dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
25
share rss forum feed


Cabal
Premium
join:2007-01-21
Reviews:
·Suddenlink
reply to koitsu

Re: [Spam] Comcast reporting spam from my IP

They use the same notice for both spam and when they detect a large number of messages sent during a given period of time. It was probably the latter. You can call up and have the block removed, but you probably want to restructure how much mail you're sending and where.
--
Interested in open source engine management for your Subaru?



CleanGene
Premium,MVM
join:2008-04-09
Manassas, VA

said by Cabal:

You can call up and have the block removed, but you probably want to restructure how much mail you're sending and where.
Quite. My understanding (and someone will surely correct me if I'm wrong) is that the initial block can be lifted without much hassle. However, if abuse is detected again and the block is re-enabled, it will be permanent, and no amount of pleading will remove it.


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 edit

said by CleanGene:

said by Cabal:

You can call up and have the block removed, but you probably want to restructure how much mail you're sending and where.
Quite. My understanding (and someone will surely correct me if I'm wrong) is that the initial block can be lifted without much hassle. However, if abuse is detected again and the block is re-enabled, it will be permanent, and no amount of pleading will remove it.
Which means I'm not going to ask that the block be removed until Comcast provide me some evidence of said "spamming" or "mass mailing" (which isn't happening either -- I keep a very close eye on my SMTP logs). I want a Message ID, queue ID, Subject line, timestamp of the mail, or SOMETHING I can key off of.

Basically, Comcast needs to show me evidence of said problem before I'll believe there is one. Based upon their own web page with the "alternateport" option, it appears to me this is a very common problem.

rugby
I think I know it all.
VIP
join:2000-09-26
Plainfield, IN

I had the same thing happen to me with my Asterisk PBX and sending out voicemails. Comcast tagged those emails as spam and they just stopped going out one day. The bad part was that I wasn't checking my comcast.net email account so I never knew it was blocking them for a few days when people started emailing me asking why I wasn't returning their messages.



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

said by rugby:

I had the same thing happen to me with my Asterisk PBX and sending out voicemails. Comcast tagged those emails as spam and they just stopped going out one day. The bad part was that I wasn't checking my comcast.net email account so I never knew it was blocking them for a few days when people started emailing me asking why I wasn't returning their messages.
Interesting. I don't use VoIP or any form of local PBX, so in my case, that rules that option out.


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23
reply to Cabal

said by Cabal:

They use the same notice for both spam and when they detect a large number of messages sent during a given period of time. It was probably the latter. You can call up and have the block removed, but you probably want to restructure how much mail you're sending and where.
Do you feel this constitutes as a "large number of messages"? Note that the numbers are within a 24 hour period.

(06:36:00 jdc@icarus) /var/log $ for i in maillog*; do ls -l $i; echo -n "Mail sent in above log: " ; bzgrep -c 'relay=smtp.comcast.net.*mail accepted for delivery' $i; done
-rw-r-----    1 root      wheel     76376  3 Sep 06:28 maillog
Mail sent in above log: 3
-rw-r-----    1 root      wheel     16064  3 Sep 00:00 maillog.0.bz2
Mail sent in above log: 11
-rw-r-----    1 root      wheel     16649  2 Sep 00:00 maillog.1.bz2
Mail sent in above log: 31
-rw-r-----    1 root      wheel     11853  1 Sep 00:00 maillog.2.bz2
Mail sent in above log: 5
-rw-r-----    1 root      wheel     11102 31 Aug 00:00 maillog.3.bz2
Mail sent in above log: 13
-rw-r-----    1 root      wheel     13623 30 Aug 00:00 maillog.4.bz2
Mail sent in above log: 12
-rw-r-----    1 root      wheel     14918 29 Aug 00:00 maillog.5.bz2
Mail sent in above log: 4
-rw-r-----    1 root      wheel     18511 28 Aug 00:00 maillog.6.bz2
Mail sent in above log: 14
-rw-r-----    1 root      wheel     16669 27 Aug 00:00 maillog.7.bz2
Mail sent in above log: 25
 

I'm on hold now with their Abuse department to see if someone knows. The general Tier 1 support folk told me it happens for the reasons you described here, but were unable to tell me what circumstances triggered said issue.

After that, they tried to "sell me" on using SMTP AUTH and port 587, to which I asked "Was my use of port 25 the reason for the block?" "No, it definitely wasn't, let me get you over to Abuse so they can get logs for you".

I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose.

If anything, I'm willing to bet it's a miserable attempt to curb spam (running under the assumption that spambots and malware which send spam do not understand how to use SMTP AUTH, and don't have username/password credentials). It's the sign of an ISP who doesn't quite understand the problem...


bigchris
Do Not Shoot The Messenger
Premium,MVM
join:2002-04-29
Leesburg, VA

1 edit

said by koitsu:

I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose.

