fldiver
Premium
join:1999-12-27
Jacksonville, FL
| [Spam] Received the SMTP Abuse email
Well just received the wonderful abuse email from Comast abuse. However I am a Malware Engineer by profession so I would know if I was sending spam...aside from that, I use Linux not Windows. The only thing I use Windows for is my job and all of that traffic goes through the VPN. So it seems to me that this based on other posts I have seen is further indication Comcast is closing down 25 to residential traffic. I don't really have any issues with blocking 25 but I have a major issue with them doing it under false pretenses..Port 587 works fine btw..
-Dan |
|
Norm
@comcast.net
| I was blocked in/out of port 25 on Oct 5th 3:45am
(Boston area) and received the Comcast email with no
warning.
I've been using both in/out port 25 for 10+years and
never had a problem. I check my logs and
their is no evidence of SPAM or traffic, in fact
I average less If you prefer you can call our Network Security Department
> at 856-317-7272 |
|
jblues
join:2001-04-28
Allen Park, MI
 ·Comcast
edit:
October 6th, @12:13PM
| reply to fldiver
How they determine that is a mystery. I know I am not spewing spam or a bot either. I believe that is just to get everyone to Port 587. Blaming people for non-existent abuse is bad, I agree. But with everything else Comcast does, I guess it looks minor in the big picture.
I do wonder, do they ever remove the block? I changed everything, so no big deal. I didn't feel like fighting with the Security department. |
|
mardyron
join:2004-02-06
Hydes, MD
| reply to Norm
Ditto, same here. Got the same BULL**it email from them & I got some real nasty crap from the tech when I went into their "CHAT". 1st I was told it wasn't a virus, then I was told to do a free online virus check, I was then told to change the port temporarily to "587".
I run a the latest SAV software, not too mention i check for Adware with the latest "Adaware" software. But i did run the online checker & guess what, no viruses.
Not too mention i changed the port to the "587" as suggested & guess what, I'm still blocked. What a complete bunch of morons.
I'm sure this has something to do with their NEW bandwitdh monitoring. These idiots to screw up a wet dream. I'm still waiting for their tech support to fix an issue with my "personal webpage" that is blocked & has been for 6 months. Complete & utter ignorance. I guess it is time to go FIOS. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| said by mardyron  :Not too mention i changed the port to the "587" as suggested & guess what, I'm still blocked. What a complete bunch of *****s. I'm sure this has something to do with their NEW bandwitdh monitoring. These idiots to screw up a wet dream. I'm still waiting for their tech support to fix an issue with my "personal webpage" that is blocked & has been for 6 months. Complete & utter ignorance. I guess it is time to go FIOS. Nothing to do with their bandwidth monitoring. Apparently, just sending to a larger than "normal" list of recipients can trigger the block; based on other reports in this forum.
Port 587 shouldn't be blocked by Comcast. If you can't get through to 'smtp.comcast.net:587', you need to investigate the issue further. Firewalls, and other security apps, may cause such a failure.
As for port 25 outbound access, I have not needed it since 'smtp.mail.yahoo.co.jp' finally added port 587 access some time in 2006. The message submission servers I have access to include:
• mail.pacbell.net:587
• smtp.aim.com:587
• smtp.aol.com:587
• smtp.att.yahoo.com:465 w/SSL
• smtp.gmail.com:L587 w/TLS
• smtp.gmx.net:587
• smtp.mail.yahoo.com:465 w/SSL
• smtp.mail.yahoo.com.au:465 w/SSL
• smtp.mail.yahoo.co.jp:465 w/SSL
• smtp.myrealbox.com:465 w/SSL
• smtpauth.sbcglobal.net:587
Not a one of those servers requires me to use port 25. If you have service from a third party provider who is anal-retentive about offering access via a different message submission port than port 25, though, that could be problematic.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
SolarPup
Cable Dawg
Premium
join:2002-03-07
The Pound
clubs:
 ·AT&T CallVantage
 ·Osiris Communicati..
·FRII Front Range I..
| reply to fldiver
I got the same thing, and I know for sure I dont have spam going out of there, as all of my port 25 traffic is rerouted to another PC then sent out via port 587. I also have an ACL active that prevents traffic out of port 25. I dont get it.
