Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Mail hosting use-case question Migadu/MXRoute/others?
New on LowEndTalk? Please Register and read our Community Rules.

Mail hosting use-case question Migadu/MXRoute/others?

I'm on the hunt for a new mail hosting company. I've been with Host Gator for years but their gawdawful customer service and mediocre performance has me looking to make a change (in the short term they would still be handling my DNS).

I'm a network security engineer who operates two domains, one for a business I own and one personal. There are about 10 mailboxes between the two domains and no more than a few hundred emails in/out of all accounts per day. I know a lot about internet security, but not much about email.

I run a mail filter/gateway security appliance that receives my incoming mail and then sends it back to the mail provider. This is not working well with Host Gator and I haven't been able to figure out why. Basically sometimes with Host Gator I can see the mail appliance sent the mail but it doesn't show up in my inbox. Other times it does.

Basically I point MX record to this box (FortiMail) which does threat protection and spam filtering on the mail feed and then sends it out to the host on SMTP port 25. Clients then get their mail from the mail host.

Is this a pretty basic thing or would it require specific capabilities from a hosting company? Is there any concern about my mail being marked spammy if it comes through the relay? AFAIK the relay doesn't alter anything in the mail headers other than that it will be transmitted "from" an IP that isn't an IP owned by the original sender, so not sure if this instantly causes a failed SPF check.

I would also make heavy use of email forwarders, which I use to protect my actual accounts. Host Gator leaks my real email when I reply to a message that came through a forwarded email handle and I'd like to eliminate that behavior with the new host if I can.

Right now I add forwarders quite often just using cpanel, so hopefully I can find a provider where doing this is equally painless.

Thanks!

Comments

  • alentoalento Member, Host Rep

    I have no experience with Migadu, so someone else will have to chime in there.

    Host Gator is horrible, so it is good that you're leaving them behind.

    I am going to suggest that MXroute would be a good fit for you, but seriously, lose the mail filter/gateway.

    Forwarders are fine and are equally easy to add. You could also use a catch-all and not have to worry about adding them.

    I have never looked at headers from a reply to a forwarded email though, so can't tell you about the headers.

  • Migadu and MXRoute are good choices.

    Your questions are very specific but those two providers and some of the most nerdy email providers that there is, so you’ll surely get your answers.

    For Migadu, just send them the questions on their contact form.

    For MXRoute, let’s tag the chief twit himself, @jar.

  • Also, might be way off-league here, but have you considered iCloud?

    Probably works best if you’re on iPhone/Mac though, but for less than a buck a month (for me, paying in SEK), they allow custom domains as well as extremely easy to use disposable email adresses.

    Very neat, my iCloud is probably my best bang-for-the-buck hosting package I’ve got at the moment.

    Crazy to think about that, Apple being a top lowend provider.

  • @alento said:
    I have no experience with Migadu, so someone else will have to chime in there.

    Host Gator is horrible, so it is good that you're leaving them behind.

    I am going to suggest that MXroute would be a good fit for you, but seriously, lose the mail filter/gateway.

    Forwarders are fine and are equally easy to add. You could also use a catch-all and not have to worry about adding them.

    I have never looked at headers from a reply to a forwarded email though, so can't tell you about the headers.

    I mean their horrible to an average LET user but they’re not horrible in the grand scheme of things.

    Just imagine a construction company website, sending 1-10 emails a day, getting 1-10 visitors a day.

    Imagine the drawbacks of paying a bit extra and the website not being lightning fast.

    Now, instead imagine the drawbacks of their hosting crashing 3 months in and they have no idea what to do.

    EIG companies have their place in the market and not without reason.

    Thanked by 1rtsh
  • @alento said:
    I have no experience with Migadu, so someone else will have to chime in there.

    Host Gator is horrible, so it is good that you're leaving them behind.

    I am going to suggest that MXroute would be a good fit for you, but seriously, lose the mail filter/gateway.

    Forwarders are fine and are equally easy to add. You could also use a catch-all and not have to worry about adding them.

    I have never looked at headers from a reply to a forwarded email though, so can't tell you about the headers.

    I work with the mail filter product professionally so it seems silly that I would not use it for my own rinky dink domains but recommend it to clients who have thousands of email boxes.

    It definitely has better spam/virus/url/phishing filter capabilities than what providers are able to do, if I had to pay for it, even a small installation would be a couple thousand bucks a year.

  • @emgh said:
    Also, might be way off-league here, but have you considered iCloud?

    Probably works best if you’re on iPhone/Mac though, but for less than a buck a month (for me, paying in SEK), they allow custom domains as well as extremely easy to use disposable email adresses.

    Very neat, my iCloud is probably my best bang-for-the-buck hosting package I’ve got at the moment.

    Crazy to think about that, Apple being a top lowend provider.

    I wasn't aware that iCloud allowed you to bring your own domain so I will have to look into this.

