JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
to pclover
Re: Comcast decides to block port 25 IN and OUT with no notice.said by pclover:All email to email server communicates over port 25 AFIK for SMTP. And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked. |
|
pclover join:2008-08-02 Santa Cruz, CA |
said by JohnInSJ:said by pclover:All email to email server communicates over port 25 AFIK for SMTP. And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked. Why is it assumed that I am running a server? I need to to test to make sure an email server is working correctly! |
|
biomesh Premium Member join:2006-07-08 Tomball, TX |
biomesh
Premium Member
2013-Mar-1 12:47 pm
I don't see how running smtp tests from a residential connection are truly valid tests. What if the SMTP server had its own firewall or blacklist enabled for some of comcast's ip ranges. You should really be doing these tests from a datacenter level connection. |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL |
said by biomesh:I don't see how running smtp tests from a residential connection are truly valid tests. What if the SMTP server had its own firewall or blacklist enabled for some of comcast's ip ranges. You should really be doing these tests from a datacenter level connection. One who is testing against such an SMTP server for legitimate reasons would be aware of those potential problems. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
to pclover
said by pclover:said by JohnInSJ:said by pclover:All email to email server communicates over port 25 AFIK for SMTP. And if you are running a server, you're using comcast business class with a static IP, and your port 25 is not blocked. Why is it assumed that I am running a server? I need to to test to make sure an email server is working correctly! You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server? |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server? Why do you think testing will result in failure? Here is a test (from a residential connection, no less): C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
Does that qualify as a failure? FWIW, the source IP address is not in a DUL. The generic form of the rDNS is: 173-228-7-21x.dsl.static.sonic.net, which Sonic.net will not submit to any DUL for obvious reasons. But my specific IP address will respond with, 'mxa.mydomain.tld'. |
|
pclover join:2008-08-02 Santa Cruz, CA |
said by NormanS:said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server? Why do you think testing will result in failure? Here is a test (from a residential connection, no less): C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
Does that qualify as a failure? FWIW, the source IP address is not in a DUL. The generic form of the rDNS is: 173-228-7-21x.dsl.static.sonic.net, which Sonic.net will not submit to any DUL for obvious reasons. But my specific IP address will respond with, 'mxa.mydomain.tld'. This points out that mail.comcast.net is responding to port 25. This is what I need! I need to verify on new servers that Port 25 can be accessed outside of the local network. Does me no good to use an alternate port as email servers communicate with other emails servers over port 25 and if that's not working SMTP will fail and the mail queue will start building. I was quoted around 94$ a month for business phone and internet. Free install with 2 year agreement. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
to NormanS
said by NormanS:Does that qualify as a failure? Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on. And you not being able to reach an email server is (clearly) no indication of the health of the server. Why do you feel the need to do this from a residential account? |
|
pclover join:2008-08-02 Santa Cruz, CA |
said by JohnInSJ:said by NormanS:Does that qualify as a failure? Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on. And you not being able to reach an email server is (clearly) no indication of the health of the server. Why do you feel the need to do this from a residential account? To test for firewall rules etc. Yes, Some servers WILL do that however you do have to abuse it. Also this thread is getting pointless. No more replies are needed. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
1 edit
1 recommendation |
to pclover
said by pclover:said by NormanS:said by JohnInSJ:You do? What kind of test are you running? Are you polling port 25 of an SMTP server? Is it your server? Why do you think repeated failed interactions with an SMTP server wouldn't get your IP banned at that server? Why do you think testing will result in failure? Here is a test (from a residential connection, no less): C:\util\dig>telnet mx1.comcast.net 25
Connecting To mx1.comcast.net...
220 imta09.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 imta09.westchester.pa.mail.comcast.net comcast closing connection
Connection to host lost.
