Three days ago I wrote a comment:

"It's weird how the internet shifted from protocols to platforms.

Devs still know the plumbing, but for most people IRC became Whatsapp, FTP became Dropbox, RTSP became Netflix, SIP became Zoom and RSS became Google Now... so people might eventually forget about SMTP and this whole "email" hype.

In a decade or two we'll have forgotten about URLs and HTTP and the "internet" as well. You just pay your monthly $10 sub to Google or Amazon or Apple to have your condensed streams of memes & bait funneled right into your eyeballs."

And now Chrome devs are considering removing URLs just like in Safari, just showing the domain you are on....

Enjoy your retard web, people.

What's next, new Macbook & Chromebook standardized designs to prevent people from being confused?

The day I send myself about 76k mails
> be me
> be working on a rest api
> implement an error handler that would send me a mail with exception details
> use same error handler in mail send error handler
> Summoned the recursion devil by accident
> Test error handler
> Forgot port forwarding to SMTP server
> keep the debug session open
> throw new UnexpectedInterruptionException()
> get back to work
> Add the missing port forwarding rule to putty
> The error handler starts doing it's thing
> The handler chain starts to pop
> handler after handler executes
> PCFreeze.png
> WhatTheFuckIsGoingOn.gif
> VS finally accepts stop debugging
> PhoneVibrationSpam.mp3
> Peek into webmail
> WowFinallySomeFanMail
> Look into it
> Realizing what I have done
> Delete mailbox
> Remove recursion
> Wow that's how randy must have felt in southpark
> Feel weird
> Shutdown, go outside
> What's up anon?
> Nothing, really

If there is SMTP (Simple mail transfer protocol), is there also HMTP (Hard mail transfer protocol)?

Arglebargle.

I went to buy flowers for [redacted event] and gave the florist my CC info, number, and email for a receipt. He was a nice old man who loves what he does, and makes beautiful arrangements. But. He just emailed me all of my CC info, and asked what part of it was wrong. Twice. Emailed. Plain text. SMTP.

Guess who's requesting a replacement card?

😞

Today in train programming:
Pushed a new build before pulling into station
Battery dies
Test on tablet
Build is broken, files missing
Upload files manually to Azure (WHY)
try to log in to my sure to treat, forgotten password
Try to reset password, smtp details in DB are wrong...

I'm doing well

My boss in our northern office literally told my colleague that he'd been refreshing the site several times every few minutes and could clearly see that we hadn't done shit.

Keep in mind that we are heavily cached with Varnish and Drupal Cache on our server, and this guy is never at the office. He was seeing our website from 3 days ago because his browser was retrieving local cache from the last time he was actually there and it was during a time where we had some broken items on the site.

The part that pisses me off most is that not only did he not know to purge his browser cache to see changes, but he thought my coworker was making up hocus-pocus technobabble to "cover for me" by telling him how to clear his cache.

This guy installed AirMail, 8 times on his Mac because he was entering SMTP settings that were literally given to him in screenshots with every step illustrated and every field of configuration available for reference, incorrectly. So yeah I can see how he would be technically capable of micro managing me. Fuck.

I used PHPMailer to send emails to a client's website user. SMTP host is smtp.gmail.com.

web was hosted on Bluehost. I found out that mailer was not working. I enabled verbose output and to my surprise I found out that Bluehost was intercepting my mail and responding with

220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail

when i was explicitly using smtp.gmail.com. Not only they were intercepting but also They were trying my credentials against its own smtp server and then showing me that authentication failed.

When i contacted chat they asked me to tell last 4 characters of Bluehost account password to verify ownership.

Dude do they have passwords in plaintext.🤔

I absolutely love the email protocols.

IMAP:
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
x4 LOGOUT

Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.

SMTP:
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.

Postfix' main.cf:
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".

Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.

Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?

So we hired an intern and his first task was to change a few things in email layout for our client, which is an investment bank.

I told to one of my developers to make his local database dump and setup the project for an intern. When intern completed the task, my developer thought that title "Dow Jones index crashed" was pretty funny title for a test.

What he didn't thought through enough, is that he forgot to configure fake SMTP server and he had production database dump with real email addresses.

I had really awkward 20 minutes conversation with our client. Fuck my life.

First lecture of computer networks. Let's shove all of these abbreviations with their meaning, and possibly a associated port number in one 1.5 hour lecture:

HTTP, HTTPS, FTP, FTPS, SFTP, TCP, IP, UDP, ISP, DSL, DNS, LAN, WLAN, WDM, P2P, TELNET, PGP, TLS, SSL, SSH, MIME, SMTP, POP3, IMAP, IANA, DHT, RTT, DHCP

I really feel sorry for students who didn't have previous knowledge about this stuff..

