| 1 |
On 8/17/20 6:10 AM, Wols Lists wrote: |
| 2 |
> Yup. If you've got mail DNS records pointing at your home server, |
| 3 |
> incoming mail shouldn't be a problem and your vps admin can't snoop |
| 4 |
> :-) |
| 5 |
|
| 6 |
True. |
| 7 |
|
| 8 |
But the ISP can still sniff the traffic and you can be subject to DPI. |
| 9 |
|
| 10 |
> Can't you tell your server to forward all outgoing mail to your |
| 11 |
> ISP's SMTP server? That way, you don't have to worry about all the |
| 12 |
> spam issues, and it *should* just pass through. |
| 13 |
|
| 14 |
That can start to run afoul of some SPF configurations. Or you must |
| 15 |
allow your ISP's SMTP server to send email as you. Which means that |
| 16 |
other ISP users can also send email as you. You are also beholden to |
| 17 |
the ISP's SMTP infrastructure not changing, lest a change on their end |
| 18 |
breaking your SPF configuration. I would probably recommend an ESP's |
| 19 |
SMTP service over your ISP's SMTP service as the ESP will have more |
| 20 |
experience with this because it's part of their business model. |
| 21 |
|
| 22 |
"Should" is the operative word. |
| 23 |
|
| 24 |
There is also the fact that your outbound email will now potentially, if |
| 25 |
not likely, sit in the ISP's SMTP server queue, thus re-introducing an |
| 26 |
opportunity for it to be scrutinized. |
| 27 |
|
| 28 |
> The main worry for snooping is inbound mail waiting for collection - |
| 29 |
> outbound requires a dedicated eavesdropping solution and if they're |
| 30 |
> going to do that they can always snoop ANY outgoing SMTP. |
| 31 |
|
| 32 |
It depends what you mean by "dedicated eavesdropping solution". General |
| 33 |
network sniffing and / or DPI does not fall under many definitions of |
| 34 |
dedicated. |
| 35 |
|
| 36 |
Carte blanch redirecting / intercepting SMTP traffic through one of |
| 37 |
their hosts is also possible. |
| 38 |
|
| 39 |
Your local / residential ISP can't do anything if you tunnel your |
| 40 |
outbound SMTP through an encrypted connection to a VPS. But that |
| 41 |
re-introduces other complications of VPSs. |
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
-- |
| 46 |
Grant. . . . |
| 47 |
unix || die |
Archives