dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
132

jap
Premium Member
join:2003-08-10
038xx

1 edit

jap to NetFixer

Premium Member

to NetFixer

Re: Comcast decides to block port 25 IN and OUT with no notice.

said by NetFixer:

You are confusing SMTP with Mail Submission...

Thank you for the explanation. It makes sense: submit to SMTP server on port xxx (commonly 25, 26, or 587) but SMTP serves into formal mail system always on 25.

Now if in 1990 we had made it globally legal to publicly execute spammers and the CEOs of the corps they worked for we would have saved billion$, countless hours of hell, and all just email each other directly. Ah well.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList to graysonf

Premium Member

to graysonf
wait a minute, they block the ability to connect to mail servers that are not even on their network via port 25? That is a standard smtp port. Comcast shouldn't be blocking it.
ArrayList

ArrayList to NormanS

Premium Member

to NormanS
said by NormanS:

OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose.

really? a business class connection just to test if port 25 is working?

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf to ArrayList

MVM

to ArrayList
They do for residential service because it eliminates the ability to do direct MX, which is the method compromised machines use to send large volumes of spam.

Most ISPs do this on residential service.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList

Premium Member

most residential ip blocks are blacklisted from even exchanging mail with mail servers. I'm on business class right now. The IP address that I have now, I also had on residential. Port 25 has never been blocked for me to non-comcast email servers. Maybe I slipped through the cracks or something, but it is what it is.

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Not all mail servers block connections from residential IPs. If they all did, there wouldn't be a spam bot problem.

I can still get out on port 25 on residential service. But I imagine if I put it to real use it would wind up being blocked.

I'm pretty sure they will get around to blocking every residential account eventually. It's only a matter of time.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to ArrayList

MVM

to ArrayList
said by ArrayList:

most residential ip blocks are blacklisted from even exchanging mail with mail servers.

That is far from true. The only residential IP address blocks in lists are those preemptively blocked because the IP address block owner requested the listing, or they were reactively blocked for hitting spamtraps. The rest are not blocked.

I'm on business class right now. The IP address that I have now, I also had on residential. Port 25 has never been blocked for me to non-comcast email servers. Maybe I slipped through the cracks or something, but it is what it is.

When SBC announced port 25 blocking in October, 2002 (I still have that email announcement), it took them until March, 2003, to block my account profile.

The Comcast announcement seems to be fairly recent; give them a little time.

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to ArrayList

Premium Member

to ArrayList
said by ArrayList:

said by NormanS:

OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose.

really? a business class connection just to test if port 25 is working?

Why does a residential user need to "test if port 25 is working" on a server they don't run?
JohnInSJ

JohnInSJ to ArrayList

Premium Member

to ArrayList
said by ArrayList:

wait a minute, they block the ability to connect to mail servers that are not even on their network via port 25? That is a standard smtp port. Comcast shouldn't be blocking it.

That is the standard for SMTP server to server communication. Users should submit mail on port 587. A residential user does not lose any functionality.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList to JohnInSJ

Premium Member

to JohnInSJ
the server is not run on the business class connection. That alone says that you don't need business level service.
ArrayList

ArrayList to NormanS

Premium Member

to NormanS
said by NormanS:

The Comcast announcement seems to be fairly recent; give them a little time.

fair enough

Demog
@cebridge.net

Demog

Anon

Boy if you have anything that will only work if port 25 is open, I'd scream at the OEM, not Comcast. Anything that needs port 25 is very old or was poorly designed/implemented.

Comcast was late to this game, ISPs have been blocking port 25 for years to protect their network which I appreciate.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by Demog :

Boy if you have anything that will only work if port 25 is open, I'd scream at the OEM, not Comcast. Anything that needs port 25 is very old or was poorly designed/implemented.

I agree about the old or poorly designed/implemented statement. However, sometimes the OEM is Comcast, as in the Comcast branded Netgear WNR1000v2-VC which has custom Comcast firmware (and the firmware in the device below is the latest IPv6 firmware which was released after Comcast made the decision to block port 25 for residential accounts):



graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

graysonf

MVM

Will that router connect to an stunnel listening on a LAN host on port 25 which forwards to smtp.comcast.net on port 465?