So my ISP just called me again that I'm sending plenty of spam. This time, I have all flows logged, so I know for sure that it wasn't my TV (only vulnerable device with internet access) and as my switch was offline there is nothing in front of my router anymore. And I learned that all the spam was going directly to their smtp server which I never used and didn't even know they have some. All in all everything points to their cable modem. Will tell them that in response to the mail they promised to send me. Really looking forward to new at least a little bit competent ISP (alternative should be available soon).

I need to make a confession about my terribly unprofessional project I made. Around two years ago I got thrown for the first time into back end development - I had to work on the project alone. As a very smart man I basically exposed our SMTP server as a nice and very flexible API.

Fortunately it was, by the design, a very short-lived project, taken down from the web completely and for good after around 2 months. I'm still happy I had more luck than brains and nobody used our server as a spam sending service in our name and I have learned a valuable and relatively cheap lesson in security this way.

I find it amusing that if you tell an SMTP server "quit", it responds "Bye" before closing the connection...

It's the little things in dev life...

My girlfriend configuring her e-mail account in the app because her phone had to be reset to factory :
-I can't figure out how to do these setting, annoying...
-Oh yeah the imap and smtp servers can be tricky, let me put that
(I Google the settings for her mail provider and put them in)
-It still doesn't work.
-Uuuh, maybe with another security setting, try it.
-This shit still doesn't work, seriously my phone is broken.
-Have you verified the e-mail address and carefully typed the password?
-Yes of course, I've tried it several time
(I take the phone and check all the parameters... During a looooong time... Until it hits me.)
-Hmm... Can you read the e-mail you've entered?
-Yeah, it's my mail, blabla@hotmail.com.
-No can you read it again please?
-It's blabla, why?
-No, can you *spell* your e-mail?
-Yeah it's B-L-A-B-L-A-@-H-O-M-A... Ow shit...
- ¯\_(ツ)_/¯

I've accomplished something I thought I'd never do.
I convinced my boss to switch from SVN to Git. (before SVN we've even been using CVS if someone remembers)
Only requirement: it needs to stay in house and I'm the one setting up the server, writing documentation and teach everyone how to use it.

What? Why should I setup the server? Don't we have someone whose job it is to... OK ok... I'll do it.

So after some painstaking arguments with the guy whose job it should have been to do that, I've managed to install a virtual machine running Gitlab.

Long story short: I've just found out about the joys of mail configuration to send E-Mails to established mail providers. Every... single... one of them has a different problem with the way the mails are sent.
Fml

I think I'm going to ask that guy again to use our mail servers SMTP. There should be a possibility to use my gitlabs domain for that somehow.
Really looking forward to Monday. Ugh...

Often I hear that one should block spam email based on content match rather than IP match. Sometimes even that blocking Chinese ranges in particular is prejudiced and racist. Allow me to debunk that after I've been looking at traffic on port 25 with tcpdump for several weeks now, and got rid of most of my incoming spam too.

There are these spamhausen that communicate with my mail server as much as every minute.
- biz-smtp.com
- mailing-expert.com
- smtp-shop.com

All of them are Chinese. They make up - rough guess - around 90% of the traffic that hits my edge nodes, if not more.

The network ranges I've blocked are apparently as follows:
- 193.106.175.0/24 (Russia)
- 49.64.0.0/11 (China)
- 181.39.88.172 (Ecuador)
- 188.130.160.216 (Russia)
- 106.75.144.0/20 (China)
- 183.227.0.0/16 (China)
- 106.75.32.0/19 (China)
.. apparently I blocked that one twice, heh
- 116.16.0.0/12 (China)
- 123.58.160.0/19 (China)

It's not all China but holy hell, a lot of spam sure comes from there, given how Golden Shield supposedly blocks internet access to the Chinese citizens. A friend of mine who lives in China (how he got past the firewall is beyond me, and he won't tell me either) told me that while incoming information is "regulated", they don't give half a shit about outgoing traffic to foreign countries. Hence all those shitty filter bag suppliers and whatnot. The Chinese government doesn't care.

So what is the alternative like, that would block based on content? Well there are a few solutions out there, namely SpamAssassin, ClamAV and Amavis among others. The problem is that they're all very memory intensive (especially compared to e.g. Postfix and Dovecot themselves) and that they must scan every email, and keep up with evasion techniques (such as putting the content in an image, or using characters from different character sets t̾h̾a̾t̾ ̾l̾o̾o̾k̾ ̾s̾i̾m̾i̾l̾a̾r̾).