--
...I don't have a 8mb speedy connection, I fly through the net at low altitudes! |
|
KodiacZiller
join:2008-09-04
73368
| Same here. I only use Gentoo and have everything locked down. The chances of a virus on my Linux box are .000001%. I also have my router spew its logs to /var/logs locally. I check them often and never see anything going on with port 25.
Further, I never have sent an e-mail through my Comcast account. I exclusively use web mail accounts. So the "too many recipients" argument doesn't work in my case either.
Comcast has a very shoddy system for determining who is spamming and who isn't. It's ridiculous. |
|
mardyron
join:2004-02-06
Hydes, MD
| reply to NormanS
Well funny things is, there are 2 PC's on my home network. Only a total of 4 emails sent last month (using the crapcast network), go figure how they determine SPAM. All 4 emails were sent to my work PC. So that is total BULL**IT. As for the port: 587, it was blocked, it started working last night after I bi**hed some more, but guess what ----Port: 25 is working again. Seems to me Comcast is loosing it. Now 1 of my wife's account, her main 1 is STILL blocked on both ports. Yet even their tech says it isnt. So they are full of ***t. |
|
Aprilk
join:2002-09-11
Burlington, NJ
| reply to fldiver
I got the same email, that I was sending out spam.. Funny, I'm behind a router, I've been using port 465 for a year now and there is nothing in my logs that shows email going out on any other port than what I intentionally sent out. I run a virus scan each and every evening and show absolutely no infection. I've run adaware and spybot and again, no infections whatsoever. I've also got port 21 and 25 blocked by my router.
I use another port for email that I send out under my own domain name. Nothing unusual on that port either.
I was told to switch to port 587 but that port would not work for me. I am finally working again after a 48 hour hold on port 465.
My children check their email through comcast webmail, I use Pegasus and the HTML is turned off for all email. All email is scanned coming in and going out. All attachments are scanned before they are opened. The only thing that has been running alot on the computer is STEAM where my kids play online and online Battlefield 2142. The only complaint I have heard is that comcast burps and my kids get thrown out of the online game they were playing. It happens a lot on weekends and right after school. Lately comcast has been popping up the login window saying the password is incorrect on mail checks. I just shut it and try a few minutes later, without changing the information in the popup box, and the email works fine the next check.
I can't think of a way my computer was sending out spam. The only thing I can see is someone using my email address as the return address. That has happened in the past but I usually get a bunch of bounced email and I know someone did that. Nothing has come in this time. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to mardyron
Comcast has their problems. Being full of stuff is not one of them. I know I am inclined to curse at my computer, from time to time; but, invariably, the problem I am cursing at turns out to be PEBKAC. Or, as we used to say in the Army, "Operator Headspace".
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
bigchris
Do Not Shoot The Messenger
Premium
join:2002-04-29
Leesburg, VA
·Vonage
| reply to mardyron
said by mardyron :Well funny things is, there are 2 PC's on my home network. Only a total of 4 emails sent last month (using the crapcast network), go figure how they determine SPAM. All 4 emails were sent to my work PC. So that is total BULL**IT. As for the port: 587, it was blocked, it started working last night after I bi**hed some more, but guess what ----Port: 25 is working again. Seems to me Comcast is loosing it. Now 1 of my wife's account, her main 1 is STILL blocked on both ports. Yet even their tech says it isnt. So they are full of ***t. A few questions and points:
1) How did you determine only 4 emails were sent?
2) 587 is never blocked, so if you cannot connect on it then something is wrong at your end.
3) Any block is not implemented per account but per modem, so it's impossible for your wifes account to be blocked and yours not to be unless they are using different modems. |
|
mardyron
join:2004-02-06
Hydes, MD
| well that is real ez to determine how many emails are sent, since I have it set to save a copy of sent emails. You are wrong, her email account was put on hold, I finally got it verified, 2 of the 3 accounts she uses were & are working. As for the port 587 it wasn't working, plain & simple, although it really doesn't matter since all are back on port: 25 & working now. Seems like Comcast were just being complete utter A**ES.