    On the other hand I've seen many times where Apple either abandons a product/offer or jacks the price up substantially.

    Between all Domains/users I'd need about 10+ Gb in the immediate and probably 20-30Gb for growth over the next 2-3 yrs.

  • ericlsericls Member, Patron Provider

    I’m using Migadu right now. No problems

  • jarjar Member, Patron Provider

    You can't put your own filter in front of any email service and expect it to not add problems. Bare minimum, you break SPF for every email you redirect to the mail server, which increases the likelihood that every email is viewed as spam, and rightfully so.

    I've never met anyone who runs their own mail filter server that actually ran anything worth having, it's always been just a hobbyist who enjoyed the work and maybe, at one time or another in the past, saw a subjectively positive net result while doing so.

    At MXroute, I won't whitelist your filter server because that means I trust you implicitly and if you screw up, I have to screw up with you. The implications for that extend beyond just your account, and that's why I can't. I'm sure you'd understand, you wouldn't put a customer of yours in charge of anything that might impact your other customers down the line either, it's just not good business. But what I will do is offer you the ability to contribute to global spam filters: https://github.com/mxroute/spamassassin_rules/blob/main/local.cf

    Thanked by 1crilla
  • Thanks @jar for taking the time to respond.

    Normally this product gets installed at a premise where it would sit in front of the client's actual local mail server, or they can run this as the mail server. It's normally used by larger businesses, not hobbyists like me.

    For me, since I have clients that have it or might have questions about it, it's a good idea to have it deployed in a working environment for myself where I can configure the features and try things out.

    My primary concern with doing this was with breaking SPF, and you've confirmed that will be a problem, so I will check with other providers to see if they have any other options for me.

    I could just run the device itself as the mail server, but I don't really want the hassle of having to maintain/support/back-up the unit so would prefer to have a real mail hosting company.

  • voipninjavoipninja Member
    edited November 2022

    Looking into things a bit further, is SPF automatically broken just by the transmitter of the email having an IP that is not owned by the sender if none of the headers are changed?

    If that were the case it seems that any time a message arrived from a different part of the public network SPF would get broken, by passing through different routers etc.

    The gateway does not in any way modify the mail headers and does not generate actual outbound “mail” only inbound mail is relayed.

  • jarjar Member, Patron Provider

    SPF is tested against the connecting IP and envelope sender, headers won't matter.

  • @ericls said: I’m using Migadu right now. No problems

    Migadu website looks really neat, Looks like everything is put together with a lot of care.

  • I've recently tried Migadu, happy with the service except the sending limits (20 out/day for their basic plan for $19/y which goes to 100/day for $9/month) and no Exchange ActiveSync support. So I'm looking forward the upcoming BF to see if there are any other better options.

  • jarjar Member, Patron Provider

    @misaka said: no Exchange ActiveSync support

    You'll really do yourself a favor by either dropping that requirement or adding the requirement that you'll only use official Exchange servers. When email client updates drop, you're lucky that official Exchange servers themselves aren't broken with ActiveSync, third parties that tried to reverse engineer screwy adaptations of it quite often are. Rest assured, there is only actual ActiveSync or screwy reverse-engineered adaptations.

    Thanked by 1misaka
  • Migadu got back to me and said that white listing a single inbound IP for my inbound mail would not be a problem. They are more expensive for accounts and have a fairly low threshold for outbound email transmission but the trade off might be worth it for my use case.

  • @voipninja said:
    I run a mail filter/gateway security appliance that receives my incoming mail and then sends it back to the mail provider. This is not working well with Host Gator and I haven't been able to figure out why. Basically sometimes with Host Gator I can see the mail appliance sent the mail but it doesn't show up in my inbox. Other times it does.

    If you're doing this, why wouldn't you want to just deliver locally and then pickup your mail via POP3? What benefit do you think adding MXroute into the mix will add for you?

    If you think you can block spam better than him, then just do it yourself. If you can't, just deliver straight to MXroute.

  • mailcheapmailcheap Member, Host Rep

    I got a similar query the other day, here's my response.

    Our system is designed with this in mind as whitelists have precedence over blacklists, i.e., you can blacklist all IPs using CIDR netblocks and whitelist the IPs of your inbound filter. This way only mail from the whitelisted IPs are passed through.

    The system offers 3 levels of configurable spam filter tuning for each of the permission level [0] (account type) provided by the system:

    • Global antispam thresholds and whitelist/blacklist rules managed by MasterAdmin permission level in Cloud/Dedicated servers [1]
    • Per-domain antispam thresholds and whitelist/blacklist rules managed by DomainAdmin permission level in Shared plans and also supported by Cloud/Dedicated servers [2]
    • Per-user antispam classification and one-click spam/ham learning managed by MailUser permission level in all plans [3]

    Finer points to consider for your specific usage:

    • Global antispam blacklists reject mail at the gateway while per-domain antispam blacklists scores/tags mail and sends them to junk folder.
    • AV filtering cannot be turned off on Shared plans as the configuration is applied server-wide.

