use of Sonic's SMTP for outbound *server* smarthosting?

[blakers]

I've run my mail server from behind my Legacy DSL static/29 for ages.

Switching to FTTN, I of course lose the (local) staticIP.

I'll eventually move to my own VPS-hosted solution, but for the time being I need a reliable/reputable smarthost to forward outbound mail through.

No way I'll use AT&T's servers.
Fastmail.fm is my preferred non-local option.
I'd prefer a 'local' smarthost.

I know Sonic has outbound SMTP/submission.

Couple of questions, in no particular order,

(1) Does policy (dis)allow *server* smarthosting, not just use by MUAs?
(2) What, if any, are the per-message, recipient-count and attachment-size restrictions for outbound mail?
(3) Are outbound emails from Sonic's servers DKIM signed?
(4) What, if any, outbound filters (spam, A/V, etc) are applied?

[kgc]

(1) Does policy (dis)allow *server* smarthosting, not just use by MUAs?
(2) What, if any, are the per-message, recipient-count and attachment-size restrictions for outbound mail?
(3) Are outbound emails from Sonic's servers DKIM signed?
(4) What, if any, outbound filters (spam, A/V, etc) are applied?

1) Customer are generally welcome to smarthost. Exceptions to this policy are addressed on a individual case basis and are generally caused by configuration errors or poor mail policies resulting in a bad spam/ham ratio. If your server adheres to BCPs, you should be fine.

2) Maximum message size is 35882577. Other limits are very unlikely to cause any issues.

3) No.

4) A/V and an in-house maintained outbound spam filter are used to filter outbound mail.

[toast0]

I was smarthosting through sonic's outbound for a long time, as part of forwarding my domain mail to a 3rd party mailserver. You'll probably want to run an A/V on your inbound, as well as at least rudimentary spam filtering to avoid tripping the filters on Sonic's servers.

[blakers]

> 3) No.

Does Sonic strip DKIM headers from outbound mail? Likely not ...

If my server DKIM-signs b4 forwarding thru the Sonic smarthost, are there any header mods I need to make to preserve my signs, unaltered, so they're properly recognized/analyzed by downstream, recipient servers?

> 4) A/V and an in-house maintained outbound spam filter are used to filter outbound mail

Is the outbound A/V on *all* attachment types? Are compressed payloads excepted (tar.gz, zip, xz, etc)? If not, then IIUC, if I want to send an administrative report with an attached payload, e.g. to an A/V mailing list, other admin, etc, I have to find another path?

Also, are GTUBE test strings allowed & excepted from scans?

[kgc]

> 3) No.
Does Sonic strip DKIM headers from outbound mail? Likely not ...

That would be silly!

> 4) A/V and an in-house maintained outbound spam filter are used to filter outbound mail

Is the outbound A/V on *all* attachment types? Are compressed payloads excepted (tar.gz, zip, xz, etc)? If not, then IIUC, if I want to send an administrative report with an attached payload, e.g. to an A/V mailing list, other admin, etc, I have to find another path?

Also, are GTUBE test strings allowed & excepted from scans?

All attachments are scanned including archives but we do not block password protected archives. If you have a need to send virus samples, you'd have to encrypt them or find another means to submit them. I don't know about the GTUBE test signatures (I use the EICAR test signatures), but I would expect them to be blocked.

[blakers]

> That would be silly!

I agree. Would hardly be the 1st time I've seen it done, though, so I ask. Personally I think it's unwise to have an outbound mailer of any kind -- smarthost, forwarder, or otherwise -- that's NOT DKIM signing, but ... different strokes. Thanks for clarifying.

> we do not block password protected archives. If you have a need to send virus samples, you'd have to encrypt them

Good enough! Thanks.

And, right. GTUBE for spam, EICAR for A/V ...

[kgc]

We publish a SPF record on mail.sonic.net to include in your own record if you are so inclined but have not chosen to sign mail with DKIM.