It appears that Digital Ocean is being blocked – all the DO IP addresses – from SMTP access. I can neither send more receive email.
Just to obe sure it wasn’t that my MIAB server was too old, I set up another one, and it is also blocked.
The blocking organization says it is a Level-3, ISP wide block.
Does this match anyone else’s experience?
I have two MIAB installs at Digital Ocean since 2016, and both are having issues related to undeliverable mail and seemingly random failures receiving mail. I’m currently in the process of moving to Linode, however the IPv6 /64 assignments to Linode VPSs are causing me headaches. It seems to be a requirement to “pick” a single IPv6 address from the assigned range and manually configure the IP addresses within Ubuntu 22.04.
See this topic Proofpoint and Digital Ocean = Real Problems - #7 by vele
It seems that the DO Netherlands and UK are not listed on Level2 (at least some of them), check here UCEPROTECT®-Network - Spam Database Query
It seems they will never be delisted from Level3 but Level3 is not a problem. Just find a clean address (Not in red).
Migrate to those regions. When you are assigned new addresses check them first on https://multirbl.valli.org/
If they are listed release and renew.
I really dont think anyone worth a grain of salt is using UCEPROTECT (1,2,3)
I do feel like Digital Ocean is not the place to be hosting with for Mail.
So, concensus seems to be that, if I move the droplet to a foreign location where the IPs aren’t blocked, and make sure I get an unblocked IP by trying until it works, I could be OK. But, maybe DO isn’t a good place to host an email server any longer.
This makes me sad, since I’ve used DO for this, and a few other special projects since 2018, and maybe earlier. It easily beats (I tested it), Google, AWS, and Azure for application latency.
I am, I hope temporarily, migrating to Google Workspace, since I need email connectivity for my tiny business NOW, and I’ve already lost 3 days of communication to this problem.
Annoyingly, the DO support line promised a response within 24 hours. I did, in fact, get a response right away, which was an email of common problems completely unrelated to my question. And, in fact, I got a response within 24 hours, which was another “hey, tell us if this problem still matters to you, cause if you don’t, we’re going to close this ticket”. The DO response was every bit as useless as I would fear, and not even the slightest bit helpful, or promising, or anything other than “are you still there… why haven’t you just gone away… please go away”.
In case my sarcasm has masked my annoyance, I am not happy with DO.
Thanks for you here for your answers, pointers to messages I had missed, and your help.
I’m fairly new to the self hosting thing, but I am using a Contabo VPS and the only issues have been from my mistakes! Both IPv4 and IPv6 and great prices for the CPU and memory. Plus a huge amount of storage. I’m on their lowest tier and have the server, 400gb drive, and 250gb of object storage in another location for backup for under $10/month USD.
Typically they send you this:
and tell you to go away…
It appears that DigitalOcean’s IP addresses are globally blocked from SMTP access, affecting Mail-in-a-Box (MIAB) servers. This block is reportedly imposed by a Level-3, ISP-wide restriction by certain organizations. Setting up a new MIAB server confirms the issue is not server-specific. Further community feedback is needed to understand the extent and potential solutions for this problem.
I moved away from DO almost 2 years ago because of their poor reputation. DO finally started to block port 25 on new accounts in March (Why is SMTP blocked? :: DigitalOcean Documentation), but it is too little too late. Their reputation is terrible and they are not going to do anything about it.
There are several people complaining about it here on the MIAB discourse, and on Reddit (https://www.reddit.com/r/webdev/comments/n3wf0c/heads_up_if_youre_on_digitalocean_almost_their/)
Found this as well: Email Security | Query our DNSBLs via Digital Ocean DNS? Move to free Data Query Service
Not sure how much more proof you need.
Solution: Find another VPS provider.
Seems Contabo is worthy, I’ve used Vultr in the past with good luck (you do have to apply to them with a use case and a promise not to abuse to unlock port 25)
OCI has just been delisted from Level 3, so it is possible, but DO dosen’t give a s***
They got rid of the spammers in 14 days.
See here UCEPROTECT®-Network - Spam Database Query
If you wish write me a private message for instructions how to register on OCI.
I hae MIABs on DO in frankfurt and Amsterdam and i do not have any global bans. I fit some lame filter from time to time but nothing critical.
Just make sure to select a location that is not known to be a spammers haven.
I was messing around with my domain’s web forwarding in a recent week and my boneheadedness screwed up my entire email system.
It turns out it’s more has to do with DigitalOcean than my own domain.
Looks like I need to change the server.
Do you know how to transfer data from Digital Ocean server to different VPS like Linode? This is what I am trying to figure out right now.
I’d think the easiest way would be to create the Linode MIAB server, make a final DO backup, shut down DO, restore Linode from that backup, and change your glue records. I think the only way to avoid “down time” for your mail delivery would be to change your records while DO is still running and manually transfer any mail that gets delivered to DO after Linode takes over.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.