1 |
On 8/17/20 6:10 AM, Wols Lists wrote: |
2 |
> Yup. If you've got mail DNS records pointing at your home server, |
3 |
> incoming mail shouldn't be a problem and your vps admin can't snoop |
4 |
> :-) |
5 |
|
6 |
True. |
7 |
|
8 |
But the ISP can still sniff the traffic and you can be subject to DPI. |
9 |
|
10 |
> Can't you tell your server to forward all outgoing mail to your |
11 |
> ISP's SMTP server? That way, you don't have to worry about all the |
12 |
> spam issues, and it *should* just pass through. |
13 |
|
14 |
That can start to run afoul of some SPF configurations. Or you must |
15 |
allow your ISP's SMTP server to send email as you. Which means that |
16 |
other ISP users can also send email as you. You are also beholden to |
17 |
the ISP's SMTP infrastructure not changing, lest a change on their end |
18 |
breaking your SPF configuration. I would probably recommend an ESP's |
19 |
SMTP service over your ISP's SMTP service as the ESP will have more |
20 |
experience with this because it's part of their business model. |
21 |
|
22 |
"Should" is the operative word. |
23 |
|
24 |
There is also the fact that your outbound email will now potentially, if |
25 |
not likely, sit in the ISP's SMTP server queue, thus re-introducing an |
26 |
opportunity for it to be scrutinized. |
27 |
|
28 |
> The main worry for snooping is inbound mail waiting for collection - |
29 |
> outbound requires a dedicated eavesdropping solution and if they're |
30 |
> going to do that they can always snoop ANY outgoing SMTP. |
31 |
|
32 |
It depends what you mean by "dedicated eavesdropping solution". General |
33 |
network sniffing and / or DPI does not fall under many definitions of |
34 |
dedicated. |
35 |
|
36 |
Carte blanch redirecting / intercepting SMTP traffic through one of |
37 |
their hosts is also possible. |
38 |
|
39 |
Your local / residential ISP can't do anything if you tunnel your |
40 |
outbound SMTP through an encrypted connection to a VPS. But that |
41 |
re-introduces other complications of VPSs. |
42 |
|
43 |
|
44 |
|
45 |
-- |
46 |
Grant. . . . |
47 |
unix || die |