't accept mail from you. > Also what exact check > are they running? Do they verify the addresses and phone numbers at > all? As I can understand from the discussion on "mailop" list, they don't seem to be actually verifying anything. They only check if the imprint is present and the data looks plausible, ie. isn't obviously fake :) > I am pretty sure most Australian companies would fail to meet this > criteria (for example I just look at the Telstra - > https://www.telstra.com.au - website and I can't see where Australias > largest telecommunications operator fails this test, and I'd hate to > think of the number of Telstra customers that would fail to send email > to these mail servers (most of who would get belligerent at bounced > email). I guess they are just accepting large and "well-known" senders. But for small senders, you have to go to the process described. > I know that I don't want to, and am not required to, provide > that information for any of my domains, or domains that I host for other > entities. Me neither :). Someone recently reported on the "mailop" list that he managed to unblock several servers without the need to provide the imprint - so it looks they don't always enforce this requirement, but usually they do. If you want to discuss more about this topic, I suggest you join the discussion on "mailop" list, as it is quite active there: https://www.mailop.org/ (btw. this site has an imprint - called "impressum" in German - and it lists a New Zealand address) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: how to deal with t-online's blocking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2022-11-30 at 13:15 +0100, Jaroslaw Rafa wrote: > From the discussion on that list it turns out, that the condition > under > which they consider a server to be "commercial" is to provide so > called > "imprint" on the website associated with the domain, with full contact > details (your name, street address and telephone number!). After you > request > that they unblock your IP, they check manually for existence of that > "imprint", and if it satisfies their requirements, they'll unblock > you. My question is: How do they deal with non-european entities who do not have such legal impediments in their jurisdiction? Also what exact check are they running? Do they verify the addresses and phone numbers at all?I am pretty sure most Australian companies would fail to meet this criteria (for example I just look at the Telstra - https://www.telstra.com.au - website and I can't see where Australias largest telecommunications operator fails this test, and I'd hate to think of the number of Telstra customers that would fail to send email to these mail servers (most of who would get belligerent at bounced email). I know that I don't want to, and am not required to, provide that information for any of my domains, or domains that I host for other entities. This just highlights the problems with internet, and general IT, related legislation/regulation. Another example of a problematic issue is a requirement by the Australian government for anyone working on products that use encryption to insert a backdoor that law enforcement can activate if requested - a requirement that after legislated saw many Australian companies offshore work. - -- Nikolai Lusan -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAmOHXaEACgkQ4ZaDRV2V L6Q3Qg/+OzWVAVBCZrS0SmvLm0cYQHvVnFf35ucIs8PzZ+vGtoc59iZjw+dbo8/p ZpEV4sY/jdI4d//owTTJgpNLpEwcnrmk6X6yAno2TBqqB0OURJJ/ueIRpPtkuUlW YB0Dv3qJwS5oRW1t0572W5xSDz6A+AYA1WYhD/TTMftQnBzlPOcDTqVjWKxxy6bg jCgLyLuZFSXZlxW5g2TNVnqVk3P3E9h1FPqNYRP75oIPKbcqIZG4wxmqFBJuMs+n pR6g3tpx+BMzGHbPxS/PVZiC8+hFjnE32Lw5U/MidU4fsUPai6KkcEJaWO+6g6sn Mdm+k+yhczqYkd3lBYZBtSB7+6Q7r0pTKtpudjvfmsTmHedossxSCkjc0XT/kaaE +SKF4yMYMAlC1QB4l3IBfdrD37EaZ5UpAAAIGEP++S9fqBB4rMLLnOQDOQnOSGk3 KLPYTZ8ebQ+M3XiMDEpKEUQuDMvimOrJ1DB0flM13l6senXUV1pHZadovo6t+gfv 0zBcaf3JWIO1/wFae5voB9jnRfWytxZYA03lGShj2ZYOYxOMpgGeNDWLPEbbhJdR fuTXrXs9Bqg6MnayPE9E9YvZZPOaCRXleXOtFYXvSM6f0BDyEAeA0tDacbIZHDW/ 4xeSHHCqyHv76J7V0vnEkgNocsd1sjmIpcgbT2Hapz/GBZlqabI= =hL0i -END PGP SIGNATURE-
Re: how to deal with t-online's blocking
Thank you Jaroslaw. following your suggestion i am giving another try. > > Dnia 30.11.2022 o godz. 02:08:57 Henry R pisze: > > > > > That's so strange policy to permit only commercial company to send messages > > to them. > > But there are many small companies/org who have their own mailservers, > > which can't send messages to t-online directly. > > > > How do you think of this behavior? > > > > This has been discussed a lot on "mailop" list recently. > Yes, they do have a strange policy indeed. Probably no other large email > provider behaves like this. > From the discussion on that list it turns out, that the condition under > which they consider a server to be "commercial" is to provide so called > "imprint" on the website associated with the domain, with full contact > details (your name, street address and telephone number!). After you request > that they unblock your IP, they check manually for existence of that > "imprint", and if it satisfies their requirements, they'll unblock you. > -- > Regards, > Jaroslaw Rafa > r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." >
