So I’m considering setting up a few things and hosting them online. I apologize if I’m asking in the wrong subreddit, but what’s everyone’s advice for getting static, on-net IPs from ISPs serving residences? And how can I make sure it isn’t an IP that is on an SMTP blacklist?
I was thinking I might have to call and ask for a business class Internet connection. For something like this, I’m used to calling ISPs who don’t serve single family homes. So I’m only guessing that “business class Internet” means “static IP and we’ll let you run servers without filtering your traffic.”. Is that correct?
If it helps, I know that Verizon FiOS and Spectrum cable modems are available in this area.
Unfortunately, there’s a pretty limited chance that you’ll get a static IP that isn’t on a generic blacklist if you’re using a provider that mostly does residential and SME customers.
The best way to get a “clean” IP is to procure a VPS from one of the smaller boutique providers, or just cut your losses and use one of the commercial SMTP relay services like smtp2go.
VPS which comes with a non-residential static IPv4 address is like $/€/£5 a month. Setting up Wireguard is pretty easy, and you can route your SMTP traffic through.
“business class Internet” means “static IP and we’ll let you run servers without filtering your traffic.”. Is that correct?
In general yes – with “business class Internet” the provider will gladly lease you one or more static IP addresses (for $$) and will have minimal filtering on your traffic.
You can expect every end-user address range to be on the Spamhaus Policy Block List (PBL)
what’s everyone’s advice for getting static, on-net IPs from ISPs serving residences?
You could sign up for a “dedicated IP” VPN service, then your ISP will just see the VPN tunnel and how much data you are moving, but your local ISP will not see the traffic inside the tunnel.
Be aware that some VPN providers will filter inbound traffic towards your IP.
IDK about the SMTP blacklist, but if you want to host from a residence ISP, dynamicDNS might be a good way to go. Several routers support several dynamic DNS providers (pfsense supports just about everyone).
Basically what you do is register a domain with a domain registrar, then set up something on your home network (preferably on the router itself) that updates the DNS records for your domain whenever your IP address changes. It’s possible for there to be a little be of downtime between your IP address changing and the DNS records being updated. That’s why you want it on the router, since the router will know right away when its IP address changes.
vultr.com will give you a static on a vps and let you set your PTR record for SMTP. Run something like Vyos or OpenWRT on the VPS for WireGaurd/OpenVPN to your dynamic connection.
I personally operate my smtp server with a theoratically dynamic IP. It hasn’t changed in the last 3 years so I have no problem with binding it with a DNS. I am indeed on a blacklist, but since I did all the necessary to have a high reputation, I have seen no recipient reject my mails.
If you get a business plan there’s usually the option to have a static IP, but if this is more for learning or small self-hosting stuff, I wouldn’t bother with a static IP. I’d buy a domain and just dynamically keep the IP it points to up to date with dynamic dns. It’s currently what I do with my setup
I have a public IP, host my own SMTP server, and am not on any blacklists. Yes, you are correct most providers will have a business offering that includes public IP and no filtering.
Many will include a single IP and give you the option to pay more for additional IPs, I don’t bother with that one IP is fine for me.
I didn’t realize there were paid SMTP relay services. Thanks for pointing that out.
My goal is to host my own domain, including email, like I did years ago. I moved to the free Google Apps service about 14 years ago and they’ve announced the end of the free version this week. So now I’m checking options for self-hosting email again. Would something like SMTP2go be good for that? Can my users just point to my server for their SMTP setting on their phones and then my server sends through SMTP2go? And then the MX records point the incoming email to a static IP that I’d need to set up somehow?
My DSL business internet provider mostly does residential, but they pull their static IP addresses from a different pool. I think that is because it would be too much of a hassle to make a distinction between dynamic and static addresses for each and every address. This is simpler and provides the biz customer with a better experience, which is important because they charge such customers significantly more.
Let me see if I understand. Your suggesting I run the server at home like I planned, but then add a VM on a service like Digital Ocean and use their static IP as a VPN “exit” for the server at my house. Then the MX records pointing email into the server still point to my home server, but the server sends email through that VPN somehow? Or did mean you send all days to and from the server through that VM somehow? I’m afraid my experience with VPN setup is very limited. Any details would be greatly appreciated.
Thanks for the link. I skimmed it and it looked like it was for websites. I’m hoping to self-host email services for a domain I’ve been running on the free version of Google Apps for a long time. I didn’t see anything in that document about SMTP. Did I miss something?
Why not just get a VPS then? Just running a mailserver doesn‘t require much, a cheap VPS will do and likely even be cheaper than switching your residential ISP to one of the few (mostly business focused) ISPs that don‘t run multiple layers of CG-NAT and offer static IPs.
No, everything externally points to your VPS. Nobody apart from you needs to know that whatever service (email, web server, …) is not located on the VPS, but at your home.
You then create a Wireguard (or other VPN protocol) tunnel between your VPS and your home server, and route all traffic from say port 25 on VPS through Wireguard onto your server at home.
So essentially when you receive an email, the traffic would go:
Sender → sender’s SMTP server → {internet} → VPS → Wireguard tunnel → Your server at home
Same goes for sending an email, but just in reverse. In this case, the service is only exposed through VPS, so your public IP at home could change once every 5 minutes, but the IP through which your service would be exposed, will remain the same, as the VPS has a static address.