    [0]: https://www.mailcheap.co/help/nms/setupmail/#what-is-mail-portal
    [1]: https://www.mailcheap.co/help/nms/setupmail_masteradmin/#configure-global-mail-settings
    [2]: https://www.mailcheap.co/help/nms/setupmail_advanced/#whitelist-blacklist-senders-per-domain
    [3]: https://www.mailcheap.co/help/nms/setupmail_mailuser/#antispam

    Pavin.

  • HostGator was bought by Endurance International Group (EIG). I helped several businesses and people migrate away from HostGator after the takeover.

    I helped others with similar issues after EIG bought their providers. That includes me. I watched EIG ruin Arvixe within a month or two after they acquired it. Service went into the toilet almost immediately.

    Moving away from HostGator is a smart move. I strongly urge people to stay away from EIG-owned companies. Don't believe me? Do your own research and you will understand.

  • @ralf said:

    @voipninja said:
    I run a mail filter/gateway security appliance that receives my incoming mail and then sends it back to the mail provider. This is not working well with Host Gator and I haven't been able to figure out why. Basically sometimes with Host Gator I can see the mail appliance sent the mail but it doesn't show up in my inbox. Other times it does.

    If you're doing this, why wouldn't you want to just deliver locally and then pickup your mail via POP3? What benefit do you think adding MXroute into the mix will add for you?

    If you think you can block spam better than him, then just do it yourself. If you can't, just deliver straight to MXroute.

    As I mentioned I’d prefer not to host my own mail server. If the relay goes down or I don’t want to use it down the road I can simply change the MX record for the domains back to the hosting company.

    As far as spam filtering goes, these are enterprise level services that offer more than just spam filtering based on things like black lists and spam assassin. Cisco Fortinet, Microsoft, barracuda all offer these relay boxes for a reason.

    For my personal and biz use it’s unlikely it will be substantially better than something a competent provider can do but I want to run it for professional skills reasons. I get paid a lot of money to consult with clients on this stuff.

  • @mailcheap said:
    I got a similar query the other day, here's my response.

    Our system is designed with this in mind as whitelists have precedence over blacklists, i.e., you can blacklist all IPs using CIDR netblocks and whitelist the IPs of your inbound filter. This way only mail from the whitelisted IPs are passed through.

    The system offers 3 levels of configurable spam filter tuning for each of the permission level [0] (account type) provided by the system:

    • Global antispam thresholds and whitelist/blacklist rules managed by MasterAdmin permission level in Cloud/Dedicated servers [1]
    • Per-domain antispam thresholds and whitelist/blacklist rules managed by DomainAdmin permission level in Shared plans and also supported by Cloud/Dedicated servers [2]
    • Per-user antispam classification and one-click spam/ham learning managed by MailUser permission level in all plans [3]

    Finer points to consider for your specific usage:

    • Global antispam blacklists reject mail at the gateway while per-domain antispam blacklists scores/tags mail and sends them to junk folder.
    • AV filtering cannot be turned off on Shared plans as the configuration is applied server-wide.

    [0]: https://www.mailcheap.co/help/nms/setupmail/#what-is-mail-portal
    [1]: https://www.mailcheap.co/help/nms/setupmail_masteradmin/#configure-global-mail-settings
    [2]: https://www.mailcheap.co/help/nms/setupmail_advanced/#whitelist-blacklist-senders-per-domain
    [3]: https://www.mailcheap.co/help/nms/setupmail_mailuser/#antispam

    Pavin.

    Thanks Pavin sounds like you guys have other clients doing this and hosting with you guys wouldn’t pose a problem. My relay will do all SPF hard and soft fails and other checks I want to do so anything being delivered to my account on my transmission IP would be clean.

    I will price you guys out compared to Migadu and look at your admin tools how you handle forwarded mail etc.

    Thanked by 1mailcheap
  • I just wanted to update that I’ve signed up with Mail Cheap. All of my questions were answered, the tools, migration assistant, whitelist of IP sender address, etc. made it for me to use them for my hosting. Have already started migrating my setup over there.

    Thanked by 1mailcheap
  • jarjar Member, Patron Provider

    @voipninja said:
    I just wanted to update that I’ve signed up with Mail Cheap. All of my questions were answered, the tools, migration assistant, whitelist of IP sender address, etc. made it for me to use them for my hosting. Have already started migrating my setup over there.

    Solid choice for sure.

    Thanked by 1mailcheap
  • I think my use case is a little atypical. I do appreciate you answering my previous questions. I would have no problem recommending either service or even Migadu for persons who it would be a good fit for. Most of the mail users I know wouldn’t be doing the things I’m doing.

Sign In or Register to comment.