Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Local ISP Recommendations?



On 01/22/2016 12:37 AM, David Kramer wrote:
> I would love to get your opinions (or even better, facts) on how
> dangerous it would be to run a web and mail server on a dynamic IP. I
> think Matt was asking about that too.

I've been doing this for over 10 years with different providers. 
Comcast was fine for the first 3 or 4 years.   Over that time my IP 
address changed a handful of times.  Using a static DNS to point to my 
DHCP address wasn't too bad.  I would have an email outage of a few 
hours plus however long it took me to realize I needed to fix the DNS 
entry.

Then Comcast started randomly adding port blocks to residential services 
(25 and 80 were what I cared about).   Then I had to use the mailhop 
service for email, and tried a couple different avenues, including 
letting my hosting provider provide a backup mail relay.  That turned 
out to just vastly increase the amount of spam I got, but it wasn't your 
normal spam: it was people's auto-replies to spam.  You normally don't 
see that since they just send it back to the source, and normally the 
spam source is not your actual mail server.  Problem is, these hosting 
providers must use the same outgoing mail server for a bunch of domains, 
some of which were sending spam with my domain as the 'from'.

Anyway, Comcast started being really painful to deal with, and just 
generally overzelous in policing their network in draconian ways.  Got 
sick of them really fast after that.  I gave up on port 80 hosting 
during this phase, migrated it to a web hosting service.

Switched to FIOS as soon as they offered service, and have been happy 
ever since.  Haven't needed MailHop because they don't unnecessarily 
block incoming ports.  You MUST use their server as a relay for outgoing 
mail (this was true for comcast as well), but that is ok as long as you 
make sure their server is in your SPF DNS entry (so that when outside 
people see mail from your domain coming from Vz's server, they don't 
assume that it is spam).

Again, IP address changes once a year or so (I leave this server on all 
the time).  I utilize a dynamic DNS system too (one that automatically 
updates itself).  This is in case I'm out of town and a power outage or 
something makes my IP change, I can still get in remotely via the 
dynamic dns name, then find out the new ip I need to update the static 
DNS with.

As far as the danger of other people getting your email, there isn't 
much.  First, there is a relatively small window for this (i.e. until 
you update your DNS entry and it propogates).  Some other residential 
customer will get your IP, and they have to be running a mail server 
(uncommon).  Moreover, they have to be running a mail server that is 
configured to accept mail for your domain (couldn't happen except by 
intentional malice).   Since one of the prerequisites implies malice 
(accepting mail for your domain), and another would require collusion 
with the ISP (to hand the bad guy your old IP address, since the chance 
of that happening randomly is astronomical)... well lets just say if 
your ISP is colluding with bad guys you're already screwed and you 
probably have bigger problems than temporary email redirection.

HTH,
Matt



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org