Frankly scarlet I don't give a damn, if they screw my account 1 more time I'm leaving them, I pay good money for their harrassment of crappy tech's |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
·AT&T Southwest
edit:
October 8th, @11:29AM
| said by mardyron :well that is real ez to determine how many emails are sent, since I have it set to save a copy of sent emails. You are wrong, her email account was put on hold, I finally got it verified, 2 of the 3 accounts she uses were & are working. As for the port 587 it wasn't working, plain & simple, although it really doesn't matter since all are back on port: 25 & working now. Seems like Comcast were just being complete utter A**ES. Frankly scarlet I don't give a damn, if they screw my account 1 more time I'm leaving them, I pay good money for their harrassment of crappy tech's One thing you have to do is clear your mind set that is mail being sent by the email client on your machine that you routinely use or Web Mail for that matter. That's probably not the case. If you get a mail bot it will probably use it's own smtp engine and send emails without your knowledge unless you have something monitoring your outbound connections. None of these will be in the "Sent" message folder.
As to the other stuff your mentioned I'm not sure but I tend to agree with bigchris and that it is highly doubtful that port 587 was blocked.
If Comcast would just go ahead and lock down port 25 they could forget about all this BS and be done with it. |
|
Cabal
Premium
join:2007-01-21
Boston, MA
| reply to mardyron
said by mardyron :well that is real ez to determine how many emails are sent, since I have it set to save a copy of sent emails. Uhhh, no, malware generally doesn't do you that courtesy.
--
Why did Obama sue Citibank under the CRA to force it to make bad loans? |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to mardyron
said by mardyron :well that is real ez to determine how many emails are sent, since I have it set to save a copy of sent emails. I will just add to jbob 's and Cabal 's statements. If you have been "owned" by a spamming 'bot, there could be other issues, including the malware futzing with the 'netstat -an' command, such that you wouldn't see the outbound connections. Your first response to the Comcast notice should not have been to be incensed at the allegations, but to run a thorough check of your system for malware.
I believe the Comcast notice may be a "one size fits all" notification, so you might get one for triggering the block for too many RCPTs in outbound email. But, if your mail client only shows four outbound email messages, and none of them had more than two, or three RCPTs ("RCPT" is SMTP-talk for "recipient"; and 1 email to 100 RCPTs is the same as 100 emails to 1 RCPT each, as far as Comcast is concerned), then the scan is essential.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
mardyron
join:2004-02-06
Hydes, MD
moderated:
October 8th, @05:22PM
| Well believe what you want. I don't care. My virus scanner is SAV the corporate edition, No viruses found. I used bitdefender & housecall as per the "tech" & guess what, no viruses or spyware found. on either machine. so it is real funny that they send out that message to tons of people to harass them, just to make people go thru hoops.
My buddy got the same message & went thru the same hoops, only to have his email working 24hrs later. He opted to NOT change the ports.
So COMCAST IS incorrect. |
|
Cheese
Premium
join:2003-10-26
Naples, FL
clubs:
moderated:
October 8th, @08:37PM
| said by mardyron :Well believe what you want. I don't care. My virus scanner is SAV the corporate edition, No viruses found. I used bitdefender & housecall as per the "tech" & guess what, no viruses or spyware found. on either machine. so it is real funny that they send out that message to tons of people to harass them, just to make people go thru hoops. My buddy got the same message & went thru the same hoops, only to have his email working 24hrs later. He opted to NOT change the ports. So COMCAST IS incorrect. SAV? Ugh. Bitdefender is no better in my opinion. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA | reply to mardyron
And Hijack This showed? |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH | reply to mardyron
Well, this will probably incense you more, but when I se a user defending his anti-malware, I expect even more that his system has been hijacked.
Please run a full suite of test. The security forum here is helpful. |
|
EG
The wings of love
Premium
join:2006-11-18
Union, NJ
| reply to mardyron
said by mardyron :Well believe what you want. I don't care. My virus scanner is SAV the corporate edition, No viruses found. I used bitdefender & housecall as per the "tech" & guess what, no viruses or spyware found. on either machine. Can any of those applications detect *rootkits* ? |
|