Re: Is there an easy way to "warm up" a new sending IP w/ Postfix
Sean Hennessey:
[ Charset ISO-8859-1 converted... ]
> I've been poking at this a bit tonight. I am by no means a postfix expert. In
> the hopes that someone can see an obvious configuration issue, I'm going to
> post what I'm seeing:
>
> In my main.cf;
> smtpd_recipient_restrictions = check_recipient_access
> inline:{
> { gmail.com = class-gmail }
> { yahoo.com = class-yahoo }
> } permit_mynetworks permit_sasl_authenticated defer_unauth_destination
>
> restriction_classes = class-gmail, class-yahoo
> class-gmail = check_recipient_access randmap:{filter smtp1:, filter smtp2:}
> class-yahoo = check_recipient_access randmap:{filter smtp1:, filter smtp2:}
Sorry, that should be:
smtpd_restriction_classes
Wietse
Re: how to deal with t-online's blocking
Dnia 30.11.2022 o godz. 02:08:57 Henry R pisze: > That's so strange policy to permit only commercial company to send messages > to them. > But there are many small companies/org who have their own mailservers, which > can't send messages to t-online directly. > > How do you think of this behavior? This has been discussed a lot on "mailop" list recently. Yes, they do have a strange policy indeed. Probably no other large email provider behaves like this. >From the discussion on that list it turns out, that the condition under which they consider a server to be "commercial" is to provide so called "imprint" on the website associated with the domain, with full contact details (your name, street address and telephone number!). After you request that they unblock your IP, they check manually for existence of that "imprint", and if it satisfies their requirements, they'll unblock you. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Re: AW: how to deal with t-online's blocking
The mail log did say: Nov 30 12:17:08 mx3 postfix/smtp[220173]: EEF9C9F07F: host mx01.t-online.de[194.25.134.72] refused to talk to me: 554 IP=xx.xx.xx.xx - None/bad reputation. Ask your postmaster for help or to contact t...@rx.t-online.de for reset. (NOWL) I use the contact from the returned message. Thanks > > Hi, > > I remember writing to TOL on behalf of a .net organisation. And request they > whitelist the new IP of their server. That worked. > > The address should be in your logfile with the reject. > > Did you use that or some other channel to talk to them? > > So many companies ignore basic things like abuses. Or in this case invent > their own whitelist. > I bet nothing of all this gets them on a RFC-ignorant style list, where they > belong IMO. > > Greets, > Ludi > > -Ursprüngliche Nachricht- > Von: owner-postfix-us...@postfix.org Im > Auftrag von Henry R > Gesendet: Mittwoch, 30. November 2022 03:09 > An: postfix-users@postfix.org > Betreff: how to deal with t-online's blocking > > Hello, > > My mailserver once had some issues on sending messages to different > providers. I have contacted the provders and most of them were kind enough to > resolve the blocking issue. Thanks for them (ATT, GMX, 1and1 etc). > > But t-online.de keep blocking me. I have contacted them twice and got the > same answer: > > We only allow evidently commercial or similar operators to connect to our > mailservers. So, as a private user please use an SMTP relay or e-mail gateway > of your hoster or ISP, that you can use as part of your contract with them. > Their support will surely help you to configure your system accordingly. > > That's so strange policy to permit only commercial company to send messages > to them. > But there are many small companies/org who have their own mailservers, which > can't send messages to t-online directly. > > How do you think of this behavior? > > Thanks. >
Re: how to deal with t-online's blocking
