| reply to pclover
Re: Comcast decides to block port 25 IN and OUT with no notice. I believe port 25 has been published on their list of blocked ports at »customer.comcast.com/help-and-su···d-ports/
A quick search reveals a blog post about it from August 1st, 2012 on their blog »corporate.comcast.com/comcast-vo···-port-25 The post mentions a slow phase in of the block which probably explains why you're noticing it months after the fact.
From the first link it seems you just need to use one of the alternate SMTP ports. Hope that helps some... |
|
|
|
 pclover
join:2008-08-02
Santa Cruz, CA
 ·Comcast
1 edit | said by claydowns:I believe port 25 has been published on their list of blocked ports at »customer.comcast.com/help-and-su···d-ports/
A quick search reveals a blog post about it from August 1st, 2012 on their blog »corporate.comcast.com/comcast-vo···-port-25 The post mentions a slow phase in of the block which probably explains why you're noticing it months after the fact.
From the first link it seems you just need to use one of the alternate SMTP ports. Hope that helps some...
Thanks for that. I guess Comcast is going to fully block port 25. I thought before they were going to allow it to be open and then block it if they got an abuse complaint.
I am using 587 and the problem is solved.
EDIT: I am going to contact the Customer Security Assurance and see if I can get it removed. I need port 25 as I do Remote IT. |
|
Reviews:
·Comcast
| Not quite sure what you do in "remote IT" ( ) that requires port 25, but as soon as you tell Comcast that they will come right back and either say a.) tough cookies, or b.) get a business class connection. |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by Oedipus:Not quite sure what you do in "remote IT" () that requires port 25, but as soon as you tell Comcast that they will come right back and either say a.) tough cookies, or b.) get a business class connection.
That blog post says "Upon request to our Customer Security Assurance team this block can be removed, enabling access to use port 25 for other email domains"
I need port 25 open to test to make sure the mail servers will accept a connection on it via telnet. If all servers blocked port 25 email would cease to function. |
|
AVonGaussPremium
join:2007-11-01
Boynton Beach, FL | No, but it is very common for ISPs to require their subscribers to go through their own mail servers or use an alternate port that typically requires authentication to contact remote SMTP servers. This really isn't something new.
As was already mentioned, a business connection from Comcast does not have this restriction or a remote intermediary host or VPS can be used to perform the required tests. |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by AVonGauss:No, but it is very common for ISPs to require their subscribers to go through their own mail servers or use an alternate port that typically requires authentication to contact remote SMTP servers. This really isn't something new.
As was already mentioned, a business connection from Comcast does not have this restriction or a remote intermediary host or VPS can be used to perform the required tests.
I can do that. I am going to contact them and see what they say tomorrow. It says in the blog post that they will but we will see. |
|
 jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to pclover
said by pclover:I am using 587 and the problem is solved.
EDIT: I am going to contact the Customer Security Assurance and see if I can get it removed. I need port 25 as I do Remote IT. If you switched to 587 and it works, why do you need to move back to port 25?
--
JL
Comcast |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | It's not a matter of not being able to connect to Comcast mail servers on port 25. It's that this policy makes it impossible to connect to any other mail server on port 25. Some people do have a legitimate need to do this. |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by graysonf:It's not a matter of not being able to connect to Comcast mail servers on port 25. It's that this policy makes it impossible to connect to any other mail server on port 25. Some people do have a legitimate need to do this.
They do like me but it's a very small percent. They said that they they will try and have the block removed but cannot guarantee that it will not be blocked again.
I think I am going to look into a business account. |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | Another option would be to obtain a shell account, perhaps a freebie, on another network that does not block outbound port 25. |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by graysonf:Another option would be to obtain a shell account, perhaps a freebie, on another network that does not block outbound port 25.
I could do that. However, The VPS idea inside of the network wouldn't let me make sure it can be accessed outside of the network.
All email to email server communicates over port 25 AFIK for SMTP. |
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
 ·PHONE POWER
·Comcast
| said by pclover:All email to email server communicates over port 25 AFIK for SMTP.
And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked.
--
My place : »www.schettino.us |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by JohnInSJ:said by pclover:All email to email server communicates over port 25 AFIK for SMTP.
And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked. Why is it assumed that I am running a server? I need to to test to make sure an email server is working correctly! |
|
biomeshPremium
join:2006-07-08
Tomball, TX | I don't see how running smtp tests from a residential connection are truly valid tests. What if the SMTP server had its own firewall or blacklist enabled for some of comcast's ip ranges. You should really be doing these tests from a datacenter level connection. |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | said by biomesh:I don't see how running smtp tests from a residential connection are truly valid tests. What if the SMTP server had its own firewall or blacklist enabled for some of comcast's ip ranges. You should really be doing these tests from a datacenter level connection.
One who is testing against such an SMTP server for legitimate reasons would be aware of those potential problems. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| reply to pclover
said by pclover:said by JohnInSJ:said by pclover:All email to email server communicates over port 25 AFIK for SMTP.
And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked. Why is it assumed that I am running a server? I need to to test to make sure an email server is working correctly! You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server?
--
My place : »www.schettino.us |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server?
Why do you think testing will result in failure? Here is a test (from a residential connection, no less):
C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
Does that qualify as a failure?
FWIW, the source IP address is not in a DUL. The generic form of the rDNS is: 173-228-7-21x.dsl.static.sonic.net, which Sonic.net will not submit to any DUL for obvious reasons. But my specific IP address will respond with, 'mxa.mydomain.tld'.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by NormanS:said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server?
Why do you think testing will result in failure? Here is a test (from a residential connection, no less): C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
Does that qualify as a failure? FWIW, the source IP address is not in a DUL. The generic form of the rDNS is: 173-228-7-21x.dsl.static.sonic.net, which Sonic.net will not submit to any DUL for obvious reasons. But my specific IP address will respond with, 'mxa.mydomain.tld'. This points out that mail.comcast.net is responding to port 25.
This is what I need!
I need to verify on new servers that Port 25 can be accessed outside of the local network.
Does me no good to use an alternate port as email servers communicate with other emails servers over port 25 and if that's not working SMTP will fail and the mail queue will start building.
I was quoted around 94$ a month for business phone and internet. Free install with 2 year agreement. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| reply to NormanS
said by NormanS:Does that qualify as a failure?
Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on.
And you not being able to reach an email server is (clearly) no indication of the health of the server. Why do you feel the need to do this from a residential account?
--
My place : »www.schettino.us |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by JohnInSJ:said by NormanS:Does that qualify as a failure?
Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on. And you not being able to reach an email server is (clearly) no indication of the health of the server. Why do you feel the need to do this from a residential account? To test for firewall rules etc.
Yes, Some servers WILL do that however you do have to abuse it.
Also this thread is getting pointless. No more replies are needed. |
|
