Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Spamhaus And their Ridiculous Rules

reikuzanreikuzan Member
in General

Hello LET.

i was wanting to learn and setting up simple mail server, nothing fancy only capabilities for send and recieve mail from other server like gmail and such.

setting up postfix, dovecot, dkim spf dmarc and such.
Port 25 open. (Thank you generous provider)

yet my ip get flagged by spamhaus for css listing after a week.

Making my port 25 force closed by my VPS provider
(good job spamhaus)

Spamhaus saying my server need setting and follow mail config like big evil tech google,
and test to the mail test at

https://aboutmy.email

then i decide send email using gmail there to get general setting needed,

yet it says email Sent using gmail are Doesn't comply with Yahoo / Google requirements. :)

Its clear atleast for me, spamhaus and their strict rules are just wanting to punch small mail server operator. xD

Comments

  • MikeAMikeA Member, Patron Provider
    edited June 9

    You must have a misconfiguration or something. How did you setup your email server, did you do it all manually by hand or use a mail server suite software and if so which one? Spamhaus doesn't blacklist IPs for no reason, despite what some people like to think.

    You shouldn't run a mail server if you're not familiar with the setup, configuration, and security. If not use a "AIO" suite like Mailcow.

    Thanked by 7luckypenguin reikuzan NotFoundException buggedout mrTom tentor nghialele
  • reikuzanreikuzan Member

    yes im still learn. so it all manual. dovecot postfix and such.

    im still learning on dkim spf smarc thing.

  • luckypenguinluckypenguin Member

    if you didn't set FcRDNS, SPF, DKIM, and lately DMARC, you can forget about mailing big corps. Running my own mailserver nearly 20 years and never had issues with blocklists.

    Thanked by 3reikuzan mrTom JohnnySac
  • reikuzanreikuzan Member

    @luckypenguin said:
    set FcRDNS, SPF, DKIM, and lately DMARC

    yes. im still new to those feature and setting it up slow but sure. but yet spamhaus still decide to punch me out

  • luckypenguinluckypenguin Member

    @reikuzan said: yes. im still new to those feature and setting it up slow but sure. but yet spamhaus still decide to punch me out

    You misconfigured your server to act like a typical spambot and complain about them?
    They are cunts but for whole different reasons than this. Fix your shit and they will delist.

    Thanked by 6reikuzan NotFoundException buggedout tentor ralf zejjnt
  • MikeAMikeA Member, Patron Provider

    @reikuzan said:

    @luckypenguin said:
    set FcRDNS, SPF, DKIM, and lately DMARC

    yes. im still new to those feature and setting it up slow but sure. but yet spamhaus still decide to punch me out

    I'd recommend using a mail server suite that handles everything for you then. Your issues with the blacklist are due to your misconfiguration. The Spamhaus listing usually has general information about some reasons it could be.

    Thanked by 3luckypenguin NotFoundException reikuzan
  • reikuzanreikuzan Member

    yes im still learning, yes i may misconfigure DKIM and such. and will fix those up.

    but the other point:

    email sent to the email tester service provided by spamhaus saying email sent from gmail are not following gmail requirement

    Thanked by 1zejjnt
  • luckypenguinluckypenguin Member

    @reikuzan said: email sent to the email tester service provided by spamhaus saying email sent from gmail are not following gmail requirement

    For bulk mail senders.
    First, it should not be a free email like gmail. Then you need a visible unsubscribe link,
    and List-Unsubscribe header for a one-click unsubscribe. Those are your missing 3.

    Thanked by 1reikuzan
  • reikuzanreikuzan Member

    @luckypenguin said:

    @reikuzan said: email sent to the email tester service provided by spamhaus saying email sent from gmail are not following gmail requirement

    For bulk mail senders.
    First, it should not be a free email like gmail. Then you need a visible unsubscribe link,
    and List-Unsubscribe header for a one-click unsubscribe. Those are your missing 3.

    Thanks, but i wont setup relay and such for bulk.

    only basic email capabilities send recieve. and from other mail server too. will look it up.

