New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Dacentec SMTP inspection / man in the middle for all customers?
Anyone have experience with Dacentec?
I have been colocating with them for 4 months now and recently changed my IP allocation, the old IPs I never had issues with Gmail marking emails as not encrypted in transit. Then I changed IPs to a new block; and that seems to be behind an SMTP proxy that I can't escape.
This is a weird practice, they said they would not disable this SMTP proxy and told me to buy services from a mail relay service. My anecdotal evidence is that the original IP block I was given did not have this issue but since I changed IPs it is now evident a proxy exists.
Comments
Not really a weird practice, it's pretty common to block or limit outgoing email.
I'm kinda curious why you had to change IPs
Did the provider notify you before purchase of the new IP segment about the SMTP limitations or proxy implementation?
Usually SMTP limitations are not on the network but rather software enforced e.g. between webserver and postfix, so this is new to me and prone to bad shit.
So I would say the first thing you should do to check the TOS you signed, if it states that such a system is implemented then I am sad to inform you, you are SOL. You where probally lucky with your previous ip allocation that might have been older and as such not had that setup done.
Honestly though I would just get a service like mxroute or similar as there pretty cheap and are much easier way to send e-mails.
If it was pure webhosting you could be correct but this is colocation, there is no other way to do it then on network level. This is common among vps, dedicated or colocation providers.
I don't think I've ever had a provider proxy my emails like that, is it really common?
Nah this isn't common AT ALL. I've used a few colo facilities, lots of dedicated servers... I've never seen any sort of SMTP proxy... Sounds like Dacentec is on my list of providers to never use for anything now, sad as they used to be good. I wonder if that limitation exists for people using their own IP space/BGP..
This is interesting. I've been in the space for a little over a decade and never have seen this. Did you check their TOS to see if it was mentioned at all?
This doesn't seem new.
People in 2018 were having errors with email deliverability due to their MiTM system stripping headers.
OVH did it for a long time, so did Heficed. Many more I'm sure. Most people were just blissfully ignorant of it until it started breaking that little lock icon in Gmail.
I like to cite the time OVH shut off SMTP for my IP on one of their VPS. It was an inbound relay so it held inbound email and then relayed it back to my main SMTP server. Obviously it relayed some spam but only to my other server, at another datacenter (Incero at the time). OVH cut off SMTP and sent me a list of email subjects that justified the block. I guess they stopped doing it before most people realized it was happening, but it wasn't exactly a short stretch of time.
Ah thanks, had no idea
Don’t know if proxying email on the provider side for colo can be considered common though
Guessing this is unencrypted smtp (port 25), or can they proxy smtps (port 465 or 587)?
Edit- Nevermind, I guess it doesn't matter, port 25 is still going to be used when reaching the MX servers for any domain, and port 465/587 are really just for private relays.
It's pretty common, I've installed a lot of such setups.
Most providers do it just to set a rate limit, so 99.9% of users never even notice since they are no way nere the limits.
I cant say how the lowend market looks, but when you get to bigger players you will have to look very hard or pay extra to get a completely unlimited outgoing smtp. No serious provider wants to get blacklisted due to hosting spammers.
The IPs they gave me for my colocated server were blacklisted at apple.com/icloud - microsoft/outlook.com and other major ones. Asked for a clean IP block after showing them emails from microsoft support
There is no SMTP limitations that I could find in their terms and conditions or AUP.
https://billing.dacentec.com/hostbill/aup.php
https://billing.dacentec.com/hostbill/terms.php
At least according to what I saw/see: yes, it's increasingly common - and it makes sense IMO. Why, as a hoster, should you allow a few spammers to tarnish both your reputation and your IP-ranges.
Funny side note: I once had a VPS with such a "no outgoing emails from VPSs" hoster. When I noticed it (I usually don't look for email policy because from most of my servers I pretty much never send emails) I told them, that I needed port 25/SMTP to work, but only for a few emails (grand max 25 per day, usually more like 2 - 5) and spread over the whole day, i.e. evidently not spamming. Within a few minutes I could SMTP and got a ticket response telling me.
It's becoming more relevant to note which providers are more smtp-friendly, and which ones ain't.
I'd rather my provider block smtp by default, open it with a ticket request, then count smtp traffic.
That helps stop unintended spamming, and ensures clients are aware they want smtp. Makes clients pay attention so to not lose their unblocking. If smtp traffic counting is possible by the provider, raise a flag when it reaches excessive levels.
Provider proxying mail opens a lot of potential issues like: message integrity, privacy, latency, loss of using my original IP, more false spam detection, scalability, increased loss mail possibility, and loss of actual delivery logs.
I would argue that latency is not really a problem when it comes to email delivery and more false spam detection/increased loss mail possibility should not be a problem if the people involved know what they are doing, but otherwise you make good points. Things like integrity and privacy comes into question, and of course trying to troubleshoot delivery when all you see is the traffic between you and the proxy becomes a nightmare.
But then again those kind of solutions are usually just to let users send an occasional report mail from their vps. If you are planning to run an actual mailserver, a provider with a blocked smtp port is obviously not a good choice.
Definitely. I believe no host really wants to put resources into supporting a mail relay as part of the hosting service. It makes sense if they have a sister business that does mail relay, but if keeping IP addresses clean is a priority, they should block mail ports. The hosts that unblock will get the clients that need it.
Sorry to hear Dacentec chose to proxy traffic. I get their desire to nail down a clean IP problem, but that's a really big hammer for some.