Stop Letting Shared Hosting Kill Your Email Deliverability
There is nothing—absolutely nothing—more frustrating than configuring a perfect mail campaign, hitting send, and watching your logs fill up with 550 5.7.1 Service unavailable; client [x.x.x.x] blocked using Spamhaus. If you are still trying to run mission-critical email infrastructure from a cheap shared hosting account, you are digging your own grave. The noisy neighbor problem isn't just about CPU stealing anymore; it's about IP reputation.
I’ve spent the last week migrating a client from a saturated shared cluster to a dedicated CoolVDS instance here in Oslo. Why? Because one spammer on their old subnet got the whole range blacklisted. In 2010, owning your IP address and your Reverse DNS (PTR) record is not optional. It is the baseline for professional communication.
This guide cuts through the noise. We aren't setting up Sendmail (friends don't let friends use m4 macros). We are deploying Postfix—modular, fast, and secure. We will configure it for high deliverability, set up SPF, and look at the specifics of hosting this within Norway's regulatory framework.
1. The Foundation: Clean IP and Reverse DNS
Before you even run apt-get install, check your network environment. Postfix can be configured perfectly, but if your PTR record doesn't match your HELO hostname, major ISPs like Hotmail and Yahoo will drop your packets at the gate.
When you provision a VPS, verify the latency and the reputation.
# Check latency to NIX (Norwegian Internet Exchange)
ping -c 4 193.156.90.1If you are seeing double-digit latency from within Norway, your provider is routing traffic through Frankfurt or London. That adds unnecessary hops. At CoolVDS, our Oslo datacenter connects directly to NIX. Lower latency means faster SMTP handshakes, which actually matters when you are processing thousands of queue items per hour.
The rDNS Check
Ensure your hosting provider allows you to set a custom PTR record. If your IP resolves to static-customer-123.isp.com, you look like a botnet drone. It must resolve to mail.yourdomain.no.
2. Installation and Basic Configuration
Let's assume you are running Debian 5 (Lenny) or Ubuntu 10.04 LTS. If you are on CentOS 5.5, the paths differ slightly, but the logic holds.
apt-get update
apt-get install postfix mailutilsDuring the ncurses setup, select "Internet Site". Once installed, we go straight to /etc/postfix/main.cf. This file controls the daemon's soul. Here is a hardened configuration block that balances security with compatibility.
# /etc/postfix/main.cf
# Identity
myhostname = mail.yourdomain.no
myorigin = /etc/mailname
mydestination = $myhostname, localhost.$mydomain, localhost
# Network
inet_interfaces = all
inet_protocols = ipv4
# The most critical part: Restrictions
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.netPro Tip: Notice the RBLs (Real-time Blackhole Lists) at the end. By querying Spamhaus and SpamCop at the SMTP level, we drop spam connections before wasting CPU cycles or disk I/O on processing the body. On high-traffic servers, this reduces load significantly.
3. Storage Performance and The Queue
People often ignore disk I/O for mail servers, thinking it's just text. They are wrong. Postfix relies heavily on the spool directory (/var/spool/postfix). Every email is written to disk, moved between queues (incoming, active, deferred), and finally logged.
If you are running a mailing list or handling corporate email for a large Norwegian firm, standard SATA drives will choke during a broadcast. You will see the "iowait" spike in top, and mail delivery will lag.
This is why we equip CoolVDS nodes with high-performance RAID-10 storage arrays. While Solid State Drives (SSDs) are still an expensive luxury in the enterprise space, using a VDS backed by a fast SAS array with a battery-backed write cache is essential to keep the mail queue moving without stalling the CPU.
4. Security: SASL and Encryption
We are past the days of open relays. You need authentication (SASL) and encryption (TLS). In 2010, sending plain text passwords over port 25 is negligent.
First, generate a certificate (or buy one if you don't want clients complaining about trust errors):
openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/postfix.pem -keyout /etc/ssl/private/postfix.keyThen enable TLS in main.cf:
smtpd_tls_security_level = may
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.key
smtpd_tls_loglevel = 1This enables opportunistic TLS. If the receiving server supports encryption, we use it. If not, we fall back to text. It’s the standard for interoperability.
5. Norwegian Compliance: Datatilsynet and Logs
Here is where the local context bites. Under the Personal Data Act (Personopplysningsloven), email metadata can be considered personal data. The Data Inspectorate (Datatilsynet) is strict about how long you keep logs and who has access to them.
If you host outside of the EEA (European Economic Area), you are entering a legal minefield regarding transfer of personal data. Hosting on a US server subjects you to the Patriot Act.
By hosting your Postfix server on a CoolVDS instance in Norway, you simplify compliance. Data stays within national borders. However, you must manage your logs. Don't just let /var/log/mail.log grow forever.
# /etc/logrotate.d/postfix
/var/log/mail.log {
weekly
rotate 4
compress
delaycompress
missingok
create 640 root adm
}Keep logs long enough for troubleshooting (4 weeks is standard), but don't hoard them for years unless legally required. It creates a liability.
6. SPF: The verification layer
Sender Policy Framework (SPF) is becoming the standard for proving you are who you say you are. It’s a TXT record in your DNS.
If your server IP is 80.x.x.x, your DNS TXT record should look like this:
v=spf1 ip4:80.x.x.x a mx -all
The -all is aggressive; it tells the world "if the email didn't come from this IP, delete it." If you are migrating, use ~all (soft fail) for a week to test.
Final Thoughts
Running a mail server in 2010 is not for the faint of heart. It requires vigilance against relay attempts, monitoring of RBLs, and a stable underlying infrastructure. But the payoff is total control and privacy.
Don't let a slow disk subsystem or a dirty IP range destroy your communication channels. If you are ready to deploy a mail server that actually delivers, spin up a CoolVDS instance. Our network is clean, our storage is fast, and our servers are right here in Norway.