New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yeah bit over the top on my part, maybe should have sent it 30min later when I cooled off.
I did read it, which prompted me to reply, although i could have toned it down.
A short email (which is one sentence) is fine but a valid justification is open to much more interpretation, because what is the criteria for "valid justification"?
Since there is no mention of inbound and outbound, assume it's both.
If it's blocking both inbound and outbound, then it's brain dead. I have postfix on all my servers (although I don't use HostHatch), but they only receive mails. Sending mails is hard, but receiving mails only needs a MX record and a open inbound port 25, but no need for keys, filters, or signatures.
We're going to block only outgoing TCP port 25.
Aren't you the guy we banned from our services for threatening us in public? Then you said it was a joke and tried to delete your comments?
Valid justification doesn't have to be long, especially if you are an old customer with no abuse history. We're likely going to require more information from new accounts that look suspicious, but not from older customers.
@hosthatch
Blocking all customers is not a solution. Automated solutions are the way to go, because you love your servers. Here are some examples I have seen so far:
Affecting all customers, for just a few abusers, is never the way to go. Hackers already disturbed your business, so they most likely feel proud of this. You should not give them such public satisfaction, by taking such a dramatic business-wide decision which will likely load your support (as @LTniger said, even though you ignored him). Think about the many small guys, with some Wordpress website rarely sending some email notifications about Wordpress updates.
Maybe you should take some time and use this information to add a feature, like a client-area firewall; instead of taking the easy way out by adding a restriction which will load your support and limit your business image in the long run, all for just a few happy abusers.
Spammers don’t want recognition or find satisfaction in being thwarted. They only want a solid API, loose captchas, and dollars.
I have an VPS (not really a cheap one at that) with another provider just for the sake of my own email server. If they would ever do that I'd move in an instant.
To block spam, thats on you not me. End of story. Limit outgoing emails and what not and dont get into extreme blocking ports altogether.
Will this break the default postfix 'satellite system' setup on Debian (i.e. relayhost)?
I'm sending some monitoring related email from a Hosthatch server to my main SMTP server on another provider using this setting
Edit: Yes seems this uses port 25... will send ticket
We are not re-inventing the wheel here. Blocking port 25 is the industry standard. If you do not agree with industry standards, then a good place to start with would be to create a petition to change them.
I love the LET community and appreciate the feedback, but having been here for many years, I have also learned the loudest pitch-fork crowd and the actual correct thing to do can be sometimes different.
I don't think I am arrogant enough to think that I have the collective intelligence of more than Google or Amazon engineers here, or Vultr, or DigitalOcean, or Softlayer, or countless other industry leaders. We're just doing what has been set as the industry standard.
We're going to add a note on the website once the rule is live. We used to have it before when we used Softlayer in Hong Kong and Sydney (which at the time used to block port 25 without exceptions).
We're going to make exceptions for people who have a valid use.
That is all we can do here.
Again, I don't think I am arrogant enough to think that I have more intelligence than the people working for industry leaders in this space.
Someone claiming they are doing DPI....is either just plain naive or doesn't have a large enough network to understand that it doesn't work in real life. Otherwise I think GCP or AWS would have far more money to run DPI across their networks instead of 'taking the easy way out'.
Sorry, from when in the fuck is it the industry standard?
The industry standard is to have port 25 unlocked by default.
Only a few select hosts block it.
You are taking the easy way out, stop bullshiting yourself.
I'd understand if this was a free service, but people are paying you.
That’s a great attitude to convince providers to reach for the stars and invest in appliances that downgrade your connections, intercept packets, and then scan their plain text contents. Like OVH. Like Heficed. Certainly that’s the lesser evil, packet inspection. You’ll get punished for the actions of abusers eventually, you already have been everywhere every day (literally what a “law” is and why you have to fill out captchas) but you’re not thinking about it because you’re used to it, might as well try to lobby for the worst implementation.
So it's not at GCP, AWS, Softlayer, Upcloud, Vultr, DigitalOcean or countless other large reputable industry leading cloud providers.
