 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
 ·Comcast Business..
 ·Vonage
 ·Cingular Wireless
·Comcast
| reply to Demog
Re: Comcast decides to block port 25 IN and OUT with no notice. said by Demog :Boy if you have anything that will only work if port 25 is open, I'd scream at the OEM, not Comcast. Anything that needs port 25 is very old or was poorly designed/implemented.
I agree about the old or poorly designed/implemented statement. However, sometimes the OEM is Comcast, as in the Comcast branded Netgear WNR1000v2-VC which has custom Comcast firmware (and the firmware in the device below is the latest IPv6 firmware which was released after Comcast made the decision to block port 25 for residential accounts):
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | Will that router connect to an stunnel listening on a LAN host on port 25 which forwards to smtp.comcast.net on port 465? |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
| said by graysonf:Will that router connect to an stunnel listening on a LAN host on port 25 which forwards to smtp.comcast.net on port 465?
Actually, I run a local email server, but this particular router seems to only use the WAN port for email notification and for NTP sync (at least that is my recollection from when I was using it as only an access point with no WAN connection for a while...but that was also several firmware revs ago). Also, this particular router is currently on an isolated VLAN with no IP connectivity to my LAN (although I do have an administrative backdoor link that could be activated and left live if necessary). Fortunately, I have a business class account and port 25 is not blocked for me, so it still works (for now) using port 25 over the WAN interface.
Thanks for the reminder/tip though, if I suddenly find that my dynamic IP business class has port 25 blocked, I will give the LAN email server IP a try again (maybe the current firmware supports it).
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. |
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
·PHONE POWER
·Comcast
| reply to FBGuy
said by FBGuy:the server is not run on the business class connection. That alone says that you don't need business level service.
I have no idea what you're saying here. You aren't allowed to run any server on residential. Only an SMTP SERVER needs to send traffic on port 25. Therefore you need to be on business class to send traffic on port 25. QED
--
My place : »www.schettino.us |
|
KearnstdElf WizardPremium
join:2002-01-22
Mullica Hill, NJ | reply to pclover
Dont blame Comcast. Blame the millions of people too stupid to know that banner ad that says "Get a free iPad" is actually turning their computer into a bot.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| reply to FBGuy
said by FBGuy:wait a minute, they block the ability to connect to mail servers that are not even on their network via port 25? That is a standard smtp port. Comcast shouldn't be blocking it.
That is a standard "server-to-server" port. End users should be using the standard "user-to-server" port:
»tools.ietf.org/html/rfc6409
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
1 edit | reply to FBGuy
said by FBGuy:said by NormanS:OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose.
really? a business class connection just to test if port 25 is working? Yes, because port 25 is no longer a standard user port; hasn't really been since RFC 2476 was published in December, 1998.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 FBGuyPremium
join:2005-03-19
Evanston, IL
·Comcast
·T-Mobile US
| reply to JohnInSJ
said by JohnInSJ:said by FBGuy:the server is not run on the business class connection. That alone says that you don't need business level service.
I have no idea what you're saying here. I don't run a server on my connection, why can't I open a tcp connection to a remote server over port 25 without paying more money for the privilege to do so? I really don't care either way. Spammers will spam regardless of what Comcast does. |
|
AVonGaussPremium
join:2007-11-01
Boynton Beach, FL | Blocking outbound 25/tcp significantly lowers the amount of e-mail spam coming from an ISP. If you run a mail server, it's very easy to tell who is blocking and who is not blocking based on the spam mail attempts.
I probably already said this in this thread, but Comcast should have done this years ago. |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to FBGuy
Get a free shell account on »www.cjb.net
Connect anywhere you want to destination port TCP 25. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| reply to FBGuy
said by FBGuy:said by JohnInSJ:said by FBGuy:the server is not run on the business class connection. That alone says that you don't need business level service.
I have no idea what you're saying here. I don't run a server on my connection, why can't I open a tcp connection to a remote server over port 25 without paying more money for the privilege to do so? I really don't care either way. Spammers will spam regardless of what Comcast does. Port 25 communications is reserved for servers. That's why.
--
My place : »www.schettino.us |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| reply to FBGuy
said by FBGuy:Spammers will spam regardless of what Comcast does.
Prior to 2002, when SBC blocked customer access to port 25, SBC residential hosts were the most prevalent spam source IP addresses in my server logs. Subsequent to the blocking, SBC residential hosts dropped to near last. While spammers continued to spam, they were much less successful at using compromised SBC residential customer hosts.
FWIW, SBC led Comcast until the blocks. After the SBC blocks, SBC dropped behind Comcast as a spam source. From which I deduced that blocking port 25 reduced the amount of abuse coming from SBC.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
|
|
| reply to pclover
For what little its worth I just noticed all of my SMTP is being blocked as well.
I have had my comcast account for 9 years thus far never with any problems incoming or outgoing and now can't even telnet out to test a SMTP server. I shouldn't be forced to have to use comcasts mail infrastructure if I don't want to and I sure as heck aint going to give them any more money to get it back.
While SMTP email is getting to be increasingly useless it is a wake up call for me with aggregation in the ISP market service providers increasingly get to get away with doing whatever the heck they want without fear of serious reprisal... as if paying >$110/month for service wasn't already enough.
Sadly I find myself yearning for ISP common carrier status. I think they've earned it. |
|
| reply to Kearnstd
said by Kearnstd:Dont blame Comcast. Blame the millions of people too stupid to know that banner ad that says "Get a free iPad" is actually turning their computer into a bot.
