1

We have a connection with dynamic IP address.

We have an SMTP server behind that.

Q: What are the solutions to make it work in real life? The problem is the IP could change, how to put a domain before the changing IP? DynDNS like solutions... I don't know.. cannot be trusted.

Since IP could change, can the blacklisting cause problems?

pepite
  • 111
  • 3
  • 4
    You don't want to do that. The fact alone that it is a dynamic IP address will increase your score in spam recognition. – Gerald Schneider Dec 15 '16 at 15:25
  • 1
    I tried this with No-IP, even with SPF and DKIM setup in an effort to increase the reputability of the server it was blacklisted nearly straight away for simply being on a known dynamic range. – tobyd Dec 15 '16 at 15:29
  • 4
    You cannot reliably run a mail system behind a dynamic IP. Period. Many other options exist. As an example, you could have some hosted mail service that pulls mail into your private mail server and let the private server use this as a smarthost. I do this sucessfully in one environment, although this is only still maintained like that due to historical reasons and inertia - it works but isn't optimal. – Sven Dec 15 '16 at 15:29
  • The main problem is not only a technical regarding blacklisting (how will you set proper reverse DNS for a dynamic IP?), but also a problem of trust. If you have a dynamic IP and it changes. Who is your previous IP assigned to and how to you make sure that this one doesn't get access to data which is supposed to be routed to your server? You simply can't. – s1lv3r Dec 15 '16 at 15:38

1 Answers1

1

Public MX Server on DHCP

While folks are correct in that it will not work (as stated), there is a way around this. You will need a VM with an IP that has a good reputation (never sent spam).

  • Set up FCrDNS on it.
  • Configure a VPN (such as OpenVPN or Tinc) and connect to it from your DHCP host.
  • Configure postfix to relay mail over your VPN back to the host that has DHCP using the private VPN IP.
  • Configure the firewall on that VM to allow port 25 TCP and to allow your VPN traffic.
  • Point your MX records to that VPS/VM host.

Now your DHCP host will receive email from your VM any time it is connected. If the connection is interrupted, the mail will queue up until your DHCP host has reconnected back into it.

Aaron
  • 2,859
  • 2
  • 12
  • 30