But the thing is, all of that traffic comes from a certain few offending IP ranges, and an iptables rule that covers a whole range is very cheap. China (or any country for that matter) has too many IP ranges to block all of them. But the certain few offending IP ranges? I'll take a cheap IP-based filter over expensive content-based filters any day. And I don't want to be shamed for that.

!dev

And again...

Our ISP doesn’t say it blocks any port on our Business Fixed IP. Currently I’m trying to access port 25 for SMTP. Guess what? Indeed port blocked. Called them “The port is open”, I visit a port checked, the same thing “Port Closed”

Always the fucking same thing. Every fcking time. These are just criminals. Lastly I removed their router, that they mentions was the only working router in our house and our signal from the other router, not provided by them was much better. They blocked the hotspots because we removed the router then. Guess what? On their site is an option Enable Hotspot on your home router (this enables your access to hotspots). Just pressed it. Haaa they can’t acces my router to set that up and it works.

In our second home, we have another ISP, Proximus, first they did difficult to come and install everything. Because in the appartment the previous owners didn’t pay the bills. After a week or so someone came to install it. Because they cut the cables couldn’t do it myself. Ok it worked for some time. After 3-4 months by once I can’t access the camera there, strange. My uncle went there and there was no internet. Neither TV. But we never received any invoice. Because they didn’t send them. We contacted them, no response. My father sends them an email, with politic people in copy and by once they called to say they will turn it back and scrap the invoices that were not send. They said no technician needed to come, as it’s second home. Guess what, next day a message came “We will arrive in less than an hour”
My uncle went. They did nothing, only restart the modem.
There still was no internet after two days after they came. We called back, response was: “There wasn’t anyone.” Yeah right, we have proof of a technicial that passed (Local Video). By once the internet worked.
Now 4 months later, still didn’t receive any invoice, neither via post or email.

Fuck those criminals, called ISPs

“Fullstack dev morphs into a security expert”

We have a simple user registration system. Get the user details, generate an OTP, save in Oracle, email the OTP. The SMTP host is configured to send emails only to people who have an existing @a_very_famous_bank.com email address.

As a part of an enhancement request, the other day, we were trying to register a non-bank email address. As expected, it failed.

Manager: Meeting... meeting... meeting

Me: (Explained the problem)

Fullstack dev: so the thing is.. it’s like.. (doesn’t falter to open with these lines)...what I can do is...I can send you an HTTP security header in the HTTP request. It’ll work!

Me: (I hope an adult giraffe fucks you in your belly button)

More to come!

So we are implementing a big and very complete localization management system on my company. The system has great features, indeed, but:

1. We cannot use the browser back button, because it is js and it appears no one cared about it (I am not a js Dev, but you can UAE the back button on my site that has js);

2. It is very customizable, but not intuitive. So you have one million options and you never know where to change what you need;

3. It has a save button everywhere, but most options are saved automatically, so you never know when you need to save. Actually, people from the webapp company use the save button as refresh, once we cannot use the browser refresh button;

4. Combo boxes load the elements while you scroll them, so to scroll to the bottom, you need to keep scrolling several times, waiting it to load the elements;

5. It does not allow you to open more than one tab of it at the same time. So if you need to see more than one information from different items, you need to navigate and wait the loading times to see what you need;

6. Emails are not sent in a different thread. So each action that send emails you need to keep waiting until the emails are sent (sometimes there are several emails sent in one action) to continue using it;

7. They not only store and send back your password by email if you loose it, but, as admin, if I click the button to send the user password to him/her, it keeps a copy of the email with the user password in my sent items;

8. To be able to send emails (they are really necessary), I need to include my SMTP info with login and password. So they have not only the system password saved, but everyone email login and password as well.

I am sure there is more, but I can't remember for now, and we are still trying to figure it out how to back our data, as it appears the only possible backup is their own.

Damn stupid me...
One of our customers told us, mails are not working with SMTP. They send us a working code example, which looked very similar to our implementation... I was not able to find out what was wrong for hours.

A colleague checked the code later. After 5 minutes: you forgot a ! before checkin the string if it is null or empty...

Shame on me ..

A few days ago Aruba Cloud terminated my VPS's without notice (shortly after my previous rant about email spam). The reason behind it is rather mundane - while slightly tipsy I wanted to send some traffic back to those Chinese smtp-shop assholes.