This points out that mail.comcast.net is responding to port 25. No, sir; actually it does not. I was testing against an MX server to refute an argument about the response of an MX server. Nor is my result a failure. It is the wholly expected response of an SMTP server to the, "QUIT" command. If I were to try the same to the Comcast message submission server, based on the Comcast pubs I would expect failure on port 25 (source IP address is not a Comcast IP address block) but success (to the "QUIT" command) on port 465. C:\util\dig>telnet mail.comcast.net 25
Connecting To mail.comcast.net...Could not open connection to the host,
on port 25: Connect failed
|
|
NormanS |
to JohnInSJ
said by JohnInSJ:said by NormanS:Does that qualify as a failure? Repeated probes with no response to handshake gets you banned from my email server, other admins may choose other patterns of malicious behavior to ban on. And you claim to run a server! Or is the SMTP "QUIT" command not a proper response to the handshake? And you not being able to reach an email server is (clearly) no indication of the health of the server. How is my posted result a failure to reach the server? The server properly responded with its banner, and properly accepted the RFC-compliant SMTP "QUIT" command. If, instead of quit, I had responded with, "EHLO mxa.mydomain.tld", I would have received additional SMTP prompts. As long as I continued to respond to prompts with proper, and appropriate commands, I could have sent an email to any Comcast user whose '@comcast.net' email address I know. Why do you feel the need to do this from a residential account? Why do you even care? As long as I am operating within the terms of my ISP. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
JohnInSJ
Premium Member
2013-Mar-1 6:10 pm
didn't see the quit, thought he just disconnected - forgive me. Whatever, no port 25 on residential, that's the rule. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
said by JohnInSJ:didn't see the quit, thought he just disconnected - forgive me. Whatever, no port 25 on residential, that's the rule. Whose rule? And how do you actually determine "residential"? I test for "DUL" on my server; "Dynamic User List". Do you see the difference? 173-228-99-1x.dsl.dynamic.sonic.net 173-228-7-21x.dsl.static.sonic.net The first is not allowed to run servers; indeed, port 25 will be blocked both directions. The second is allowed to run servers, with port 25 access not blocked. Upon receiving my static IP address assignment, I used the control to set my rDNS to 'mxa.mydomain.tld'. So how should this work on my end? Your MX: "Banner" My MX: "EHLO mxa.mydomain.tld" Your MX: "Pleased to meet you, mxa.mydomain.tld" My MX: "MAIL FROM norman@mydomain.tld" Your MX: "norman@mydomain.tld OK, SEND RCPTS" My MX: "RCPT TO: you@yourdomain.tld" And so on; why should you have a problem with that? |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
to NormanS
said by NormanS:No, sir; actually it does not. I was testing against an MX server to refute an argument about the response of an MX server. Nor is my result a failure. It is the wholly expected response of an SMTP server to the, "QUIT" command.
If I were to try the same to the Comcast message submission server, based on the Comcast pubs I would expect failure on port 25 (source IP address is not a Comcast IP address block) but success (to the "QUIT" command) on port 465.
C:\util\dig>telnet mail.comcast.net 25
Connecting To mail.comcast.net...Could not open connection to the host,
on port 25: Connect failed
Actually using port 25 or port 587 to mail.comcast.net is doomed even from a Comcast IP address:
webhost:/ # telnet mail.comcast.net 25
Trying 2001:558:fe2d:70::33...
telnet: connect to address 2001:558:fe2d:70::33: Permission denied
Trying 2001:558:fe14:70::33...
telnet: connect to address 2001:558:fe14:70::33: Permission denied
Trying 76.96.40.158...
^C
webhost:/ # telnet mail.comcast.net 587
Trying 2001:558:fe2d:70::33...
telnet: connect to address 2001:558:fe2d:70::33: Permission denied
Trying 2001:558:fe14:70::33...
telnet: connect to address 2001:558:fe14:70::33: Permission denied
Trying 76.96.40.158...
^C
If you want to access the Comcast residential mail submission server, you have to use smtp.comcast.net (and that doesn't work on port 25 any more even if you are doing it from a Comcast IP address on a Comcast Business Class account):
webhost:/ # telnet smtp.comcast.net 25
Trying 2001:558:fe14:70::30...
Connected to smtp.comcast.net.
Escape character is '^]'.
554 omta20.westchester.pa.mail.comcast.net comcast Port 25 not allowed - http://customer.comcast.com/help-and-support/in
ternet/email-client-programs-with-xfinity-email/
Connection closed by foreign host.
webhost:/ # telnet smtp.comcast.net 587
Trying 2001:558:fe14:70::30...
Connected to smtp.comcast.net.
Escape character is '^]'.
220 omta10.westchester.pa.mail.comcast.net comcast ESMTP server ready
quit
221 2.0.0 omta10.westchester.pa.mail.comcast.net comcast closing connection
Connection closed by foreign host.
OTOH, the Comcast Business Class mail submission server is still accessible using port 25:
webhost:/ # telnet smtp.po1.comcast.net 25
Trying 76.96.107.76...
