Category Archives: EMail

Lets Encrypt and Postfix

Lets Encrypt is an quick & easy way to add SSL to you website.

You can also use Lets Encrypt certificates to help secure your postfix mail server.

SSL SMTP allows mail clients & mail servers to send encrypted data.

Continue reading
Related posts ...
If you're seeing a lot of messages about untrusted TLS connections in your mail log
Although not directly supported, it's quite possible to use the LetsEncrypt certbot client on Amazon
We bit the bullet ... we got iPhones.   Our Verizon cell phone contract has
If you run a wordpress blog, you really should  be aware that there is a

Trusted TLS with Postfix

If you’re seeing a lot of messages about untrusted TLS connections in your mail log when running postfix like this…

Untrusted TLS connection established to ASPMX.L.GOOGLE.com[172.217.197.27]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)

… there’s a pretty easy fix.

Continue reading
Related posts ...
Although not directly supported, it's quite possible to use the LetsEncrypt certbot client on Amazon
We bit the bullet ... we got iPhones.   Our Verizon cell phone contract has
Here's a tip for internet domain owners: Make sure the contact information for your domain
Our area has never gotten good cell phone coverage.  Doesn't really mater what carrier we

Your Email Address

We all agree that email is crucial to modern life.

But what email should you use?

Everyone gets email when they sign up for high speed internet service … the problem is that you’re tied to that internet service for that email address. If you switch service providers, you could lose the address. Even worse, if your provider goes out of business, you could loose access entirely. Sometimes the email provider charges a fee for better service and/or removing advertising.

Yes, you could use Gmail, Hotmail, Yahoo, or AOL, but you’re still tired to the provider. Plus, you don’t often get to choose the best address (johnsmith5734563@xyz.com just isn’t that sexy).

Wouldn’t it be nice if you could get an email address that belongs to you forever?

Continue reading
Related posts ...
I've noticed an interesting trend in the comment spam I've been getting (luckily few of
Well, I jumped the gun a bit and installed the iPhone 2.0 update. Overall, I'm
Well, our good friends at Yahoo are at it again. Once again they are deferring
Most ISP's and network providers have specific email addresses that you can report abuse to.

Postmaster Resources

This post is as much to help me remember as it is to help other people.

Below is a list (not comprehensive) of the postmaster resource pages for some of the major email providers.

Microsoft / Outlook https://postmaster.outlook.com
Google https://postmaster.google.com/
Yahoohttps://help.yahoo.com/kb/postmaster
Comcasthttps://postmaster.comcast.net/
AOL https://postmaster.aol.com/

On these sites you can get information about how the provider handles spam, feedback loops, blacklists, whitelists, etc.

Very useful for those managing mailing list servers.




Related posts ...
Here we have an example of a very lazy blog spammer. At least put some
Back in October of 2012 I devised a way of blocking abuse of my mailing
Most ISP's and network providers have specific email addresses that you can report abuse to.
A while ago I added a new anti-spam technique to my mail server setup called

Protecting domains from spammers

Spammers quite often ‘spoof’, or fake, the from address of an email.

As a result of this, many unsuspecting domain owners are being ‘blamed’ for spam that appears to come from their domain.

Fortunately, there is a relatively easy way to protect your domain from this: Publish DMARC policies.

If you are publishing SPF records and signing your email with DKIM, you can publish DMARC policies that tell receiving mail servers what do with emails that don’t align with the SPF and DKIM information.

SPF policies are DNS records that indicate what mail servers your mail is sent from.

DKIM is a way to add digital signatures to your email so that receiving mail servers can verify it was sent from an authorized source and that it wasn’t modified in transit.

Now what if you have a domain that you NEVER send email from?

Protecting those domains from being used in spam is even easier.

Continue reading

Related posts ...
I really wish there was a way to indicate, in DNS, that a domain never

(Read this entire post, as there is a very weird problem described later) It's been

Well, our good friends at Yahoo are at it again. Once again they are deferring

Most ISP's and network providers have specific email addresses that you can report abuse to.

Yahoo SMTP Deferrals Take 2

Well, our good friends at Yahoo are at it again.

Once again they are deferring mail for no apparent reason.