Around half an hour later I found that e1.nixmagic.com had lost its network link. I logged into the admin panel at Aruba and connected to the recovery console. In the kernel log there was a mention of the main network link being unresponsive. Apparently Aruba Cloud's automated systems had cut it off.

Shortly afterwards I got an email about the suspension, requested that I get back to them within 72 hours.. despite the email being from a noreply address. Big brain right there.

Now one server wasn't yet a reason to consider this a major outage. I did have 3 edge nodes, all of which had equal duties and importance in the network. However an hour later I found that Aruba had also shut down the other 2 instances, despite those doing nothing wrong. Another hour later I found my account limited, unable to login to the admin panel. Oh and did I mention that for anything in that admin panel, you have to login to the customer area first? And that the account ID used to login there is more secure than the password? Yeah their password security is that good. Normally my passwords would be 64 random characters.. not there.

So with all my servers now gone, I immediately considered it an emergency. Aruba's employees had already left the office, and wouldn't get back to me until the next day (on-call be damned I guess?). So I had to immediately pull an all-nighter and deploy new servers elsewhere and move my DNS records to those ASAP. For that I chose Hetzner.

Now at Hetzner I was actually very pleasantly surprised at just how clean the interface was, how it puts the project front and center in everything, and just tells you "this is what this is and what it does", nothing else. Despite being a sysadmin myself, I find the hosting part of it insignificant. The project - the application that is to be hosted - that's what's important. Administration of a datacenter on the other hand is background stuff. Aruba's interface is very cluttered, on Hetzner it's super clean. Night and day difference.

Oh and the specs are better for the same price, the password security is actually decent, and the servers are already up despite me not having paid for anything yet. That's incredible if you ask me.. they actually trust a new customer to pay the bills afterwards. How about you Aruba Cloud? Oh yeah.. too much to ask for right. Even the network isn't something you can trust a long-time customer of yours with.

So everything has been set up again now, and there are some things I would like to stress about hosting providers.

You don't own the hardware. While you do have root access, you don't have hardware access at all. Remember that therefore you can't store anything on it that you can't afford to lose, have stolen, or otherwise compromised. This is something I kept in mind when I made my servers. The edge nodes do nothing but reverse proxying the services from my LXC containers at home. Therefore the edge nodes could go down, while the worker nodes still kept running. All that was necessary was a new set of reverse proxies. On the other hand, if e.g. my Gitea server were to be hosted directly on those VPS's, losing that would've been devastating. All my configs, projects, mirrors and shit are hosted there.

Also remember that your hosting provider can terminate you at any time, for any reason. Server redundancy is not enough. If you can afford multiple redundant servers, get them at different hosting providers. I've looked at Aruba Cloud's Terms of Use and this is indeed something they were legally allowed to do. Any reason, any time, no notice. They covered all their bases. Make sure you do too, and hope that you'll never need it.

Oh, right - this is a rant - Aruba Cloud you are a bunch of assholes. Kindly take a 1Gbps DDoS attack up your ass in exchange for that termination without notice, will you?

Why do _devs_ still use shared hosting (and then bitch about it)?

"This thing won't let me use external SMTP" - "I can't use more than 2 domains for my site" - "I can't change X in PHP config" ...

You're a dev, VPS prices are pretty much on the same level as shared hosting, and setting those things up isn't exactly rocket science either.

We had a school project where we where supposed to implement a software with a heavy client in C# and web services for it in C#, but the web services HAD TO COMMUNICATE WITH SMTP AND IMAP. And do that in 8 days.

We were 6 in the team. 4 had no idea what a web service is, and I and the designated project lead were the only ones knowing what to do. The lead had paperwork to do for the project, so I had to do everything but the UI alone. So 1 guy did the UI, 3 were... Playing Minecraft... The lead was doing paperwork and ranting about how noisy idiots these guys were... And I was sick as hell and could not eat anything, I was vomiting all day in between which moment I managed to make half of the functionalities of the project, despite having to go to the hospital and have to continue working despite the medical request not to work.

So the day before the presentation I had half of the functionalities done and I had to explain them yet another time what web services are so they can answer the questions and cover for themselves.

On the day of the presentation it went kinda fine. It was not finished but it worked like asked.

We were asked for peer evaluation and I gave A to the lead and the UI guy and B to the 3 other lazy asses.

Shortly after I am called by the tutor in the office : "What happened on this project? Were you not working at all? Apart for the lead who gave you an A, every one gave you a D (lowest grade). I demand for explanations"

I said never mind and got back to studying. I got a B, all the rest of the group an A.