Thank you very much. i will improve my site to fill their requirement. > > > > > But t-online.de keep blocking me. I have contacted them twice and got the > > same answer: > > > > We only allow evidently commercial or similar operators to connect to > > our mailservers. So, as a private user please use an SMTP relay or > > e-mail gateway of your hoster or ISP, that you can use as part of your > > contract with them. Their support will surely help you to configure your > > system accordingly. > > > > It is common that even german datacenter ip-addresses are blocked by t-online, > but they are usually fast to respond and unblock, given sufficent legal info. > > You should qualify for "commercial or similar operator" but you don't tell > them who you are: > > https://openmbox.net/contact.html > "Henry R, who has 10+ years experience in email industry, owns and operates > the platform." > > "Henry R" is lacking full name, adress, phone number, ... > > Non-private websites require a site notice (also called legal info or imprint) > in Germany / European Union, mentioning a person that is legally responsible. > Providing an email service to anybody is probably considered commercial, even > if you don't do it for profit. > > Most mailserver operators do not demand that, but t-online does. > > An example for what they expect: > https://www.hetzner.com/legal/legal-notice > > More information about Impressum: > https://www.ionos.com/digitalguide/websites/digital-law/a-case-for-thinking-global-germanys-impressum-laws/ > > Best regards > Gerald >
Re: AW: how to deal with t-online's blocking
I am trying to ecnrypt email storage at rest, such as Two-way encryption and decryption. Thanks :) > > Hello Henry, > I am running my own email-server as well and can connect to t-online. I > assume Viktor is right that they somehow check the imprint of a parallel web > site. My website does not indicate I am offering email service commercially, > which in fact I do only to organizations I know personally. > I did get blocked by Outlook though and changed ip address to resolve that. > Your data center might be suspect to them. You may want to try a VPN to a > different one that has better reputation. > Btw - what "encryption" are you doing? > Regards, > Joachim > > -Ursprüngliche Nachricht- > Von: owner-postfix-us...@postfix.org Im > Auftrag von Viktor Dukhovni > Gesendet: Mittwoch, 30. November 2022 07:55 > An: postfix-users@postfix.org > Betreff: Re: how to deal with t-online's blocking > > On Wed, Nov 30, 2022 at 02:08:57AM +, Henry R wrote: > > > > > But t-online.de keep blocking me. I have contacted them twice and got the > > same answer: > > > > We only allow evidently commercial or similar operators to connect > > to our mailservers. So, as a private user please use an SMTP relay > > or e-mail gateway of your hoster or ISP, that you can use as part > > of your contract with them. Their support will surely help you to > > configure your system accordingly. > > > > That's so strange policy to permit only commercial company to send > > messages to them. But there are many small companies/org who have > > their own mailservers, which can't send messages to t-online directly. > > > > Most likely this is not their actual policy, but rather a way for some > underpaid level-1 tech support staffer to close your issue. > > See https://postmaster.t-online.de/#t4 for what appear to be the actual > requirements. They do appear to expect sending domains to have a website, > public contact addresses, ... but a requirement to be a commercial operator > isn't there, best I can tell. > > You could try to escalate after politely pointing to the above page and > pointing out that it does not in fact prohibit suitably operated personal > mail servers. > > -- > Viktor. >
AW: how to deal with t-online's blocking
Hi, I remember writing to TOL on behalf of a .net organisation. And request they whitelist the new IP of their server. That worked. The address should be in your logfile with the reject. Did you use that or some other channel to talk to them? So many companies ignore basic things like abuses. Or in this case invent their own whitelist. I bet nothing of all this gets them on a RFC-ignorant style list, where they belong IMO. Greets, Ludi -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org Im Auftrag von Henry R Gesendet: Mittwoch, 30. November 2022 03:09 An: postfix-users@postfix.org Betreff: how to deal with t-online's blocking Hello, My mailserver once had some issues on sending messages to different providers. I have contacted the provders and most of them were kind enough to resolve the blocking issue. Thanks for them (ATT, GMX, 1and1 etc). But t-online.de keep blocking me. I have contacted them twice and got the same answer: We only allow evidently commercial or similar operators to connect to our mailservers. So, as a private user please use an SMTP relay or e-mail gateway of your hoster or ISP, that you can use as part of your contract with them. Their support will surely help you to configure your system accordingly. That's so strange policy to permit only commercial company to send messages to them. But there are many small companies/org who have their own mailservers, which can't send messages to t-online directly. How do you think of this behavior? Thanks.
