US Cable Support > Comcast HSI > Comcast blocked port 25 (SMTP)???

Comcast blocked port 25 (SMTP)???

Customer Security Assurance Notice

Dear Comcast Customer:

Action Taken:
In an effort to help prevent spam and ensure the security of our network and customers, Comcast has modified your modem’s settings to prevent the sending of email on port 25. That is the default port email programs such as Outlook Express use to send email. We’ve taken this action because we may have detected virus-like activity from your modem or received reports from other email providers that mail from your modem generated complaints from their users. Please read this message to understand how this action may impact your ability to send email and what you should do next.

Comcast Webmail Users:
If you use a web browser to access your Comcast.net email, this action will not affect your ability to send or receive e-mail. This action also does not affect any non-Comcast webmail services.

Email Program Users (Outlook Express, Outlook, MacMail, etc.):
If you use an email program, this action will disable your program’s ability to send email until you change your email program settings to send email on port 587. Port 587 uses authentication and is an industry-recommended alternative to port 25. If you use Outlook Express and Comcast.net email, Comcast has provided a simple one click fix for you to use with Internet Explorer. If you use another email program such as MacMail, Eudora, or Thunderbird, please visit our client page for information on how to change the settings for sending email in your email program.

If you are not using Comcast.net email and use another email provider, please contact your provider for its recommended port settings. Most email providers offer an alternative to port 25 for sending email.

All Users:
To help protect your security and privacy, it is important to regularly check for and remove any possible viruses from your computer. You can do this using the comprehensive security suite available from Comcast to subscribers at no additional charge or by using other popular antivirus solutions that are widely available. In addition, Comcast recommends that you secure any wireless network in the home and that the operating systems on your computers be updated regularly with the latest security enhancements. Please visit the Comcast.net security channel for more information and tips on how to enjoy a safe and secure online experience.

If you have additional questions please visit www.comcast.net/help.

Thank you for choosing Comcast!

Sincerely,

Comcast Customer Security Assurance

Someone could have hacked into your network & is spamming on port 25.

reply to lordie
Is your Comcast connection really your own account?

I have come across (more than once, sadly) where another "ISP/telco" was essentially reselling a Comcast business account, meaning they put a Comcast modem in the basement of a building, with a switch, then gave different companies in the building their own "dedicated" Ethernet run that went back to that switch, they also "gave" each tenant who signed up for "their" service one of the static IP's from the Comcast account. Another company in the building was spamming, and thus Comcast blocked port 25 for all the IPs on the account.

I'd suggest you contact Comcast and have them help you. They may just turn it back on without asking allot of questions.

It could be a false positive, but I doubt it.

Something on your network / PC's is sending messages out at a high rate. It takes a good bit for that to be triggered.
--
Tech at the Beach.
I speak for myself, not my employer.

reply to lordie
I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... in which case, perhaps the letter is in error?

reply to supergeeky

reply to lordie
I've also seen the letter sent when the CM's Mac is spoofed somewhere else and they are spamming on port 25. The MAC comes up on 2 different cmts. I would swap that modem to be on the safe side.

reply to lordie
To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details:

»[Spam] Comcast reporting spam from my IP
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.

reply to supergeeky

reply to koitsu

Ok for the above poster - having a SMTP server behind a router restricted to a lan is an open relay. There's no authentication other than not being accessible to the outside. Still open to your lan, so it's still technically an open relay.

No traffic is incoming on port 25 (unless you have a relay, which is still technically all sent messages), that would violate standards and the RFC's. So if you are processing 3000 messages a day, you are sending a boat load of email that should not be coming from a residential connection.
--
Tech at the Beach.
I speak for myself, not my employer.

Having a public facing SMTP server is far different than one on a trusted network. Both are technically open relays, as you mention. (BTW, it wasn't behind a router - that's all part of sendmail config). Comcast used to allow (or maybe it was ATTBI) unauthenticated SMTP sessions that were simply allowed by IP, so at the time, having an open relay on a small trusted network was no biggie...

The second part of your message confuses me entirely. I do run my own relay, but the 3000 messages/day are incoming, which has nothing to do with "..technically all sent messages", RFCs, or "...sending a boat load of email". Incoming is incoming...It comes in on port 25, gets processed, and sits there. Beyond that, 3000 messages is nothing as far as BW is concerned.

In any case, the goal of my message was to point out a few other cases that may have not been considered for port 25 blocking. Comcast has traditionally been very tolerant of low bandwidth servers on residential connections, as evidenced by their lack of port blocking and scanning. The exception to this is port 25, which is an automated process for blocking. Obviously they still reserve the right to change their stance on enforcement at any time based on the AUP. They are far more concerned with bandwidth usage (server or not) on residential connections, as they should be...

I believe port 25 blocking is more about curbing spam more than bandwidth. 3000 messages is thousands of times more than a normal residential user will send on average.
--
Tech at the Beach.
I speak for myself, not my employer.

That's exactly what it's for...Again, the 3000 messages is received, not sent...

reply to beachintech
Poster says he is RECEIVING 3,000 messages per day, not sending them. I was receiving close to that on one Yahoo! account, due to receiving "bounces" to spam sent as "from" that Yahoo! email address; even though I was not the sender (the email address was forged by the spammer).
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

reply to n0xlf
It seems very obvious to me that an APC SmartUPS which sends self-test emails once a week (1 that the test started, then shortly after 1 that the test completed ok or not) was "way too much" email, such that it triggers the SMTP block on Comcast connections.

...this has happened to me at about 20+ customers...

As such, I prefer to follow the rule of thumb that you shouldn't rely on port 25 on Comcast for any reason, because they can/will shut it off on a whim :-/

My solution in these cases is to setup a local SMTP server that uses gmail as the smarthost, therefor mail goes out over the more reliable port 587 or 465

reply to n0xlf
Just because the binfile doesn't say pwboost or pb in the name doesn't mean it isn't configured with burst enabled. I can look at one of the tb25 bin files tomorrow and find out for sure if burst is enabled on it.