Nothing has changed on my system and yet they haven’t accepted a message to deliver to one of their users in 3 days (maybe more).  And, of course, there’s no way to actually contact a human to find out what is going wrong.

I’m on Yahoo’s email feedback loop … so I’m notified when someone complains about a message.  Nothing has come in recently from the feedback loop.

I used to be on their bulk sender white-list.  There was never a mention of having to renew the white-list approval.

A note to all my friends … DO NOT USE YAHOO FOR EMAIL!  Especially for business email.  The folks at Yahoo do NOT know how to provide service.

Gmail doesn’t have this problem … nor does Hotmail (much as I love to hate Microsoft).

Oh, and FWIW, yahoo customer service tends to ignore questions that are too complex for their script reading drones to answer.

Related posts ...
I put together a new SpamAssassin rule that will help identify spam from spoofed email

It's nice that many of the major mail providers give you the ability to report

As I mentioned before ... even though I'm participating in Yahoo's Email Complaint Feedback Loop,

While doing a little searching, I found some information on email feedback loops for other

Tech Tip: Don’t use qmail as a mail server

A while ago I added a new anti-spam technique to my mail server setup called “No Listing”.

No listing basically means putting a high priority MX record in the DNS that always rejects mail server connections..

It seems, however, that the qmail mail server can’t cope with that.  It’s not RFC compliant.

Continue reading

Related posts ...
This post is as much to help me remember as it is to help other

Here we have an example of a very lazy blog spammer. At least put some

Back in October of 2012 I devised a way of blocking abuse of my mailing

Most ISP's and network providers have specific email addresses that you can report abuse to.

whois

Here’s a tip for internet domain owners:

Make sure the contact information for your domain has more than one email address.  And make sure at least one of those email addresses is not in the domain itself.

If your email starts malfunctioning, you want people to be able to tell you about the problem … and if the only email addresses you list are in the actual domain, they won’t be able to contact you.

For example … if the mail server for example.com is having problem … and all the domain registration in the whois database shows ‘joe@example.com’, Joe won’t be able to be notified there is a problem.

The contact information is publicly accessible via the ‘whois’ databases.

Domain registrars that offer whois privacy capabilities should let you list more than one email address when they redirect the email address that they list in the whois look-ups.

For privacy sake, I like using a PO Box for the mailing address on all my domains.

Related posts ...
OK, it's kind of obvious that GoDaddy is getting desperate ... after the whole SOPA

As part of my migration to the cloud, I terminated the Comcast Business internet service

With my recent migration of servers from my basement to Amazon cloud servers, I had

Our area has never gotten good cell phone coverage.  Doesn't really mater what carrier we

Blocking Mailbait

Recently I’ve been getting a lot of mail from the feedback loops I subscribe to indicating that someone has gotten a subscription confirmation message and they considered it spam.

After digging into my logs I noticed a few things …

  • The subscription requests are being initiated from TOR exit nodes.
  • The web requests that initiate the subscription have “mailbait.info” as their referrer.

This ‘mailbait.info’ service is supposed to allow you to fill your mailbox … why anyone would want to do this is beyond me … and it has absolutely ZERO protections against submitting someone else’s email address.  As such, it just ends up generating spam.  And a lot of the twits that are using this ‘service’ are hiding behind TOR nodes, which protects their IP address.

Continue reading

Related posts ...
This post is as much to help me remember as it is to help other

Here we have an example of a very lazy blog spammer. At least put some

Back in October of 2012 I devised a way of blocking abuse of my mailing

Most ISP's and network providers have specific email addresses that you can report abuse to.

Android and sendmail

And you probably read in my last post … I had a problem getting mail setup my new Android phone.

I could receive mail fine … but it failed (with a totally useless message) whenever I tried to send mail.  I was sure I had the settings right (userid, password, ssl, etc).

I have my mail server configured to do authenticated sending (as all good mail server admin’s should) … but for some reason the authentication wasn’t working correctly.

I tried various setting combinations to see what might be the problem … I verified the settings with my iPhone and Thunderbird.  Everything matched up.

Continue reading

Related posts ...
Fair warning: This post is pretty darn technical and is of little interest to people

This post is as much to help me remember as it is to help other

Spammers quite often 'spoof', or fake, the from address of an email. As a result

Well, our good friends at Yahoo are at it again. Once again they are deferring