It's really simple. You need to authenticate to send and to do that you need a valid comcast.net ID and you need to know the password. Plus it'll work on and off the comcast network so for those people that travel with laptops it's a win win.

Edit: Since your are familiar with the SMTP protocol, you must also know that the RFCs state 587 requires authentication whereas 25 doesn't, but it supposed to be used only between MTAs whereas 587 is a client submission port.

just4info4

join:2001-11-13
Rockville, MD
reply to koitsu

If you have other PCs running on your network, you may want to check if there is anything running on those that may send bulk emails directly without going through your freebsd box.

A friend of mine received the same email and found out he had some unwanted program hijacked one of his PCs to send mails.

I'm not suggesting your PC is having virus. But I guess that is what comcast support would ask you to check anyway.



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

said by just4info4:

If you have other PCs running on your network, you may want to check if there is anything running on those that may send bulk emails directly without going through your freebsd box.

A friend of mine received the same email and found out he had some unwanted program hijacked one of his PCs to send mails.

I'm not suggesting your PC is having virus. But I guess that is what comcast support would ask you to check anyway.
Such isn't the case. I have outbound ACLs applied on my gateway (router), which do not permit any outbound packets to TCP ports 25, 110, 465, 587, and 993. The ACL allows a *single IP address* on my LAN -- the above FreeBSD box running postfix -- to send outbound packets to any of those ports.

Meaning: let's say I have a wireless network and someone somehow compromises it, gaining access to my local network, and that person uses a computer that sends out spam or has viruses of some kind. There's absolutely no way this would work due to the ACL. If they configured their mail client to use my local FreeBSD box as their SMTP server, that would work -- however, I'd have evidence of it in my SMTP logs, which I do not.

To my knowledge, there are no viruses or malware applications that can affect FreeBSD, and the machine is definitely not compromised (I rebuilt world/kernel literally last night).


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23
reply to bigchris

said by bigchris:

said by koitsu:

I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose.

It's really simple. You need to authenticate to send and to do that you need a valid comcast.net ID and you need to know the password. Plus it'll work on and off the comcast network so for those people that travel with laptops it's a win win.
Ah ha! That explains it! Thanks for cluing me in here. I was under the impression Comcast only permits Comcast IPs to connect to smtp.comcast.net (regardless of port #). That is obviously not the case. The below telnets were done from our co-located servers:

$ telnet smtp.comcast.net 25
Trying 76.96.30.117...
Connected to smtp.g.comcast.net.
Escape character is '^]'.
220 OMTA10.emeryville.ca.mail.comcast.net comcast ESMTP server ready
QUIT
221 2.0.0 OMTA10.emeryville.ca.mail.comcast.net comcast closing connection
Connection closed by foreign host.
 
$ telnet smtp.comcast.net 587
Trying 76.96.30.117...
Connected to smtp.g.comcast.net.
Escape character is '^]'.
^]
telnet> close
Connection closed.
 

What I'm saying: if Comcast provided customer-only (e.g. you must be on the Comcast IP network to use these) SMTP servers, they wouldn't need SMTP AUTH for said clients.

Edit: Since your are familiar with the SMTP protocol, you must also know that the RFCs state 587 requires authentication whereas 25 doesn't, but it supposed to be used only between MTAs whereas 587 is a client submission port.
Bzzt. Read the RFC yourself, Sections 6.1 through 6.4 -- specifically, the use of the word MAY. Meaning: requiring authentication on port 587 is *optional*. It's entirely up to the mail server administrator. By default most mail servers (postfix, exim, sendmail) require SMTP AUTH, but you simply change the said flag to "no" and voila, it acts just like port 25.


bigchris
Do Not Shoot The Messenger
Premium,MVM
join:2002-04-29
Leesburg, VA

said by koitsu:

Ah ha! That explains it! Thanks for cluing me in here. I was under the impression Comcast only permits Comcast IPs to connect to smtp.comcast.net (regardless of port #). That is obviously not the case. The below telnets were done from our co-located servers:

What I'm saying: if Comcast provided customer-only (e.g. you must be on the Comcast IP network to use these) SMTP servers, they wouldn't need SMTP AUTH for said clients.

Edit: Since your are familiar with the SMTP protocol, you must also know that the RFCs state 587 requires authentication whereas 25 doesn't, but it supposed to be used only between MTAs whereas 587 is a client submission port.
Bzzt. Read the RFC yourself, Sections 6.1 through 6.4 -- specifically, the use of the word MAY. Meaning: requiring authentication on port 587 is *optional*. It's entirely up to the mail server administrator. By default most mail servers (postfix, exim, sendmail) require SMTP AUTH, but you simply change the said flag to "no" and voila, it acts just like port 25.
And if you look at the ISPs you are going to find nearly all of them require AUTH on 587. The RFC was written to provide the option since it's intended to move mail clients away from using port 25, but, most implementations are using it also as a way to authenticate.

