| reply to pclover
Re: Comcast decides to block port 25 IN and OUT with no notice. It appears around 5:30PM yesterday my inbound SMTP was blocked. Coincidently this appears to be around the time I rebooted my Cable modem. Inbound SMTP is still open through IPv6. |
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| said by dwhayden:It appears around 5:30PM yesterday my inbound SMTP was blocked. Coincidently this appears to be around the time I rebooted my Cable modem. Inbound SMTP is still open through IPv6.
Yep, you will find security holes like that everywhere now that IPv6 is starting to be implemented by people who haven't taken into account that IPv6 requires its own separate firewall rules. At this point in time, IPv6 is possibly the hacker's best friend (although of course Adobe, Microsoft, and Oracle are still on their holiday card list).
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. |
|
| reply to pclover
They took 10 years to block that port? Since almost all users *never* use that port, it only makes sense to block that port. Yes, I've worked abuse for a very large ISP |
|
|
|
| reply to dwhayden
Oddly enough, that's exactly what happened to me - the lure of faster speeds in an email prompted me to reboot my modem, then the sudden discovery I'd been screwed. |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| said by mrpeach :Oddly enough, that's exactly what happened to me - the lure of faster speeds in an email prompted me to reboot my modem, then the sudden discovery I'd been screwed.
I have not used port 25 for message submission in the last ten years. It is nice to have for running a mail server; but Comcast does permit that on residential accounts.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
| reply to pclover
Don't know about "no notice" as I received several snail mails about this. I do have a reason to want 25 open as my Netgear router sends logs over port 25 and there is no way to change the port number! I guess the only solution is to use a VPN but I don't see that the cost is justified (I'm cheap). |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by TheBigCheese:Don't know about "no notice" as I received several snail mails about this. I do have a reason to want 25 open as my Netgear router sends logs over port 25 and there is no way to change the port number! I guess the only solution is to use a VPN but I don't see that the cost is justified (I'm cheap).
If you have Windows [XP|Vista|7] Professional, then you have IIS, which includes a mail server. So set up IIS, and point your Netgear to 127.0.0.1:25. IIS SMTP will relay (so be certain to secure it against unauthorized access), and it can be configured to use any TCP port to send. So configure the server to use port 465 of whichever e-mail service you use.
And if you don't have the Professional version of Windows, there are free SMTP server applications which will run as a service, and do the same thing.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | Using 127.0.0.1 (or any other loopback address) merely points to the Netgear itself.
And you can not reach a loopback address on another device because these addresses are non-routable.
Stunnel is probably the lightest application that would work just fine. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by graysonf:Using 127.0.0.1 (or any other loopback address) merely points to the Netgear itself.
And you can not reach a loopback address on another device because these addresses are non-routable.
Of course; my bad. Assuming IIS is running on a computer at 192.168.1.2, then pointing the Netgear at 192.168.1.2:25 should work.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
| reply to NormanS
said by NormanS:I have not used port 25 for message submission in the last ten years. It is nice to have for running a mail server; but Comcast does permit that on residential accounts. Same here. I haven't used port 25 for direct outbound SMTP in over 10 years as most mail providers rejected it from Residential IP blocks even 10 years ago. As a precaution I've always blocked 25 outbound from my firewall with logging to catch potential SPAM bots.
I've been expecting Comcast for years to completely block 25, so I was prepared to implement the workaround pretty quick. Nothing lost, but just wish I noticed it earlier in they day.  |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| reply to NormanS
said by NormanS:said by graysonf:Using 127.0.0.1 (or any other loopback address) merely points to the Netgear itself.
And you can not reach a loopback address on another device because these addresses are non-routable.
Of course; my bad. Assuming IIS is running on a computer at 192.168.1.2, then pointing the Netgear at 192.168.1.2:25 should work. I don't know about the specific Netgear router being discussed, but I have on numerous occasions run into consumer/residential grade routers that would only do SMTP for emailing logs and/or NTP for time sync over the WAN interface. In that case the router would also be unable to send its log to a local mail server on 192.168.1.2.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. |
|
| reply to NormanS
Yes, it is fair to say "without notice"
In case you missed the great book "hitchhiker's guide to the galaxy" posting notice where nobody can see it or would look...isn't notice at all. I don't read Comcast emails, I read my own emails that I use with my company. However, Comcast has been interfering with our ports for years now and yes, they cut them off entirely without proper notice.
The answer is simple: DOJ Anti-Trust division and FCC need to hear how this affects you, not just that it happens.
For year, net neutrality was discussed in the context of programming, but net vets like me were and should have been pointing out the Port Controls.
If Comcast wants to keep me from "spamming" via Comcast, that's their business. But to keep me from legit mailing via my own server out of their control issues...its wrong. |
|
AVonGaussPremium
join:2007-11-01
Boynton Beach, FL | said by CSampson :The answer is simple: DOJ Anti-Trust division and FCC need to hear how this affects you, not just that it happens.
For year, net neutrality was discussed in the context of programming, but net vets like me were and should have been pointing out the Port Controls. To imply or claim that this is a DOJ, FCC or even a Net neutrality matter is absolutely absurd, and that's the polite version. Should the NetBIOS series of ports be unblocked just in case someone wants to be able to allow for easier file sharing even though it has a proven track record of abuse, like SMTP?