Not mine, but a colleague puts a script in production which has to sent an email every time a config changes, but in reality sent an email every time the file was accessed. The system sent a good amount of email in a couple of minutes, the remote SMTP bounced them but the connections on port 25 was dropped by the server, the production firewall hits the maximum number of allowed connections... a lot of shit!

Hi.
Forgot to renew my expiring ssl cert of my smtp/imaps/pop3s on 12/31. Set that date to self-harm me for bad monitoring.

F**K F**K F**K F**K...

Why do I do that?
F******K!

Meh.

You shall have a happy new year... i will regen certs :D

I was happily folowing a tutorial earlier on setting up an email server but the site got taken down for maintenance just as I reached the last step...

IT'S BEEN 6 HOURS NOW AND IT'S STILL NOT BACK UP.

I HAVE NO IDEA WHAT I'M DOING AND I'M GOING TO BREAK SOMETHING AND BE SAD.

Is there someone here that is capable of developing a postfix smtp milter?

I need a milter that can do following:
Rewrite a defined mail-header

telco sysadmin: hey maybe we should secure our SMTP server with SSL and password verification so our clients can e-mail safely!
senior exec be like: nah just filter incoming connections for our own IP-range, that'll do.

result: I can impersonate any client of the telco and send e-mail in their name (from any home network connected to that provider), but I can't send e-mail over cellular network.

Looks like M3AAWG is proposing "HSTS for SMTP" - SMTP STS
I am excited!

I used to be a sysadmin and to some extent I still am. But I absolutely fucking hated the software I had to work with, despite server software having a focus on stability and rigid testing instead of new features *cough* bugs.

After ranting about the "do I really have to do everything myself?!" for long enough, I went ahead and did it. Problem is, the list of stuff to do is years upon years long. Off the top of my head, there's this Android application called DAVx5. It's a CalDAV / CardDAV client. Both of those are extensions to WebDAV which in turn is an extension of HTTP. Should be simple enough. Should be! I paid for that godforsaken piece of software, but don't you dare to delete a calendar entry. Don't you dare to update it in one place and expect it to push that change to another device. And despite "server errors" (the client is fucked, face it you piece of trash app!), just keep on trying, trying and trying some more. Error handling be damned! Notifications be damned! One week that piece of shit lasted for, on 2 Android phones. The Radicale server, that's still running. Both phones however are now out of sync and both of them are complaining about "400 I fucked up my request".

Now that is just a simple example. CalDAV and CardDAV are not complicated protocols. In fact you'd be surprised how easy most protocols are. SMTP email? That's 4 commands and spammers still fuck it up. HTTP GET? That's just 1 command. You may have to do it a few times over to request all the JavaScript shit, but still. None of this is hard. Why do people still keep fucking it up? Is reading a fucking RFC when you're implementing a goddamn protocol so damn hard? Correctness be damned, just like the memory? If you're one of those people, kill yourself.

So yeah. I started writing my own implementations out of pure spite. Because I hated the industry so fucking much. And surprisingly, my software does tend to be lightweight and usually reasonably stable. I wonder why! Maybe it's because I care. Maybe people should care more often about their trade, rather than those filthy 6 figures. There's a reason why you're being paid that much. Writing a steaming pile of dogshit shouldn't be one of them.

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

Fave IDE: Rube-Goldberg Distributed Physical Editor (RGDPE)

- 3x5 note cards, rite aid brand
- pilot rolling ball gel pen
- white out
- a scanner with OCR, email
- a raspberry pi running a local email server and dns
- a raspberry pi running an SMTP receiver and language service and a handler to invoke the compiler
- a speak and spell to print out the language service results

Why: why not?

I once had 3 days to make a program that listened on the activity from SMTP servers in a language I've never worked with before and a site presenting the statistics collected from those servers. It was a part time job, 15 hours a week.

Wasted 2 hours configuring smtp on this Windows box. I hate when clients choose the OS with no relevance to the language.

when you build the whole landing page, forms, php mail sender, SMTP, marketing integrations, analytics and all of that from scratch, and 1 hour before it goes live your boss tells you to change some inputs on the form.

Client doesn't trust SendGrid. They're having their IT department deploy their own SMTP servers. This should be interesting.

Client requested password change for their info@ email.

Changed the password.

Client said website is not sending emails

Turned out that website is using SMTP to send email using the same email address.

