dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1105
share rss forum feed


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..

SMTP Servers?

Hey guys, I think I remember reading that Port 25 is the only port TSI actively blocks all traffic too, and that of course if the default outgoing SMTP email server port. I understand why they want to block it, but I still think its overkill and unnecessary as I doubt spammers will be using residential connections anytime soon when they have such easy access to "real" servers and their networks.

Anyway, my question is if someone wanted to setup a test email server at home I'm thinking they'd have 2 options to deal with the port 25 block....Either use TSI's SMTP servers for outbound mail or the Google's. Which would be better, why, and are there other free options? I don't want to change the default port however....
--
www.613websites.com Budget Canadian Web Design and Hosting

34764170

join:2007-09-06
Etobicoke, ON
said by d4m1r:

Hey guys, I think I remember reading that Port 25 is the only port TSI actively blocks all traffic too, and that of course if the default outgoing SMTP email server port. I understand why they want to block it, but I still think its overkill and unnecessary as I doubt spammers will be using residential connections anytime soon when they have such easy access to "real" servers and their networks.

Anyway, my question is if someone wanted to setup a test email server at home I'm thinking they'd have 2 options to deal with the port 25 block....Either use TSI's SMTP servers for outbound mail or the Google's. Which would be better, why, and are there other free options? I don't want to change the default port however....

It is not overkill at all and using all those Windows zombie systems is still quite common for spammers originating from ISPs that still don't have a sane policy for dynamic IP netblocks.


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..
reply to d4m1r
Again, yes it's a possibility but becoming less and less likely...What % of spam is currently sent from a residential connection? I've got loads of spam IPs or check any online spam DB, it's like nothing practically (1%?).

So ideal, TSI wouldn't block ANY ports but since they do block port 25, my original question remains....What is a better overall option, use TSI's SMTP servers, Google's, or any other free/simple options?
--
www.613websites.com Budget Canadian Web Design and Hosting

henry128

join:2010-09-03
Mississauga, ON
kudos:1
A random sample of spam I've received in the last few days: 16 of 26 came from ISP-like addresses: ~60%. Most of these weren't from this continent, probably because ISPs around here tend to block port 25 by default.

One non-free option I'm using is to pay for a static IP. Teksavvy doesn't block port 25, at least for me.


squircle

join:2009-06-23
Oakville, ON
reply to d4m1r
In my archive of around 2 million spam messages, 77% (±2%) have originated from dynamic, ISP-assigned IP addresses (nothing close to "nothing practically"). Most customer-facing email servers I've run into accept mail on the submission port (587), including Google's and Microsoft's. If you have a static IP, the port restriction is lifted, so if you want to run a mailserver that's a-ok.

(edit: typo'd)


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..
reply to henry128
said by henry128:

One non-free option I'm using is to pay for a static IP. Teksavvy doesn't block port 25, at least for me.

TSI doesn't offer static IPs on the Rogers cable network because Rogers don't.

Anyway, between Google's SMTP servers and TSI's....Votes either way?
--
www.613websites.com Budget Canadian Web Design and Hosting

mlord

join:2006-11-05
Nepean, ON
kudos:13
Reviews:
·Start Communicat..
reply to d4m1r
This isn't as big a deal as it first sounds. Inbound port 25 still works fine (not blocked), so you can run a mail server if you're willing to violate Teksavvy's published Terms of Service (which expressly forbid servers).

For outbound email, just have your local server forward to the teksavvy server as the first hop. Works well enough.

-ml

34764170

join:2007-09-06
Etobicoke, ON
reply to squircle
said by squircle:

In my archive of around 2 million spam messages, 77% (±2%) have originated from dynamic, ISP-assigned IP addresses (nothing close to "nothing practically").

Obviously this can vary from server to server for a number of reasons but this is what I was expecting.

said by squircle:

Most customer-facing email servers I've run into accept mail on the submission port (587), including Google's and Microsoft's.

As any properly configured and administered mail server should be, it has only been a standard for over a decade.


sbrook
Premium,Mod
join:2001-12-14
Ottawa
kudos:13
Tell that to some Canadian ISPs ... I left one for precisely this reason. They would not open port 587, telling me to get Rogers to lift the block. Yeah, right.

34764170

join:2007-09-06
Etobicoke, ON
said by sbrook:

Tell that to some Canadian ISPs ... I left one for precisely this reason. They would not open port 587, telling me to get Rogers to lift the block. Yeah, right.

Some ISPs mail server setups are a joke and they don't know what they're doing. I'm not impressed with TSIs mail server setup either. But that is also why I said properly.

vikingisson

join:2010-01-22
Mississauga, ON
reply to d4m1r
If you can run a server better than TSI then send a message to them requesting that SMTP be unblocked. It's up to you to protect yourself but I did it years ago. A simpler solution vs speculating.


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..
said by vikingisson:

If you can run a server better than TSI then send a message to them requesting that SMTP be unblocked. It's up to you to protect yourself but I did it years ago. A simpler solution vs speculating.