Connected to smtp.po1.comcast.net.
Escape character is '^]'.
220 businessclass.comcast.net ESMTP mail service ready
quit
221 businessclass.comcast.net closing connection
Connection closed by foreign host.
|
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
to NormanS
said by NormanS:said by JohnInSJ:didn't see the quit, thought he just disconnected - forgive me. Whatever, no port 25 on residential, that's the rule. Whose rule? And how do you actually determine "residential"? I test for "DUL" on my server; "Dynamic User List". Comcast's rule, per the post title, is that they will block port 25 on residential accounts. Am I in the wrong thread? I frankly don't care at all, I am on business class with static IPs because the features and access I require are available with that service. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
said by JohnInSJ:Comcast's rule, per the post title, is that they will block port 25 on residential accounts.
Am I in the wrong thread? No, but I was sucked away from the OPs concerns by my own obstinacy. OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose. |
|
ArrayListDevOps Premium Member join:2005-03-19 Mullica Hill, NJ |
said by NormanS:OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose. really? a business class connection just to test if port 25 is working? |
|
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
JohnInSJ
Premium Member
2013-Mar-16 10:23 am
said by ArrayList:said by NormanS:OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose. really? a business class connection just to test if port 25 is working? Why does a residential user need to "test if port 25 is working" on a server they don't run? |
|
|
ArrayListDevOps Premium Member join:2005-03-19 Mullica Hill, NJ |
ArrayList
Premium Member
2013-Mar-16 11:35 am
the server is not run on the business class connection. That alone says that you don't need business level service. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA |
JohnInSJ
Premium Member
2013-Mar-16 4:12 pm
said by ArrayList:the server is not run on the business class connection. That alone says that you don't need business level service. I have no idea what you're saying here. You aren't allowed to run any server on residential. Only an SMTP SERVER needs to send traffic on port 25. Therefore you need to be on business class to send traffic on port 25. QED |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
1 edit |
to ArrayList
said by ArrayList:said by NormanS:OP wants to test an off-Comcast network SMTP server, and definitely should get a business-class account for that purpose. really? a business class connection just to test if port 25 is working? Yes, because port 25 is no longer a standard user port; hasn't really been since RFC 2476 was published in December, 1998. |
|
ArrayListDevOps Premium Member join:2005-03-19 Mullica Hill, NJ |
to JohnInSJ
said by JohnInSJ:said by ArrayList:the server is not run on the business class connection. That alone says that you don't need business level service. I have no idea what you're saying here. I don't run a server on my connection, why can't I open a tcp connection to a remote server over port 25 without paying more money for the privilege to do so? I really don't care either way. Spammers will spam regardless of what Comcast does. |
|
AVonGauss Premium Member join:2007-11-01 Boynton Beach, FL |
Blocking outbound 25/tcp significantly lowers the amount of e-mail spam coming from an ISP. If you run a mail server, it's very easy to tell who is blocking and who is not blocking based on the spam mail attempts.
I probably already said this in this thread, but Comcast should have done this years ago. |
|
graysonf MVM join:1999-07-16 Fort Lauderdale, FL
1 recommendation |
to ArrayList
Get a free shell account on » www.cjb.netConnect anywhere you want to destination port TCP 25. |
|
JohnInSJ Premium Member join:2003-09-22 Aptos, CA
1 recommendation |
to ArrayList
said by ArrayList:said by JohnInSJ:said by ArrayList:the server is not run on the business class connection. That alone says that you don't need business level service. I have no idea what you're saying here. I don't run a server on my connection, why can't I open a tcp connection to a remote server over port 25 without paying more money for the privilege to do so? I really don't care either way. Spammers will spam regardless of what Comcast does. Port 25 communications is reserved for servers. That's why. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to ArrayList
said by ArrayList:Spammers will spam regardless of what Comcast does. Prior to 2002, when SBC blocked customer access to port 25, SBC residential hosts were the most prevalent spam source IP addresses in my server logs. Subsequent to the blocking, SBC residential hosts dropped to near last. While spammers continued to spam, they were much less successful at using compromised SBC residential customer hosts. FWIW, SBC led Comcast until the blocks. After the SBC blocks, SBC dropped behind Comcast as a spam source. From which I deduced that blocking port 25 reduced the amount of abuse coming from SBC. |
|