If you've chosen not to read information provided by your provider and have been caught off guard, who's fault is that really? Comcast should have done this 10 years ago, imho. |
|
| reply to a nun
"Since almost all users *never* use that port, it only makes sense to block that port. Yes, I've worked abuse for a very large ISP"
So what? If we use our own ports on our own servers and don't spam, the ISP should stay out of the way, not play firewall nanny. |
|
 56885201Ain't Nothin' But A Hound DawgPremium
join:2005-05-01
Dawg House | reply to CSampson
said by CSampson :Yes, it is fair to say "without notice"
In case you missed the great book "hitchhiker's guide to the galaxy" posting notice where nobody can see it or would look...isn't notice at all. I don't read Comcast emails, I read my own emails that I use with my company. However, Comcast has been interfering with our ports for years now and yes, they cut them off entirely without proper notice.
The answer is simple: DOJ Anti-Trust division and FCC need to hear how this affects you, not just that it happens.
For year, net neutrality was discussed in the context of programming, but net vets like me were and should have been pointing out the Port Controls.
If Comcast wants to keep me from "spamming" via Comcast, that's their business. But to keep me from legit mailing via my own server out of their control issues...its wrong.
I think it is fair to say that because you deliberately do not read the emails that your ISP sends to you to notify you of changes to your account/service, you deserve to get whatever "surprises" may come your way.
I have seen this lame "I don't read email from my ISP" excuse more times than I can count. Besides the email that was sent to every customer, Comcast put this information on-line in their help/support pages. Exactly how do you think your ISP is supposed to notify you of account and service changes?
If your own email server is hosted somewhere, you should configure it to allow authenticated mail submission using something other than port 25. If you are running an email server on a Comcast residential account, you should configure it to use Comcast's SMTP server as a smarthost (and of course use port 587 (or port 465 with SSL) for outbound email. For inbound email, you will have to point your MX records to an offsite store and forward service. FWIW, I use the Comcast Business Class SMTP server as a smarthost, and I set my MX records to point to Comcast's hosted Exchange server, and my in-house email server simply polls and downloads the email to the local inboxes. I used to do the same thing with AT&T when they were my ISP, and with Covad before that.
What Comcast is doing for port 25 for residential accounts is what most responsible ISPs have been doing for years. Good luck with your complaint to the FCC and DOJ. 
--
Some days you're the dog; some days you're the hydrant. |
|
 BachI'll Be BachPremium
join:2002-02-16
Flint, MI
·Comcast
| reply to TheBigCheese
Re: Comcast decides to block port 25 IN and OUT with no notice. said by TheBigCheese:Don't know about "no notice" as I received several snail mails about this. I do have a reason to want 25 open as my Netgear router sends logs over port 25 and there is no way to change the port number! I guess the only solution is to use a VPN but I don't see that the cost is justified (I'm cheap).
I likewise had my Netgear WNR3500L router configured to email its logs so I could review/archive them. The port cannot be configured. Comcast never notified of any port 25 activity. The emails from the router stopped at the end of February and the router's log now says it cannot connect to the email server. No big deal I guess, I'll just collect the log data manually. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| reply to CSampson
said by CSampson :Yes, it is fair to say "without notice"
In case you missed the great book "hitchhiker's guide to the galaxy" posting notice where nobody can see it or would look...isn't notice at all. I don't read Comcast emails ...
Why not? Isn't that the logical place to send notices to customers?
I read my own emails that I use with my company. However, Comcast has been interfering with our ports for years now and yes, they cut them off entirely without proper notice.
For year, net neutrality was discussed in the context of programming, but net vets like me were and should have been pointing out the Port Controls.
If Comcast wants to keep me from "spamming" via Comcast, that's their business. But to keep me from legit mailing via my own server out of their control issues...its wrong.
The latest Message Submission RFC is RFC 6409:
»tools.ietf.org/html/rfc6409
Previous RFCs, RFC 2476 and RFC 4409 were not as adamant about the separation of Message Submission from Message Transfer.
Now I will await an explanation of how compliance with published RFCs violates "Net Neutrality".
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
1 edit | reply to 56885201
"I think it is fair to say that because you deliberately do not read the emails that your ISP sends to you to notify you of changes to your account/service, you deserve to get whatever "surprises" may come your way."
Deliberately,
NO...I will correct your pathetic take real quick:
COMCAST TOOK OVER OUR MARKET
I DID NOT SIGN UP FOR COMCAST. I NEVER ASKED FOR AN EMAIL. I HAVE USED THE SAME EMAIL FOR 15 YEARS.
Comcast has that email and sends me my bills every month.
They never sent this notice to my email...They sent it to an internal email they gave me. "deliberate" means to think about...I do not "deliberate" about reading an email someone gives me that I do not need.
They have my email, they send notifications about service, appointments and bills. They sent no notification of a permanent Port 25 Block. They have instituted their system for the past few years and starting Mar 2, they cut it off entirely without NOTICE.
I run an internet company. I don't arbitrarily give my clients emails they don't know about, don't ask for, then demand they check them for my needs. I use their emails for notification, as do 100% of the companies I use, including Comcast.
Comcast has my regular email and they did not send notice. |
|
56885201Ain't Nothin' But A Hound DawgPremium
join:2005-05-01
Dawg House | I won't bother to respond to your additional rant about not wanting to read your Comcast email (because you obviously did not do it, and are not going to do it, and will not even consider that if you had done it, you would not have been taken by surprise).
However, I will take one very short sentence from your most recent rant as another example of how your current situation could have been avoided entirely.
said by CSampson :I run an internet company.
If you are using a Comcast residential account for running a business related email server, you could have easily avoided this problem by simply getting a Comcast Business Class account instead of using a residential account.
Sometimes the simple solutions that are right under your nose are the hardest to see (especially when you don't want to see a particular solution).
--
Some days you're the dog; some days you're the hydrant. |
|