As to your other point of Comcast IP only SMTP servers, that doesn't help with bot'd computers, hence the requirement to authenticate which takes out large numbers of abusive connections i.e. spam.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 edit
reply to koitsu

said by koitsu:

I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose.
Actually, we can connect to 'smtp.comcast.net'. And, if we have Comcast account login information, we can even use those servers ("we" being people with non-Comcast IP addresses).

AFAIK, Comcast ACL determines whether authentication will be required on a port 25 connection, or not. However, authentication on a port 587 connection is an option, per RFC 2476, and designed to allow off-network access to the server.

P.S. Here are the headers of a test message I sent using 'smtp.comcast.net:25' from my 'at&t Yahoo! HSI' connection. I had my sister enter her Comcast UserID+Password into MS Outlook Express 6 for this test (I removed it, as well, all under her observation and supervision):
X-Message-Delivery: Vj0zLjQuMDt1cz0wO2w9MDthPTA=
X-Message-Status: n:0
X-SID-PRA: Nobody Special <%User_ID%@aosake.net>
X-Message-Info: R00BdL5giqo1XTLaUChNahr175TMsC/S6KjB9zol3BfaZjQnKq4vtqAE8fBRtHbzFTAz1iLNjpcbUMUgyWDIO+3D5UnquTTy
Received: from QMTA09.emeryville.ca.mail.comcast.net ([76.96.30.96])
         by bay0-mc6-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
         Tue, 9 Sep 2008 13:28:33 -0700
Received: from OMTA13.emeryville.ca.mail.comcast.net ([76.96.30.52])
        by QMTA09.emeryville.ca.mail.comcast.net with comcast
        id Cb9C1a00717UAYkA9kUZhG; Tue, 09 Sep 2008 20:28:33 +0000
Received: from KOZUE ([69.110.229.74])
        by OMTA13.emeryville.ca.mail.comcast.net with comcast
        id CkUQ1a00G1cxMfH8ZkUSfP; Tue, 09 Sep 2008 20:28:31 +0000
X-Authority-Analysis: v=1.0 c=1 a=rwb31lBxJdAA:10 a=o3u4MYfcgxoLfIYezdIA:9
 a=fKLyDDUhjBpPOlrBXQ4dt01VxLUA:4 a=LY0hPdMaydYA:10 a=gRn_d5DV6HbZut_hC3EA:9
 a=Z7eiLN8CKFuq9b8dRLEA:7 a=FT8Wqm9bYy5vJwRVAAiudS4QW68A:4 a=AfD3MYMu9mQA:10
Message-ID: <F66CDFE82D3B432C9DD161F97F9C3AB1@KOZUE>
Reply-To: "%User_ID% Special" <%User_ID%@pacbell.net>
From: "Nobody Special" <%User_ID%@aosake.net>
To: <%User_ID%@msn.com>
Subject: [TEST] Just checking
Date: Tue, 9 Sep 2008 13:28:16 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="----=_NextPart_000_0004_01C9127F.EAEF07D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Return-Path: %User_ID%@aosake.net
X-OriginalArrivalTime: 09 Sep 2008 20:28:33.0614 (UTC) FILETIME=[A14C9EE0:01C912BA]
 

Apologies for duplicate information. I was waiting on my sister to finish up doing girl stuff in preparation for an outing, so I didn't get the authorization for testing, or read on, until later in the cycle.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 edit

said by NormanS:

said by koitsu:

I'm still trying to wrap my brain around why SMTP AUTH is required for sending mail through their mail servers on port 587. Internet folks (non-Comcast customers) cannot connect to Comcast's outbound mail servers, and Comcast will always know who sent mail through their servers based on IP number, so I'm baffled at the purpose.
Actually, we can connect to 'smtp.comcast.net'. And, if we have Comcast account login information, we can even use those servers ("we" being people with non-Comcast IP addresses).

AFAIK, Comcast ACL determines whether authentication will be required on a port 25 connection, or not. However, authentication on a port 587 connection is an option, per RFC 2476, and designed to allow off-network access to the server.
EDIT: Oops! I completely misunderstood what you were saying here, Norman. I realise now you were talking about non-Comcast IPs being able to talk to smtp.comcast.net (presumably used for Comcast customers on laptop who roam, and don't want to have to change their mail client settings every time).

Everything you said is understood.