Smokey
Even drunk on a bet ya make it to Canada
Premium
join:2003-05-20
Va Beach
clubs: | Be honest!!
If you are going to block it, at least be upfront about it.
--
TEAM USA!! |
|
kharri1073
join:2001-03-22
Englishtown, NJ | yea just happened to me the other day, i was in the dark as to why i couldnt access my 1and1 account... |
|
IhatemyISP
MM2 Corbski
Premium
join:2003-01-27
Japan | Want cheese with that whine?
Oh boo hoo.
Just about every major ISP is blocking port 25.
It's the norm.
Cry me a river. |
|
jaa
Premium,MVM
join:2000-06-13
 ·Optimum Online
 ·Vonage
| Any restriction is a service downgrade
Any additional restriction a provider places on a service is a downgrade. The only question is how important that downgrade is to a particular subscriber.
Inbound port 25 blocking only affects users running their own mail servers - which OOL already prohibits.
Outbound port 25 blocking only affects those who use an external smtp server, which is probably a small percentage. Of those, most can either switch to use the OOL smtp server, or use an alternate port for their mail server.
Those who are most affected may leave for another service. Unfortunately, they may have a hard time finding a provider who does not block port 25, or worse, switch to another provider just to find they start blocking port 25.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
Wildcards2000
@washdctt.d
| Punish everyone else because of a few people
So cable companies are going to punish everyone else because of a few bad apples? Why not monitor the layer 2 and block the MAC if the person is sending 100 email through port 25 in a 24hrs period? This is very easy to do. I fact that is what I do with my company's firewall. If we get hit with email viruses, I can tell where it's comes from and block it at the firewall. Come on people, start thinking out of the box!! |
|
Plasticman
Will Work For Bandwidth
Premium
join:2002-09-06
Harrisville, RI
clubs: | reply to jaa
Re: Any restriction is a service downgrade
Well if they want to have access to port 25. Then they should see about upgrading to a SOHO account.......
Plasticman |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
 ·Site5.com
 ·AT&T Midwest
·Comcast
| Blame the morons who don't secure their systems
As much as I want to blame the ISP, this isn't their fault. The problem is the fact that the common users don't secure their systems. Then, when thousands of zombied PCs are spamming the general population, you hear a lot of tough talk coming from the people here. Shut down their internet access! Do something to stop the flow of spam! Well, when they do something about it, everyone bitches.
To be honest, it is easier to do a blanket block of port 25. The simple fact of the matter is that there are people out there that run their own mail servers and don't secure them. These wannabe administrators make a bad name for those of us who take security seriously. It is a couple bad apples that will ruin it for the rest of us.
As a rule, I would close down port 25, 80, and other ports that cause problems as default. If a user wanted those open, I would make sure they signed a waiver stating if their system was comprimised, their access would be shut off at a moments notice. That way, security pros would make sure to keep up with the patches, while those morons who don't take it seriously would have no access and LEARN how to patch when their access gets shut off.
I know, it is a pretty basic plan, but it is a shame that some of these ISPs don't come up with a similar plan.
--
My Domain
Nightfall's Hockey and Life Journal |
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| reply to Wildcards2000
Re: Punish everyone else because of a few people
said by Wildcards2000:
So cable companies are going to punish everyone else because of a few bad apples? Why not monitor the layer 2 and block the MAC if the person is sending 100 email through port 25 in a 24hrs period? This is very easy to do. I fact that is what I do with my company's firewall. If we get hit with email viruses, I can tell where it's comes from and block it at the firewall. Come on people, start thinking out of the box!!
That may be very easy for you to do, but it's not the simplest thing when you have millions of customers. Your company's pf box or Cisco probably doesn't scale that high.
--
Jimmysquid.com - I take pictures. |
|
jaa
Premium,MVM
join:2000-06-13
·Optimum Online
·Vonage
| reply to Plasticman
Re: Any restriction is a service downgrade
They do not need to upgrade to SOHO. They can just use an alternate port. My hosting company provides and alternate port. 1and1 provides an alternate port.
I just don't see why this is an issue. The problem is that port 25 has 2 uses: mail server to server transfer, and mail client to server transfer. Should have been using two different ports from the beginning.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
jaa
Premium,MVM
join:2000-06-13 | reply to Wildcards2000
Re: Punish everyone else because of a few people
It is not punishment. They should just use a port different than 25 - is that too much to ask? |
|
Wildcards2000
@washdctt.d
| reply to Rhobite
"That may be very easy for you to do, but it's not the simplest thing when you have millions of customers."
