I’m aware most ISPs do not allow for port 25 to be open for email use outside of business licenses, but at what level is that controlled? Can I get around that by owning my own router? Owning my own modem or ONT? Or is this just a thing they mystically control further up the pipeline that a relative layman such as myself can’t get around?
They do that upstream, so there’s nothing you can do on your router to change that.
One solution I’ve used in the past is run hoppy.network to get a public IP (it’s basically a VPN). Then your home computer has all ports open on that IP, since everything goes through an encrypted tunnel.
hoppy.network seems like a very expensive Wireguard provider ($8/month for 1TB@100mbit). For that purpose one can spend half that for a VPS with gigabit speeds, even a quarter that during promotions. That provides the same services plus whatever else you can fit to it. What am I missing that they provide?
I like supporting small business. 🙂
Also, depending on the VPS provider, you might get a lot of sites blocked. When I ran a VPN on Digital Ocean I couldn’t access USPS, OpenAI, imgur, and couldn’t leave comments on YouTube. I assume because of too many bots running on DO.
Thanks! I’ll look into that
We do that upstream, no way for you to avoid it. For good reason too, our team handling abuse notifications mails was super swamped with people whose ancient XP PCs had malware sending spam.
Forget running your mail server on a residential IP anyway. You’ll be instant blocked by any mail provider, residential IPs are always spam, because of the aforementioned XP PCs.
Personally I wouldn’t self host mail anymore anyway. Too much trouble.
I’ve been running my own mail server using Mail-in-a-box on a digitalocean VPS for about 10 years. I also pay for an external SMTP relay service because I still get randomly blocked by Google/Microsoft/whatever just by virtue of having a digitalocean IP.
Total cost is $15/mo for the VPS and $50/yr for the relay service.
You’re already using an SMTP relay so why not host your Mail-in-a-box server at home? Been doing that for years. Also, check out Mailcow if you’re interested in running your server as a docker container.
I’ve been running my own mail server since ~2002. For many years I was using qmail, of all things, on a home ISP connection. I wrote a semi-popular guide on adding spamassassin support to qmail. I was a true believer!
When hosting email from consumer internet became untenable, I migrated to digitalocean and Mail-in-a-box. To be honest, it’s worth the $15 to have a 100% always-on device hosting the email. I host lots of other stuff at home and having email be a separate thing makes it much easier.
Your ISP controls what ports you can access using one or more firewalls and traffic control devices somewhere past the point where you connect to their network.
They can block whatever ports they want. The only way around this is to use a VPN, which creates a tunnel directly from your device to a remote server to route traffic. This still goes through your ISP and whatever firewall they have but does so over a port that they (probably) don’t block. They can’t see what ports your web or network requests are using so they can’t block it directly.
Depending on your technical know how and what type of router you have, you could set up a VPN at the device level (PC, phone, etc.) to send just requests from that device or at the router level which could send all traffic from your network through the VPN.
It’s important to remember when using a VPN that the VPN servers can still see (and potentially log) all of your traffic, even if your ISP cannot. You still need to find a VPN service that you trust to not monitor your traffic.
I’m not terribly worried about a service seeing my traffic, the initial concept was for a self-hosted server to run a business email and site and some tools on, but I can’t do email through my ISP without paying an arm and a leg, and my business doesn’t make enough for that…
For a small business, a service such as GoogleApps or Microsoft365 is likely going to be a cheaper solution than self hosting this. Plus including productivity applications and cloud storage as part of the package in most instances.
It will be much, much safer as well. If you’re unsure of how to do this, do not do it yourself. Setup a home lab, sure. Use it to learn but do not run your business this way!
Source: Am e-mail admin.
Is there a service that is only email? Most of the offerings in those packages are either too much bloat of applications that are unnecessary, and/or are too expensive for what they actually would provide that we would use.
I’d much rather keep using the tools that we’re used to and have set up than move to a different ecosystem, especially one that tracks a lot of the data we use with it
https://proton.me/mail has not unreasonable pricing for just mail.
Ooh! That looks doable!
Microsoft’s Exchange Online Plan 1 is email-only and is 4/month per user. There are probably cheaper IMAP providers, but EO1 is full exchange: mail, global address book, calendars, etc.
The ISP is going to keep those important network security settings far away from its clients. Owning your own router or ONT will not let you change anything other than your internal network settings.
It’s all on their end, though I’ve had limited success asking nicely, it’s just there so businesses don’t just order the cheaper plan and then they have to deal with all the extra traffic and support for many users. Just assuring them that I am just running as a single user my own email server they were cool with it on small local ISPs bigger corps won’t give you the time of day on that issue.
You can use a port reflector service. No ip.com might still offer it. Basically forwards anything incoming to their ip on port 25 to your ip and whatever port you specify.
@Brkdncr @KasanMoor I don’t think they care about incoming port 25, the blocking being talked about is outgoing 25.
I just looked they have a service called “alternative port 25” that addresses this issue.
Honestly though, once you start adding up costs for these workarounds you have to wonder if it’s easier to just get a business internet circuit, cloud security gateway, or just host the email online.
@Brkdncr
Or if you’re low volume just use a free/cheap relay
@KasanMoor@Brkdncr @KasanMoor for reference, mailgun offers a free tier for <5k emails a month. It’s what I use for email from any of my servers.
Given this is for running a server for self-hosted, I would second what others have said here about using a VPS instead, provided you don’t mind self-hosting on a VPS rather than on your own gear at home.
You may be able to find a VPN provider that gives you a static IP and the ability to port forward. PureVPN offer this in limited locations and it’s what I use, but it’s jank since you can’t use their dedicated IP service with OpenVPN (their normal product does let you use it).
You may also be able to do something like run pfSense on a VPS, then run a site-to-site VPN to pfSense at home, using the pfSense in the cloud as your router. Then you can port forward from your pfSense VPS to your LAN. You’re getting very deep into the weeds with networking there though.
Well, I can say that T-Mobile 5G Home Internet completely blocks all incoming port traffic.
So, you have to get creative with stuff like WireGuard & Cloudflare tunnels to do some stuff properly.