[BlueOnyx:26367] ISP Email relay changes, and my 18 hour journey to a solution

[Chad Bersche]

First, I'm going to publicly thank the ongoing efforts of Michael and 
everyone associated with keeping BlueOnyx alive and the awesome 
community it is.  My journey with BlueOnyx started when I was working at 
Sun, and they handed out a bunch of the Cobalt Qube's to engineers.  The 
design and management was really just what I wanted for my home, and I 
jumped in fully, getting my own domain, running my own email server, 
etc., etc.

Fast forward to now 20+ years later, and still with the same ISP 
(Charter -> Spectrum).  I'd been happily using their SMTP relay with no 
issues for all that time.  Pointed Sendmail at it as a smart relay and 
things just worked.  Until yesterday, when Spectrum finally tracked down 
the last open relay from the legacy RoadRunner / TWC portion of their 
network, and no longer allowed it to forward emails.

I'd paid attention to the thread in late May, where Michael outlined how 
to configure Postfix for authenticated email relay. I kept those 
messages in my local archive of "this may come in handy" postings. So 
when emails started failing to deliver yesterday afternoon, I first 
panicked, and then set about the task of find a way to get things 
working again.  Keep in mind, I run email for my household of 4.

My first attempt was simply to configure Postfix, set up the 
authentication per the steps that Michael had so accurately outlined and 
figured I'd be done in time for a late dinner.  That was not to be the 
case.  Emails wouldn't deliver, and debugging the process wasn't 
terribly straightforward, as the failure reason wasn't making it into 
the logs.  So I set up an instance of Thunderbird to mimic the process, 
and turned on debugging there. This showed that Spectrum would accept my 
authentication, but would only accept emails with a FROM address that 
matched the authentication used. Well, that's not going to work...  I 
figured trying to reason with Spectrum was going to be an effort in 
futility, so I started looking for other alternatives.

Now, it should be pointed out that I'm not the only person that's facing 
a similar problem.  I found a thread on Spectrum's own discussion 
community where several others were facing the exact same problem, and 
weren't happy about the total apathy that Spectrum was showing.  I 
contemplated for a brief moment if their Business solution would make 
any of this easier, but I didn't really want to rely on that, so I dove 
into looking for email relay services.

I found many, but narrowed it down to three: smtp2go.com, mailtrap.io, 
and dnsexit.com.  Based on longevity, website information, and 
implementation guides available, I decided I'd start with smpt2go and 
see how painful the process would be, but I needed 6 hours of sleep 
first.  This morning, I signed up, and put in the mandatory entries in 
my DNS records...and waited....until it finally propagated far enough 
that smtp2go would let me proceed.  I then created a domain 
userid/password, and added it to the sasl_passwd file, and updated my 
relay host, following the steps Michael had already posted.  This 
process was absolutely simple!

Having done that, outbound email was once again happy (inbound was NEVER 
impacted!), as evidenced by my ability to now post this to the list.

The only odd things that I've currently noticed, I believe, are part of 
the switch to Postfix from Sendmail (yes, long overdue but if it ain't 
broke, don't fix it!).  My hostname, for some reason, changed from 
mail.foo.bar to just mail.  No idea why.  Doesn't seem to impact 
anything, yet.  I'm hoping it won't wreak havoc on any of my 
Let'sEncrypt certificates, etc.  The other oddity is that I had an entry 
in /etc/aliases to send a copy of emails that came in to a specific 
inbox to two recipients.  For some reason, I'm now getting TWO copies of 
those emails, but the other user is only getting a single copy.  If I 
can sort out these two issues, I'll be thrilled, but they don't seem to 
be hugely impacting, yet.

The fix wasn't hugely difficult, just time consuming.  Hopefully this 
will continue to work, and not having the dependency on my ISP is, 
honestly, a relief.  I get the security side of things, and why Spectrum 
changed their relays (they weren't completely open before, as if you 
weren't part of their network block they'd not let you relay), but the 
lack of notice and a reasonable way of being able to allow access for 
those that need it was frustrating.

Thanks for reading, and hope maybe there's a tidbit in here for someone.

   -- Chad