Yeah sorry, I'm paying for the provider so what they do is none of my concern. As long as my email server is running on the VPS it actually is their problem to limit the other idiots who keep ruining the service.
No. None of them. As for "industry leading" thats easily debatable. More money /= industry leading. One of those "industry leading" providers recently had their billing hacked, guess money cant buy everything.
Oh well... it was good while it lasted. Enforced limitations incoming.
I love the enthusiasm of @jar though. Most likely he will get more clients from all this BS
I don't get why people are getting so annoyed about it, if you got justifiable reason then you should get whitelisted no issue after a ticket.
Can't have a constructive argument when we're 'debating' the dictionary meanings then, sorry, you win. Those names are not just the largest in money, they also have the largest market shares, and fairly good reputations.
While I truly love the LET community, we can't base our rules on the on the loudest minority. We have to do what is right for the majority of our client base. And what is technically sound and accepted industry-wide.
As I have said a quite few times before, port 25 being blocked is the industry standard.
If the discussion has moved on to "the meaning of industry-standard in a dictionary is debatable", then I don't think I can add anything that will change anyone's mind.
I'm not saying any of them are "shit". But most of them have so much VC cash behind them they don't know what to do with it. Hence security is a second level citizen.
Hey, I mean after all French gov kept pouring in cash for OVH and...yea. Cash =/ security. Once again.
So how are you actually going to justify the ports? Serious question. Say someone writes to you "I'm running my own email server" and then we get all those "want to buy viagria" emails from it...then what?
It is not about the reason. It is the principle of the thing. Even if clients do not use a specific feature, they do not like enforced limitations coming all of a sudden, especially if those come during/after the service was paid for.
For example I do not use HostHatch for email at all. This change does not affect me. But if he enforces a change like this, and also has the balls to call it an industry standard (yet his accounts are created using email accounts), then I can't trust this provider anymore. One day he may do the same with port 80, simply because Google and Mozilla have a warning sign with exclamation mark, on unencrypted websites, making it an "industry standard" warning.
I did not open a ticket. I do not need port 25. But I consider this should be used as a feature with a web firewall. Otherwise, clients are no longer "innocent until proven otherwise", because they have to justify themselves for port 25, by telling a story of their life and their needs.
Oh noes, I need to reconfigure my msmtp! already using 465, meh.
No idea why people are so fired on by this, this is quite common along providers (Lowend or not). If all it takes is a simple ticket without any kind of bullshiting then it seems all good?
You want a checkbox in panel? 95% will click it "just for future, maybe I will need it one day"... get VPS/soft/shit hacked and start spamming. :-D
Sure, there will be some smart enough people that know what they do and this will limit them but this is how it works most of the times in real life - majority is idiots, you protect them by hurting small % that knows stuff.
Since we’re asking for things we’re not owed, @hosthatch can you give me the ratio of riled up to paying customer when the thread starts to die down?
People just CBF to create tickets I suppose
I certainly am affected by the upcoming change. However, I opened a ticket yesterday night and got a response from Emil (thanks!), stating that my account (with all current and future servers) will be unblocked, once the restriction is set into place. The response came 1 hour later.
I actually see no valid point in going another way as of now. DPI could be worse imho, as I believe it is definitely more prone to errors. And I actually would appreciate to not get DPI on my mails (especially if the other mailserver can not speak encrypted).
Additionally, if a non mail sending server gets hacked, and starts to spam around, the owner would certainly not notice it, and if HostHatch notices it, its too late already (in terms of blacklist and similar).
However, I agree, that some information, either in the panel and/or while ordering, about the block would be great. To avoid further confusion and drama.
Just my two cents
Did someone hurt your feelings cause you'd actually have to do something? Aaah. Funny shit.
As long as my email server is secured, no one is sending shit out of it but my "neighbor" is doing that...hell, that IS your problem.
Someone needs to tell your doctor that the stimulants are making you unreasonably agitated and combative.
I was just pointing out the obvious
OP is currently working on blocking incoming mails/notifications due to the surge of comments on this thread