Dev: Sends weekly update email on Friday, as drudgingly required by management, outlining that stress level is high recently in the past two weeks and constant polling for feedback and updates is stressing him out, needs to slow down the pace

Management: (ON A FUCKING SATURDAY): "Received your email @fullStackChris"

WOW! THANKS FOR THAT INSIGHTFUL UPDATE! I BET YOU DID! I HAVE NO DOUBT GOOGLE'S SMTP SERVERS ARE RUNNING PROPERLY. AND AFTER READING IT, YOU HAVE THE AUDACITY TO @ ME IN A WHATSAPP MESSAGE. ON A FUCKING SATURDAY. I DON'T WANT TO HEAR FROM YOU, I DON'T WANT TO THINK ABOUT THE COMPANY OR ITS TASKS UNTIL MONDAY. PLEASE STOP.

I mean they must be fucking with me at this point, right guys? Maybe I should start writing stuff like "I need more tasks and more messages throughout the day" then I would probably receive less, I mean wtf is actually going on.

I installed sendgrid on my server today for the first time. Now I have several questions to you more experienced programmers.

1. Is there anything I should know about using sendgrid for server generated mails?

2. Can I still use my own configured Mail-Server (eg. for sending emails with Thunderbird?

3. How does sendgrid work?

4. Are there probably better alternatives? (I first wanted to use mailgun, but those fuckers want me to have a credit card for registration)

I'm thinking of writing an email server that accepts all usernames and just forwards the mail to the main inbox.

Or at least forwards a huge list of usernames to the main inbox.

You know, for spamming shit conveniently.

This way, user1@spam.com, user2@spam.com, and user3@spam.com will all go to the same inbox without actually needing to register any of those users.

It would be like having an email with infinite aliases.

Is there something like this already or do I need to implement SMTP?

3.5 fucking hours wasted. Trying to get a fucking webform to post using smtp and swiftmailer. Fucking webforms, I fucking hate them. Done it now though.

Side effect After working several years as support engineer, I hear SMTP when someone calls Lakshmipathy

My new project: a camera sends an image of the electricity clock to a server that does ocr and submits the value to the electricity company on the 5th of every month

Current progress: spent 4 hours trying to get emails to work in scala when i found on an obscure forum that you have to enable insecure app access in your gmail to use smtp

Oh my god why is receiving email so fucking hard? I don't want spamassassin, I don't want antivirus, I don't want accounts or fail2ban or any of that bullshit, I just want all email that is sent to addresses under my server dumped in a database or folder so that I can digest them programmatically or display them in a GUI

Can someone explain why the IT dept thinks that sending form mail from their website via smtp connection using a specific email account credentials (iffice365) for their domain and the ip address of the website included in the domain spf should be classed as an important security issue and we should find an alternative method of sending the form mail?

I fucking hate web development and fuckton of issues it has. Laravel library not found despite the files exists and composer loaded it in the autoloader, fix: create a config file for the lib, why? Because magic. The code cannot find the provider class without it....
Next, try out smtp mail. Works everywhere, but not with the live smtp server. Fails with Invalid recipients error. 2 hours later, with half of my hair torn out I finally figured out. Can you guess?
Credentials and settings are correct, recipients are also correct. The fucking from address parameter was the culprit because you cannot send emails on behalf another address, logical but fuck that error message. Why is it that hard to respond with an understandable response?

My university decided to switch their mailing software to outlook. So no smtp/imap in the future. How am I supposed to do my mailing stuff now? I use older ("non-microsoft") mail clients like mutt or upas? What about standards? Aargh

Hey guys
spent all day with a new project, maybe you guys can help.
I have two p2p cameras that I want to setup and access when my family goes on vacation.
Cameras are working (with mildly success) , now, what Is the best option to access them from the Internet?
I can send e-mails, but can't config the SMTP server (don't know why always gives connection error, but guessing that maby this kind of products are blocked from sending e-mails), tried Gmail, mail, and Hotmail.
ftp-server.. don't have any online (have a VPS with 200 mb free ram...)

Tips? ideas?
Thanks, guys

Successfully wasted more than 12 hours in debugging SMTP issue. ColdFusion email script was throwing SSL error. What was real issue? The Web Server IP Address was blacklisted in the Email Server.

My school has a completely open SMTP server. A friend today who works for the tech department just showed me how anyone could fake an email. He did this by sending me an email as the president of the school, it looked legit. He told the security dudes but they can't secure it due to legacy systems. This is madness surely!?! Is open SMTP as bad as I think? (It is at least only accessible on the schools network).

fucking web hosts blocking all SMTP ports outgoing, forcing me to use PHP mail from their shitty blacklisted IP's.

