I’m aware most ISPs do not allow for port 25 to be open for email use outside of business licenses, but at what level is that controlled? Can I get around that by owning my own router? Owning my own modem or ONT? Or is this just a thing they mystically control further up the pipeline that a relative layman such as myself can’t get around?

  • _MusicJunkie@beehaw.org
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    We do that upstream, no way for you to avoid it. For good reason too, our team handling abuse notifications mails was super swamped with people whose ancient XP PCs had malware sending spam.

    Forget running your mail server on a residential IP anyway. You’ll be instant blocked by any mail provider, residential IPs are always spam, because of the aforementioned XP PCs.

    Personally I wouldn’t self host mail anymore anyway. Too much trouble.

  • stown@sedd.it
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    The ISP is going to keep those important network security settings far away from its clients. Owning your own router or ONT will not let you change anything other than your internal network settings.

  • ASK_ME_ABOUT_LOOM@beehaw.org
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    I’ve been running my own mail server using Mail-in-a-box on a digitalocean VPS for about 10 years. I also pay for an external SMTP relay service because I still get randomly blocked by Google/Microsoft/whatever just by virtue of having a digitalocean IP.

    Total cost is $15/mo for the VPS and $50/yr for the relay service.

    • stown@sedd.it
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      You’re already using an SMTP relay so why not host your Mail-in-a-box server at home? Been doing that for years. Also, check out Mailcow if you’re interested in running your server as a docker container.

      • ASK_ME_ABOUT_LOOM@beehaw.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I’ve been running my own mail server since ~2002. For many years I was using qmail, of all things, on a home ISP connection. I wrote a semi-popular guide on adding spamassassin support to qmail. I was a true believer!

        When hosting email from consumer internet became untenable, I migrated to digitalocean and Mail-in-a-box. To be honest, it’s worth the $15 to have a 100% always-on device hosting the email. I host lots of other stuff at home and having email be a separate thing makes it much easier.

  • Beto@lemmy.studio
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    They do that upstream, so there’s nothing you can do on your router to change that.

    One solution I’ve used in the past is run hoppy.network to get a public IP (it’s basically a VPN). Then your home computer has all ports open on that IP, since everything goes through an encrypted tunnel.

    • blah@lemmy.1204.org
      link
      fedilink
      English
      arrow-up
      11
      ·
      edit-2
      1 year ago

      hoppy.network seems like a very expensive Wireguard provider ($8/month for 1TB@100mbit). For that purpose one can spend half that for a VPS with gigabit speeds, even a quarter that during promotions. That provides the same services plus whatever else you can fit to it. What am I missing that they provide?

      • Beto@lemmy.studio
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        I like supporting small business. 🙂

        Also, depending on the VPS provider, you might get a lot of sites blocked. When I ran a VPN on Digital Ocean I couldn’t access USPS, OpenAI, imgur, and couldn’t leave comments on YouTube. I assume because of too many bots running on DO.

  • SenorBolsa@beehaw.org
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    1 year ago

    It’s all on their end, though I’ve had limited success asking nicely, it’s just there so businesses don’t just order the cheaper plan and then they have to deal with all the extra traffic and support for many users. Just assuring them that I am just running as a single user my own email server they were cool with it on small local ISPs bigger corps won’t give you the time of day on that issue.

  • distractedcactus@beehaw.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Your ISP controls what ports you can access using one or more firewalls and traffic control devices somewhere past the point where you connect to their network.

    They can block whatever ports they want. The only way around this is to use a VPN, which creates a tunnel directly from your device to a remote server to route traffic. This still goes through your ISP and whatever firewall they have but does so over a port that they (probably) don’t block. They can’t see what ports your web or network requests are using so they can’t block it directly.

    Depending on your technical know how and what type of router you have, you could set up a VPN at the device level (PC, phone, etc.) to send just requests from that device or at the router level which could send all traffic from your network through the VPN.

    It’s important to remember when using a VPN that the VPN servers can still see (and potentially log) all of your traffic, even if your ISP cannot. You still need to find a VPN service that you trust to not monitor your traffic.

    • KasanMoor@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I’m not terribly worried about a service seeing my traffic, the initial concept was for a self-hosted server to run a business email and site and some tools on, but I can’t do email through my ISP without paying an arm and a leg, and my business doesn’t make enough for that…

      • ChoccyMilk@kbin.social
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        For a small business, a service such as GoogleApps or Microsoft365 is likely going to be a cheaper solution than self hosting this. Plus including productivity applications and cloud storage as part of the package in most instances.

        It will be much, much safer as well. If you’re unsure of how to do this, do not do it yourself. Setup a home lab, sure. Use it to learn but do not run your business this way!

        Source: Am e-mail admin.

        • KasanMoor@beehaw.orgOP
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Is there a service that is only email? Most of the offerings in those packages are either too much bloat of applications that are unnecessary, and/or are too expensive for what they actually would provide that we would use.

          I’d much rather keep using the tools that we’re used to and have set up than move to a different ecosystem, especially one that tracks a lot of the data we use with it

  • Brkdncr@kbin.social
    link
    fedilink
    arrow-up
    5
    ·
    1 year ago

    You can use a port reflector service. No ip.com might still offer it. Basically forwards anything incoming to their ip on port 25 to your ip and whatever port you specify.

  • conorabA
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Given this is for running a server for self-hosted, I would second what others have said here about using a VPS instead, provided you don’t mind self-hosting on a VPS rather than on your own gear at home.

    You may be able to find a VPN provider that gives you a static IP and the ability to port forward. PureVPN offer this in limited locations and it’s what I use, but it’s jank since you can’t use their dedicated IP service with OpenVPN (their normal product does let you use it).

    You may also be able to do something like run pfSense on a VPS, then run a site-to-site VPN to pfSense at home, using the pfSense in the cloud as your router. Then you can port forward from your pfSense VPS to your LAN. You’re getting very deep into the weeds with networking there though.

  • RxBrad@lemmings.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Well, I can say that T-Mobile 5G Home Internet completely blocks all incoming port traffic.

    So, you have to get creative with stuff like WireGuard & Cloudflare tunnels to do some stuff properly.