  • reikuzanreikuzan Member

    On side note, mail client like thunderbird and k-9 mail (espesially on android) , when setting up account server,

    at login method , when choose "Encrypted Password" it keep ask server to support CRAM-MD5 thing when server already support SCRAM.

    anyone knows something about this?
    when i ask ai CRAM over tls are producing no additional sakkurity compared PLAIN LOGIN over TLS.

    and adviced to use SCRAM instead.

    but mail client said "No, i need CRAM"

  • reikuzanreikuzan Member

    Bump

  • NetralexNetralex Member

    @reikuzan said:
    Bump

    No, fix/secure your mail server and tell them you fixed your stuff. No bump needed, spamhaus is annoying but you probably misconfigured your stuff which abusers abused.

    Thanked by 1reikuzan
  • LeviLevi Member

    No spam no cry as per Bob Marley.

    Thanked by 2Netralex reikuzan
  • AndreixAndreix Member, Host Rep
    edited June 9

    The non-negotiable checklist for any self-hosted mail in 2026

    SPF record in DNS that authorizes every IP that sends mail for your domain. This includes your VPS, your web server if it sends notifications, and any third-party services.
DKIM signing on outbound mail, with the public key published in DNS. The selector in your MTA configuration must match the selector in DNS exactly.
DMARC policy (start with p=none, verify alignment, then tighten to quarantine or reject).
TLS everywhere. Inbound and outbound. Valid certificates, not self-signed. Let's Encrypt works.
Reverse DNS (PTR record) for your sending IP that matches the hostname in your HELO/EHLO.
Monitoring. You need to know when mail stops being delivered, not find out weeks later when someone mentions they never got your reply.

    If any of these are missing, the architecture will fail at some point. Not maybe. Will.

    https://www.serverspan.com/en/blog/self-hosting-email-2026-architectures-that-still-work

    Thanked by 4reikuzan MikeA zejjnt quicksilver03
  • reikuzanreikuzan Member

    @Andreix said:
    The non-negotiable checklist for any self-hosted mail in 2026

    SPF record in DNS that authorizes every IP that sends mail for your domain. This includes your VPS, your web server if it sends notifications, and any third-party services.
DKIM signing on outbound mail, with the public key published in DNS. The selector in your MTA configuration must match the selector in DNS exactly.
DMARC policy (start with p=none, verify alignment, then tighten to quarantine or reject).
TLS everywhere. Inbound and outbound. Valid certificates, not self-signed. Let's Encrypt works.
Reverse DNS (PTR record) for your sending IP that matches the hostname in your HELO/EHLO.
Monitoring. You need to know when mail stops being delivered, not find out weeks later when someone mentions they never got your reply.

    If any of these are missing, the architecture will fail at some point. Not maybe. Will.

    https://www.serverspan.com/en/blog/self-hosting-email-2026-architectures-that-still-work

    Wow. Thank you very much. will look into it

  • TimboJonesTimboJones Member

    @reikuzan said:
    yes im still learning, yes i may misconfigure DKIM and such. and will fix those up.

    but the other point:

    email sent to the email tester service provided by spamhaus saying email sent from gmail are not following gmail requirement

    Why are you intentionally not being helpful? Post the 6/9 things it found, duh. That should be the only purpose of this thread.

  • reikuzanreikuzan Member

    @TimboJones said:

    @reikuzan said:

    Why are you intentionally not being helpful? Post the 6/9 things it found, duh. That should be the only purpose of this thread.

    luckypenguin says its needed for bulk mail sender. for persone who want basic email send receive from other server too, its not needed if i understand it correctly.

    Still funny tough, to see gmail email are not following google / yahoo requirement.

    anyway what am steel need to know. is when mail client still need CRAM-MD5 (to use encrypted oassword in mail client) When the server already configured with SCRAM

  • luckypenguinluckypenguin Member

    @reikuzan said: Still funny tough, to see gmail email are not following google / yahoo requirement.

    Nothing is funny, this tool is used for bulk mail senders.
    So obviously, for a small personal mail you don't include those missing 3 checks.
    But you have way many more problems with your self hosted server.

    Also, you have to register on https://postmaster.google.com and verify your DMARC.

    Thanked by 2reikuzan TimboJones
Sign In or Register to comment.