Since I can't use a web api to send the mail Iended up setting up my home server to forward port 53 back out to the mail server, alot of hassle to get mail working :(

A side project lingering around is building a .NET Core based GUI program to monitor uptime and health of various Windows and Linux servers. I'm aware there are other projects that could do the same thing but I'm wanting to do this as a lesson in C# and cross-platform coding (I plan this to work on both Windows and Linux).

The program is currently CLI based on Windows with functionality to configure it and it's behaviour via config file, it currently sends email via SMTP to a specified email recipient to notify if there has been outages or performance degradation.

But of course University is in the way as well as work. Oh well... maybe I'll get to it in a couple months.

Over the last week I've slowly grown to fucking hate IMAP and SMTP. You'd think after so many years we'd have come up with better servers to manage email but no we still rely on fucking decades old protocols that can't even batch requests.

To make things worse I need to attach to IMAP through node and that has been a nightmare. All the libraries suck ass and even the ones tailored towards Gmail don't work for Gmail because Google decided one day to fucking out the header at the bottom of some emails and split into mimeparts. Also why the fuck is fetching email asynchronous? There's no point at all since we requests are processed line by line in IMAP, and if the library actually supported sending asynchronous requests it wouldn't require a new object to be created for each request and allow only a single listener.

Also callbacks are antiquated for a while and it pisses me off that node hasn't updated their libraries i.e. TLS to support async/await. I've taken to "return await new Promise" where the resolve of the promise is passed as the callback, which let's me go from callback to promise to async/await. If anyone has any other ideas I'm all ears otherwise I might just rewrite their TLS library altogether...

And this is just IMAP. I wish browsers supported TLS sockets because I can already see a server struggling with several endpoints and users, it would be much easier to open a connection from the client since the relationship is essentially:

Client [N] --- [1] Server [1] --- [1] IMAP

And to make the legs of that N : N which would fix a lot of issues, I would have to open a new IMAP connection for every client, which is cool cause it could be serverless, but horrifying because that's so inefficient.

Honestly we need a new, unifying email protocol with modern paradigms...

I'm trying to improve my email setup once again and need your advice. My idea is as follows:
- 2-5 users
- 1 (sub)domain per user with a catchall
- users need to be able to also send from <any>@<subdomain>.<domain>
- costs up to 1€ per user (without domain)
- provider & server not hosted in five eyes and reasonably privacy friendly
- supports standard protocols (IMAP, SMTP)
- reliable
- does not depend on me to manage it daily/weekly
- Billing/Payment for all accounts/domains at once would be nice-to-have, but not necessary

I registered a domain with wint.global the other day and I actually managed to get this to work, but unfortunately their hosting has been very underwhelming.. the server was unreachable for a few minutes yesterday not only once, but roughly once an hour, and I'd really rather be able to actually receive (and retrieve) my mail. Also their Plesk is quite slow. To be fair for their price it's more like I pay for the domain and get the hosting for free, but I digress..

I am also considering self hosting, but realistically that means running it on a VPS and keeping at secure and patched, which I'd rather outsource to a company who can afford someone to regularly read CVEs and keep things running. I don't really want to worry about maintaining servers when I'm on holiday for example and while an unpatched game server is an acceptable risk, I'd rather keep my email server on good shape.

So in the end the question is: Which provider can fulfill my email dreams?

My research so far:
1. Tutanota doesn't offer standard protocols. I get their reasons but that also makes me depended on their service/software, which I wouldn't like. Multiple domains only on the business plans.
2.With Migadu I could easily hit their limits of incoming mails if someone signs up for too many newsletters and I can't (and don't want to) micromanage that.
3. Strato: Unclear whether I can create mails for subdomains. Also I don't like the company for multiple reasons. However I can access a domains hosted there and could try...
4. united-domains: Unclear whether I can create mails for subdomains.
5. posteo: No custom domains allowed.

I'm getting tired.. *sigh*

Rewriting scripts to blacklist IPs of hacked accounts from SMTP logs. Very fun learning experience. Not really any other cool projects for me lol

Customers CEO insists we need to start the 3 weeks to deliver crunch website project by having the hottest UX design on the planet done by a professional UX specialist specializing in hotness who might charge a lot and take a few weeks and leave us no time to deliver said hotness. Grrrr.
I felt like Sirus Black as a dog bouncing of the chest of the werewolf.
When I explained in full why it's a great idea to have a great UX concept, the project is an education website, for the government, and it's WCAG AA. Balanced against all the reasons that we had more urgent things to look at with such a short timeframe they insisted "The UX Guy" will save us. Dear fascist bully boy. I am a UX guy! I may not be "The UX Guy" but I remember when Javascript was for popups and the extent of most peoples PHP was sending forms via anonymous SMTP. I bet the design will look something like the CNN website or Apple.com. Both bastions of web accessibility standards. Grrrrrr.