It would be cool if they could lift the block on more advanced users that are knowledge enough to secure their environments but even if they wanted to do that, I doubt they could (at least for cable subscribers) because of the lack of static IPs.

Anyway, back on topic....I have decided to use Google's services instead of TSI's to route my mail servers outbound mail, but I may change my mind in the future.
--
www.613websites.com Budget Canadian Web Design and Hosting

vikingisson

join:2010-01-22
Mississauga, ON
It is on topic, just ask to remove the block. It's already cool...

34764170

join:2007-09-06
Etobicoke, ON
said by vikingisson:

It is on topic, just ask to remove the block. It's already cool...

I don't see how they could do that for cable. It is pretty simple to do for DSL.

vikingisson

join:2010-01-22
Mississauga, ON
said by 34764170:

said by vikingisson:

It is on topic, just ask to remove the block. It's already cool...

I don't see how they could do that for cable. It is pretty simple to do for DSL.

What would be the problem? They just remove the block

34764170

join:2007-09-06
Etobicoke, ON
said by vikingisson:

What would be the problem? They just remove the block

How do they know who is who once your traffic reaches their network?
I don't know exactly what point in their network they're blocking the traffic but in theory even for a dynamic IP user it is easy enough with DSL since you login via PPPoE and can have access list rules setup based on the RADIUS db on a per user basis. With cable that isn't possible.


sbrook
Premium,Mod
join:2001-12-14
Ottawa
kudos:13
Reviews:
·TekSavvy Cable
·WIND Mobile
Rogers block at the CMTS router ... i.e. they don't forward request on port 25 onward from the CMTS router for any destination but the Rogers Yahoo! outbound mail SMTP servers. They can't do it selectively because they would need to do it on IP address and that information isn't available in a timely manner at the CMTS router and because Rogers cannot allocate static IPs with their system (they haven't worked out a viable way to do it since their network is so dynamic), there's no way to do it.

MrMazda86

join:2013-01-29
Kitchener, ON
reply to d4m1r
There is a workaround for this port block that I've found to be quite effective. Unfortunately, it is not completely free, but I find it to be worth the $20/year. If you wish to run your own mail server, you will want to set it up as a secured proxy, listening on port 587. Regardless of whether you have a static IP or not, you are not restricted from inbound or outbound use of this port.

The technical aspect behind this is that Teksavvy does NOT block incoming connections (from the internet to you) on port 25. They only block connections on port 25 that come from your computer to the internet. This is because port 25 is used for Domain MX relay, which is how emails to a domain such as teksavvy.com are delivered.

From here, you can purchase a mail relay service such as Dyn's Standard SMTP service for $20 a year and configure your SMTP proxy to then forward the message to the mailhop server using port 10025 (which is also not blocked). In the end, all your end users see is a mail service that works, and it's not a huge expense to your wallet. Don't get me wrong, I too do not like the concept of having this type of system in one regard because it means a little extra money, but at the same time as a network security guru who hates SPAM, I totally agree with the restriction of this port.

This solution does work both on cable and on DSL. I hope you find this useful.


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..
Or I could just use TSI's outgoing SMTP servers and have them carrying out the message for me

Google apps offers the same functionality, for free.
--
www.613websites.com Budget Canadian Web Design and Hosting

34764170

join:2007-09-06
Etobicoke, ON
said by d4m1r:

Or I could just use TSI's outgoing SMTP servers and have them carrying out the message for me

Google apps offers the same functionality, for free.

The only gotcha to keep in mind is TSI has a limit of 500 e-mail per day. AFAIK Google has a limit as well. That might be fine for your scenario but just something to keep in mind.

MrMazda86

join:2013-01-29
Kitchener, ON
reply to d4m1r
Yes. I don't know about Teksavvy's SMTP servers, but when I was unfortunately with Bell (long story there) and from my experience with Google, the recipient on the receiving end of the email would see something like "John Smith on behalf of John Smith " instead of "John Smith ". As a general rule, a lot of SPAM filters will catch this as being suspicious, including Microsoft (including Bell, Hotmail, Live, Sympatico, MSN, etc), Rogers, Google, AOHell (formerly AOL *lol*).

Perhaps Teksavvy can shed some light on this? If Teksavvy's SMTP servers do not force this to show up on the receiver's side, I will officially have yet another reason for absolutely loving their service. Also, just for informational purposes, does Teksavvy have a limit on the maximum number of daily email relays that can be used? I know a lot of providers including Rogers, and Dyn Standard have a limit of 150 relays per day, so I'm just wondering if Teksavvy imposes caps on the daily usage as a SPAM prevention policy like the rest of the providers.


squircle

join:2009-06-23
Oakville, ON
To avoid the "on behalf of", you just have to tell GMail/Google Apps to use Teksavvy's SMTP server to relay mail that should appear as though it's coming from @teksavvy.com (or whatever). See this Google blog post for more information: »gmailblog.blogspot.ca/2009/07/se···out.html