I disagree with this characterization. Comcast has had systems in place to deal with this on a per-subscriber basis for quite some time now. The blanket blocking is new and orthogonal in my view. |
|
AVonGaussPremium
join:2007-11-01
Boynton Beach, FL | reply to dslcreature
Unless you're trying to run a mail server over your residential connection, you are not being forced to "use Comcast's mail infrastructure". If you want to use another e-mail provider, you simply need to use the submission port rather than the SMTP port to send messages through the mail provider of your choice.
If you are truly trying to test external SMTP server connectivity (which is not that common of a need), then you'll need to seek an alternate solution such as a VPS which can be had for $12 per year - or ultimately another ISP, though I would check first to make sure they haven't already blocked the port as well. |
|
| reply to AVonGauss
said by AVonGauss:To imply or claim that this is a DOJ, FCC or even a Net neutrality matter is absolutely absurd, and that's the polite version. Should the NetBIOS series of ports be unblocked just in case someone wants to be able to allow for easier file sharing even though it has a proven track record of abuse, like SMTP?
HTTP has a proven track record for abuse. Its a common attack vector for phishing attacks responsible for the compromise of millions of systems.
To answer your question heck yes they should. If a subscriber wants them unblocked they should have that opportunity.
said by AVonGauss:If you've chosen not to read information provided by your provider and have been caught off guard, who's fault is that really? Comcast should have done this 10 years ago, imho.
Nobody ever sent me anything. |
|
| reply to AVonGauss
said by AVonGauss:Unless you're trying to run a mail server over your residential connection, you are not being forced to "use Comcast's mail infrastructure".
Yea well I can't send to port 25... this sounds like force to me.
said by AVonGauss:If you want to use another e-mail provider, you simply need to use the submission port rather than the SMTP port to send messages through the mail provider of your choice.
Connection refused, any other ideas?
said by AVonGauss:If you are truly trying to test external SMTP server connectivity (which is not that common of a need), then you'll need to seek an alternate solution such as a VPS which can be had for $12 per year - or ultimately another ISP, though I would check first to make sure they haven't already blocked the port as well.
Yea let me get right on paying even more money just so I can have Internet access. NOT. |
|
AVonGaussPremium
join:2007-11-01
Boynton Beach, FL | Maybe you should check with your e-mail provider to see if they have instructions for how to connect to their service to submit mail? If you tell us who your mail provider is maybe one of us has direct experience with them and can help you with the reconfiguration of your e-mail client.
You can be nasty and come up with all sorts of conspiracy theories on this one, but Comcast has been one of the last holdouts on allowing SMTP sending by residential connections and that day is fast passing. I can't speak for Comcast, but I doubt there is any great business or financial incentive for this change, its probably just more about being a good "netizen" and lowering the amount of abuse complaints. |
|
NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro Reviews:
·Comcast Business..
·Vonage
·Cingular Wireless
·Comcast
2 edits | reply to dslcreature
said by dslcreature:said by AVonGauss:Unless you're trying to run a mail server over your residential connection, you are not being forced to "use Comcast's mail infrastructure".
Yea well I can't send to port 25... this sounds like force to me. That is a broken record response; not reality. You can use whatever port that any mail submission server supports except for port 25 (and any properly configured mail submission server should give you several choices of ports to use).
Here are several examples that use port 587 to reach non-Comcast mail submission servers:
webhost:/ # telnet smtp.att.yahoo.com 587
Trying 98.138.31.74...
Connected to smtp.att.yahoo.com.
Escape character is '^]'.
220 smtp106.sbc.mail.ne1.yahoo.com ESMTP
quit
221 Service Closing transmission
Connection closed by foreign host.
webhost:/ # telnet outbound.att.net 587
Trying 68.142.198.51...
Connected to outbound.att.net.
Escape character is '^]'.
220 smtp107.sbc.mail.mud.yahoo.com ESMTP
quit
221 Service Closing transmission
Connection closed by foreign host.
webhost:/ # telnet smtp.live.com 587
Trying 65.55.96.11...
Connected to smtp.live.com.
Escape character is '^]'.
220 BLU0-SMTP459.phx.gbl Microsoft ESMTP MAIL Service, Version: 6.0.3790.4675 ready at Sun, 17 Mar 2013 19:39:55 -0700
quit
221 2.0.0 BLU0-SMTP459.phx.gbl Service closing transmission channel
Connection closed by foreign host.
said by dslcreature:said by AVonGauss:If you want to use another e-mail provider, you simply need to use the submission port rather than the SMTP port to send messages through the mail provider of your choice.
Connection refused, any other ideas? How about checking with your mail submission server's admin to find out how to properly use their service? And FWIW, "Connection refused" is an authentication response, not a connectiblity response; either you are trying to use a mail submission server where you don't have a valid account, or you are not properly authenticating to that server.
I would have no problems (and in fact don't have any problems) sending email through the email servers shown in the above example; but I do have to properly authenticate with those servers in order to do so.
said by dslcreature:said by AVonGauss:If you are truly trying to test external SMTP server connectivity (which is not that common of a need), then you'll need to seek an alternate solution such as a VPS which can be had for $12 per year - or ultimately another ISP, though I would check first to make sure they haven't already blocked the port as well.
Yea let me get right on paying even more money just so I can have Internet access. NOT. It seems to me that you currently do have Internet access. Not being allowed to use port 25 is the normal situation for residential Internet accounts with most ISPs; Comcast is just finally joining with the rest of the industry.
Life happens; get on with yours.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. |
|
| reply to AVonGauss
said by AVonGauss:You can be nasty and come up with all sorts of conspiracy theories on this one, but Comcast has been one of the last holdouts on allowing SMTP sending by residential connections and that day is fast passing.
Excuse me? Nasty? Conspiracy theories? |
|
