 jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | reply to pclover
Re: Comcast decides to block port 25 IN and OUT with no notice. said by pclover:I am using 587 and the problem is solved.
EDIT: I am going to contact the Customer Security Assurance and see if I can get it removed. I need port 25 as I do Remote IT. If you switched to 587 and it works, why do you need to move back to port 25?
--
JL
Comcast |
|
 graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | It's not a matter of not being able to connect to Comcast mail servers on port 25. It's that this policy makes it impossible to connect to any other mail server on port 25. Some people do have a legitimate need to do this. |
|
|
|
 pclover
join:2008-08-02
Santa Cruz, CA
 ·Comcast
| said by graysonf:It's not a matter of not being able to connect to Comcast mail servers on port 25. It's that this policy makes it impossible to connect to any other mail server on port 25. Some people do have a legitimate need to do this.
They do like me but it's a very small percent. They said that they they will try and have the block removed but cannot guarantee that it will not be blocked again.
I think I am going to look into a business account. |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | Another option would be to obtain a shell account, perhaps a freebie, on another network that does not block outbound port 25. |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by graysonf:Another option would be to obtain a shell account, perhaps a freebie, on another network that does not block outbound port 25.
I could do that. However, The VPS idea inside of the network wouldn't let me make sure it can be accessed outside of the network.
All email to email server communicates over port 25 AFIK for SMTP. |
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
 ·PHONE POWER
·Comcast
| said by pclover:All email to email server communicates over port 25 AFIK for SMTP.
And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked.
--
My place : »www.schettino.us |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by JohnInSJ:said by pclover:All email to email server communicates over port 25 AFIK for SMTP.
And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked. Why is it assumed that I am running a server? I need to to test to make sure an email server is working correctly! |
|
biomeshPremium
join:2006-07-08
Tomball, TX | I don't see how running smtp tests from a residential connection are truly valid tests. What if the SMTP server had its own firewall or blacklist enabled for some of comcast's ip ranges. You should really be doing these tests from a datacenter level connection. |
|
graysonfPremium,MVM
join:1999-07-16
Fort Lauderdale, FL | said by biomesh:I don't see how running smtp tests from a residential connection are truly valid tests. What if the SMTP server had its own firewall or blacklist enabled for some of comcast's ip ranges. You should really be doing these tests from a datacenter level connection.
One who is testing against such an SMTP server for legitimate reasons would be aware of those potential problems. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| reply to pclover
said by pclover:said by JohnInSJ:said by pclover:All email to email server communicates over port 25 AFIK for SMTP.
And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked. Why is it assumed that I am running a server? I need to to test to make sure an email server is working correctly! You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server?
--
My place : »www.schettino.us |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server?
Why do you think testing will result in failure? Here is a test (from a residential connection, no less):
C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
Does that qualify as a failure?
FWIW, the source IP address is not in a DUL. The generic form of the rDNS is: 173-228-7-21x.dsl.static.sonic.net, which Sonic.net will not submit to any DUL for obvious reasons. But my specific IP address will respond with, 'mxa.mydomain.tld'.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by NormanS:said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server?
Why do you think testing will result in failure? Here is a test (from a residential connection, no less): C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
Does that qualify as a failure? FWIW, the source IP address is not in a DUL. The generic form of the rDNS is: 173-228-7-21x.dsl.static.sonic.net, which Sonic.net will not submit to any DUL for obvious reasons. But my specific IP address will respond with, 'mxa.mydomain.tld'. This points out that mail.comcast.net is responding to port 25.
This is what I need!
I need to verify on new servers that Port 25 can be accessed outside of the local network.
Does me no good to use an alternate port as email servers communicate with other emails servers over port 25 and if that's not working SMTP will fail and the mail queue will start building.
I was quoted around 94$ a month for business phone and internet. Free install with 2 year agreement. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| reply to NormanS
said by NormanS:Does that qualify as a failure?
Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on.
And you not being able to reach an email server is (clearly) no indication of the health of the server. Why do you feel the need to do this from a residential account?
--
My place : »www.schettino.us |
|
pclover
join:2008-08-02
Santa Cruz, CA Reviews:
·Comcast
| said by JohnInSJ:said by NormanS:Does that qualify as a failure?
Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on. And you not being able to reach an email server is (clearly) no indication of the health of the server. Why do you feel the need to do this from a residential account? To test for firewall rules etc.
Yes, Some servers WILL do that however you do have to abuse it.
Also this thread is getting pointless. No more replies are needed. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
1 edit | reply to pclover
said by pclover:said by NormanS:said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server?
Why do you think testing will result in failure? Here is a test (from a residential connection, no less): C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
This points out that mail.comcast.net is responding to port 25. No, sir; actually it does not. I was testing against an MX server to refute an argument about the response of an MX server. Nor is my result a failure. It is the wholly expected response of an SMTP server to the, "QUIT" command.
If I were to try the same to the Comcast message submission server, based on the Comcast pubs I would expect failure on port 25 (source IP address is not a Comcast IP address block) but success (to the "QUIT" command) on port 465.