User gives printee asset # to configure scan to email function... Configure SMTP server settings ensure everything is correct... Ask user to test it... No go... Try different SMTP server still no go... Tweaks Configuration settings... No go... Finally after getting annoyed at my quite possible incompetents, I ask the user to confirm the printer asset number... They gave me the wrong printer asset the first time... [face palm]

I want to learn about the most important network protocols (HTTP 1/1.1/2, SSH, IMAP, SMTP, IMAP...) but reading the RFCs is extremely time consuming and probably not necessary for someone which doesn't need to implement these protocol.
Do you know more concise resources where I can learn more about the topic?

Have a question about email service providers. Specifically inbox delivery and warmup. Over the years I gathered a ~200k email database of players from my projects. I cleared them by using debounce.io and now I have 100k clean emails. That means I can send a mass newsletter and bounce rate should be good. Now my main question is what email services provider should I use? For email client I thought of setting up sendy.co, for hosting it use sendybay.com and for smtp use pepipost.com But the problem with sendy is that it sends emails without any delay. Like 2-3 emails a second. Is there a difference in terms of inbox delivery and domain reputation wether I send all emails in bulk with sendy or should I try to keep low profile and send lets say 1k a day? I have friends who use amazon ses and they are able to send even 100k a day, given that emails database is cleared(valid working emails) and bounce rate is low.

Normal people when they see the word 'Helo': Helicopter, misspelled "hello", nothing too complicated

Me when I see the word 'Helo': MALFORMED SMTP GREETING; EXPECTED DOMAIN

Need some help,
I am setting up postfix and I need it to accept all emails, from any domain (without a domain list), and forward it to a local address on the machine (It pipes into PHP, toscript@).

I have a catch-all working where it is forwarding the emails to the toscript@ mailbox dispite of the to address. But if I send an email to it that is not in the domain list it gets rejected as it's not in the domain list, Is their a known way to force Postfix to accept all domain emails without having a list of the domains in the server.

I have searched but no luck of a working solution, I have looked at the following with no working solution

Server Fault: 133190
Server Fault: 422468
Server Fault: 179419
Server Fault: 105641
Server Fault: 161321
Server Fault: 318426
Server Fault: 514643
Server Fault: 410053
Stack Overflow: 4772229
Super User: 353488

Looking at the docs I do not see anything for it but making it an open relay but I can't figure what settings to update to make it the open relay to capture all of the mail.

I know I am missing something but I can't figure out what it is!

::Rant::
I'd like to use Postfix as it seems very stable and it's not a hack job as some of the projects that I have seen. It also can communicate with all of the proper channels for SMTP and the Protocol as well as some very easy configs.

Want to send an email? Sure thing, how about you configure first a DKIM, DMARC, SPF and some reverse DNS. Otherwise your mail can go fuck itself, because it won't even make it to the spam folder. Even if you do all these time consuming fuckwit tasks I might just mark your mail as spam. Because fuck you, that's why.

Sending mail to Gmail in a nutshell.

!rant

Someone posted a link to a 30-day-security-challenge here on devRant some time ago and I just thought well, why not try to migrate away from the big companies - I've been using OneDrive as my only cloudstorage since the time when it was called SkyDrive and I've been hosting my Emails at outlook (via Live Custom Domains, a service that does not even exist anymore) for about 8 years now. Since I've always been lazy and since exchange activesync is a great feature if you have multiple calendars and want to sync them and your contacts to several devices I never tried to switch but now I am half done with migrating my data to my own nextcloud installation and my emails to my own mail server - since I don't want to loose the exchange functionality I am also setting up Z-Push and oh boy, this thing is bitching around but my webmail is already nicely integrated into nextcloud, IMAP / SMTP is up, configured and secured (still have to mess around with spamassassin as this email adress is floating around the web for about 10 years now). The only things to do is to get Z-Push work with STARTTLS and the card/caldav backend running and then the basic setup should be done.

I am just wondering if someone could hand me over a guide on how to sign / encrypt emails (GPG?)

I was thinking about a cli tool, involving sending emails through smtp because its purpose.
I was very happy finding out that Mozilla with the ISPDB offered a large list of configuration parameteres for various email provider, but I noticed that its not updated.
Any tips is welcomed

New to wordpress.

Wordpress gods,
How would i send a mail using 'wp mail smtp' plugin? I completed the procedure and test mail was successful. How would i call this from UI. No tuts saying anything about that i guess