It's very easy to do. It doesn't matter how many people you have.  |
|
lazarus_
join:2002-08-31
Resolute, NU
3 edits | reply to Smokey
Re: Be honest!!
Why block 25 inbound? |
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| reply to Wildcards2000
Re: Punish everyone else because of a few people
said by Wildcards2000:
It's very easy to do. It doesn't matter how many people you have.
No, it really isn't. Your solution, whatever it may be, probably doesn't scale.
--
Jimmysquid.com - I take pictures. |
|
lesopp
join:2001-06-27
Land O Lakes, FL
| reply to IhatemyISP
Re: Want cheese with that whine?
After hearing all the bragging about speed, a little whining will provide some balance. Although smtp is now blocked I am sure it happening much faster.
Welcome to the real world OOL users, sorry to hear your service provider is becoming more like ours. |
|
hedyd4u
Premium
join:2003-12-16
Schenectady, NY
| Restrictions are the norm today
Every time someone gets hurt or is unhappy the solution is to place a blanket law or restriction on the whole. And little by little all freedom will be lost. Use another port and it will soon be blocked too.
Do this don't do that can't you read the sign. |
|
visio
join:2001-08-29
Clifton, NJ | reply to Rhobite
Re: Punish everyone else because of a few people
If CV/OOL has the ability to cap a specific user, after their systems determine that specific user is 'abusing' upload bandwidth, im sure they have the ability to track specific users who are mass-mailing out of port 25. |
|
IhatemyISP
MM2 Corbski
Premium
join:2003-01-27
Japan | reply to lazarus_
Re: Be honest!!
said by lazarus_  :
Why block 25 inbound?
To block open relay servers. |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to lazarus_
said by lazarus_ :
Why block 25 inbound?
There is no particularly good reason, honestly. About the only reason to do so is if a host is compromised, and the attacker wants a standard promiscuous relay. Relaying can nonetheless be done on a compromised host, as the method of injecting the messages need not take place over port 25.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here
Jeopardy! replies REALLY suck! |
|
Jeremy341
Bye
Premium
join:2000-01-06
localhost
| reply to Wildcards2000
Re: Punish everyone else because of a few people
said by Wildcards2000:
Why not monitor the layer 2 and block the MAC if the person is sending 100 email through port 25 in a 24hrs period?
My ISP does something similar. If they detect a large amount of outgoing mail, the modem's configuration file is changed to one that blocks outbound e-mail, and the modem is rebooted. That way, the customer loses all access to e-mail, and has to call in. Then when they call in, they're told why they're blocked, and that they need to clean up their system. |
|
kd6cae
P2p Shouldn't Be A Crime
join:2001-08-27
Lancaster, CA
·RoadRunner Cable
·DSL EXTREME
| users should have the choice to open blocked ports
I don't mind the blocking of ports necessarily, but what I do mind is that users that want to run their own mail server for instance aren't given the choice of having port 25 open. You shouldn't have to change a port that a server runs on just because of a few people! I actually wouldn't feel to strongly on this if it were any other service such as web or FTP for instance, but as I mentioned in an earlier thread not long ago, the way email works is like this. If I send a message to my friends mail server which BTW I can no longer do, the mail server I send through looks for the MX record for the domain to which the message is destined for. The MX record shows the IP address of the mail server that is to receive incomming messages for the domain. Nowhere in the MX record does it say what port on the server it is to connect to! This is because all servers know that they are to connect to port 25 on the MX host! for a time a couple years back I ran my own mail server because my ISP's mail server was awful and would either never deliver messages I sent, or I'd email someone about plans for something we were gonna do that day, and they'd receive the message 3 days later! when I ran my own mail server, mail always got where it was suppose to when it was suppose to, 100 percent of the time! So although my friend could change the port his SMTP server listens on, that would only allow me to send outgoing mail from his domain, but anyone wanting to send mail to my friend? Well their messages would never ever get to his server! They should be punishing the users of zombies, not everyone, I mean if that's how IsP's what to handle things and they don't want us running our own servers where we have control of what's going on with our servers instead of them, just block globally ports 1-65535 at the ISP, and I garuntaee the complaints will flood in. It's the same internet whether you're on cable, DSL, a T1 or an OC12! So if an ISP wants to restrict their users and what they can do on the internet, then at least give those that want to run their own servers and those users only the chance to do so! |
|