C:\util\dig>telnet mail.comcast.net 25
Connecting To mail.comcast.net...Could not open connection to the host,
on port 25: Connect failed
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| reply to JohnInSJ
said by JohnInSJ:said by NormanS:Does that qualify as a failure?
Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on. And you claim to run a server! Or is the SMTP "QUIT" command not a proper response to the handshake?
And you not being able to reach an email server is (clearly) no indication of the health of the server.
Why do you feel the need to do this from a residential account?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA | didn't see the quit, thought he just disconnected - forgive me. Whatever, no port 25 on residential, that's the rule.
--
My place : »www.schettino.us |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by JohnInSJ:didn't see the quit, thought he just disconnected - forgive me. Whatever, no port 25 on residential, that's the rule.
Whose rule? And how do you actually determine "residential"? I test for "DUL" on my server; "Dynamic User List".
Do you see the difference?
173-228-99-1x.dsl.dynamic.sonic.net
173-228-7-21x.dsl.static.sonic.net
The first is not allowed to run servers; indeed, port 25 will be blocked both directions.
The second is allowed to run servers, with port 25 access not blocked.
Upon receiving my static IP address assignment, I used the control to set my rDNS to 'mxa.mydomain.tld'.
So how should this work on my end?
Your MX: "Banner"
My MX: "EHLO mxa.mydomain.tld"
Your MX: "Pleased to meet you, mxa.mydomain.tld"
My MX: "MAIL FROM norman@mydomain.tld"
Your MX: "norman@mydomain.tld OK, SEND RCPTS"
My MX: "RCPT TO: you@yourdomain.tld"
And so on; why should you have a problem with that?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 NetFixerFrom my cold dead handsPremium
join:2004-06-24
The Boro
·Comcast Business..
·Vonage
 ·Cingular Wireless
·Comcast
| reply to NormanS
said by NormanS:No, sir; actually it does not. I was testing against an MX server to refute an argument about the response of an MX server. Nor is my result a failure. It is the wholly expected response of an SMTP server to the, "QUIT" command.
If I were to try the same to the Comcast message submission server, based on the Comcast pubs I would expect failure on port 25 (source IP address is not a Comcast IP address block) but success (to the "QUIT" command) on port 465.
C:\util\dig>telnet mail.comcast.net 25
Connecting To mail.comcast.net...Could not open connection to the host,
on port 25: Connect failed
Actually using port 25 or port 587 to mail.comcast.net is doomed even from a Comcast IP address:
webhost:/ # telnet mail.comcast.net 25
Trying 2001:558:fe2d:70::33...
telnet: connect to address 2001:558:fe2d:70::33: Permission denied
Trying 2001:558:fe14:70::33...
telnet: connect to address 2001:558:fe14:70::33: Permission denied
Trying 76.96.40.158...
^C
webhost:/ # telnet mail.comcast.net 587
Trying 2001:558:fe2d:70::33...
telnet: connect to address 2001:558:fe2d:70::33: Permission denied
Trying 2001:558:fe14:70::33...
telnet: connect to address 2001:558:fe14:70::33: Permission denied
Trying 76.96.40.158...
^C
If you want to access the Comcast residential mail submission server, you have to use smtp.comcast.net (and that doesn't work on port 25 any more even if you are doing it from a Comcast IP address on a Comcast Business Class account):
webhost:/ # telnet smtp.comcast.net 25
Trying 2001:558:fe14:70::30...
Connected to smtp.comcast.net.
Escape character is '^]'.
554 omta20.westchester.pa.mail.comcast.net comcast Port 25 not allowed - http://customer.comcast.com/help-and-support/in
ternet/email-client-programs-with-xfinity-email/
Connection closed by foreign host.
webhost:/ # telnet smtp.comcast.net 587
Trying 2001:558:fe14:70::30...
Connected to smtp.comcast.net.
Escape character is '^]'.
220 omta10.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 omta10.westchester.pa.mail.comcast.net comcast closing connection
Connection closed by foreign host.
OTOH, the Comcast Business Class mail submission server is still accessible using port 25:
webhost:/ # telnet smtp.po1.comcast.net 25
Trying 76.96.107.76...
Connected to smtp.po1.comcast.net.
Escape character is '^]'.
220 businessclass.comcast.net ESMTP mail service ready
quit
221 businessclass.comcast.net closing connection
Connection closed by foreign host.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.
When governments fear people, there is liberty. When the people fear the government, there is tyranny. |
|
JohnInSJPremium
join:2003-09-22
San Jose, CA Reviews:
·PHONE POWER
·Comcast
| reply to NormanS
said by NormanS:said by JohnInSJ:didn't see the quit, thought he just disconnected - forgive me. Whatever, no port 25 on residential, that's the rule.
Whose rule? And how do you actually determine "residential"? I test for "DUL" on my server; "Dynamic User List". Comcast's rule, per the post title, is that they will block port 25 on residential accounts.
Am I in the wrong thread?
I frankly don't care at all, I am on business class with static IPs because the features and access I require are available with that service.
--
My place : »www.schettino.us |
|