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by graysonf:

Will that router connect to an stunnel listening on a LAN host on port 25 which forwards to smtp.comcast.net on port 465?

Actually, I run a local email server, but this particular router seems to only use the WAN port for email notification and for NTP sync (at least that is my recollection from when I was using it as only an access point with no WAN connection for a while...but that was also several firmware revs ago). Also, this particular router is currently on an isolated VLAN with no IP connectivity to my LAN (although I do have an administrative backdoor link that could be activated and left live if necessary). Fortunately, I have a business class account and port 25 is not blocked for me, so it still works (for now) using port 25 over the WAN interface.

Thanks for the reminder/tip though, if I suddenly find that my dynamic IP business class has port 25 blocked, I will give the LAN email server IP a try again (maybe the current firmware supports it).

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

JohnInSJ to ArrayList

Premium Member

to ArrayList
said by ArrayList:

the server is not run on the business class connection. That alone says that you don't need business level service.

I have no idea what you're saying here. You aren't allowed to run any server on residential. Only an SMTP SERVER needs to send traffic on port 25. Therefore you need to be on business class to send traffic on port 25. QED

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to ArrayList

MVM

to ArrayList
said by ArrayList:

wait a minute, they block the ability to connect to mail servers that are not even on their network via port 25? That is a standard smtp port. Comcast shouldn't be blocking it.

That is a standard "server-to-server" port. End users should be using the standard "user-to-server" port:

»tools.ietf.org/html/rfc6409
NormanS

1 edit

NormanS to ArrayList

MVM

to ArrayList
said by ArrayList:

said by NormanS:

OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose.

really? a business class connection just to test if port 25 is working?

Yes, because port 25 is no longer a standard user port; hasn't really been since RFC 2476 was published in December, 1998.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList to JohnInSJ

Premium Member

to JohnInSJ
said by JohnInSJ:

said by ArrayList:

the server is not run on the business class connection. That alone says that you don't need business level service.

I have no idea what you're saying here.

I don't run a server on my connection, why can't I open a tcp connection to a remote server over port 25 without paying more money for the privilege to do so? I really don't care either way. Spammers will spam regardless of what Comcast does.
AVonGauss
Premium Member
join:2007-11-01
Boynton Beach, FL

AVonGauss

Premium Member

Blocking outbound 25/tcp significantly lowers the amount of e-mail spam coming from an ISP. If you run a mail server, it's very easy to tell who is blocking and who is not blocking based on the spam mail attempts.

I probably already said this in this thread, but Comcast should have done this years ago.

graysonf
MVM
join:1999-07-16
Fort Lauderdale, FL

1 recommendation

graysonf to ArrayList

MVM

to ArrayList
Get a free shell account on »www.cjb.net

Connect anywhere you want to destination port TCP 25.

JohnInSJ
Premium Member
join:2003-09-22
Aptos, CA

1 recommendation

JohnInSJ to ArrayList

Premium Member

to ArrayList
said by ArrayList:

said by JohnInSJ:

said by ArrayList:

the server is not run on the business class connection. That alone says that you don't need business level service.

I have no idea what you're saying here.

I don't run a server on my connection, why can't I open a tcp connection to a remote server over port 25 without paying more money for the privilege to do so? I really don't care either way. Spammers will spam regardless of what Comcast does.

Port 25 communications is reserved for servers. That's why.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to ArrayList

MVM

to ArrayList
said by ArrayList:

Spammers will spam regardless of what Comcast does.

Prior to 2002, when SBC blocked customer access to port 25, SBC residential hosts were the most prevalent spam source IP addresses in my server logs. Subsequent to the blocking, SBC residential hosts dropped to near last. While spammers continued to spam, they were much less successful at using compromised SBC residential customer hosts.

FWIW, SBC led Comcast until the blocks. After the SBC blocks, SBC dropped behind Comcast as a spam source. From which I deduced that blocking port 25 reduced the amount of abuse coming from SBC.