grep_reaper
join:2001-08-27
Herndon, VA
| [VA] inbound 25 problems?
I have Cox in Fairfax. Obviously have been working around the port 25 outbound block for a while, sending out mail via Cox smtp servers. It now appears that I can't receive INBOUND connections to my mail server on port 25. Anyone else experiencing this? I have confirmed from several locations that I am unreachable on port 25. |
|
mnaber
join:2003-12-11
Centreville, VA
| I live in Centreville and it's been like that here for a long time. Ever since they started blocking port 25 outbound I think they blocked port 25 inbound, too. If they really want to compete with FIOS they should just open the ports. I don't think they realize how many people they're inconveniencing. |
|
curtisG
@cox.net | reply to grep_reaper
Yes, it appears that COX has started blocking inbound SMTP into my area (Great Falls) sometime late last week.
Glad to see that it wasn't just me.
Any word from COX confirming this!
--curtisG |
|
bbeesley
VIP
join:2003-08-07
Las Vegas, NV
| said by curtisG :
Yes, it appears that COX has started blocking inbound SMTP into my area (Great Falls) sometime late last week.
Glad to see that it wasn't just me.
Any word from COX confirming this!
--curtisG
Port 25 is supposed to be blocked on residential IPs to mitigate SPAM and Trojans...if it wasn't previously, it was likely an oversight by the security group which they have since corrected. |
|
sp33drac3r
@cox.net
| same here. (in fairax) I've been trying to see a work around and the only thing I have come up with is register my domain via zonedit and use their mailforward feature to forward email to a remote email account and then send email as usual. I hope this is temporary until I figure something else out...b/c I plan to cancel my service and seek elsewhere if I cannnot resolve this. |
|
bbeesley
VIP
join:2003-08-07
Las Vegas, NV
| said by sp33drac3r :
same here. (in fairax) I've been trying to see a work around and the only thing I have come up with is register my domain via zonedit and use their mailforward feature to forward email to a remote email account and then send email as usual. I hope this is temporary until I figure something else out...b/c I plan to cancel my service and seek elsewhere if I cannnot resolve this.
you have several options
you can host your mail but use the cox.net SMTP servers to send
you can run secure smtp, which uses a different port
you can upgrade to a commercial account. |
|
fairfax1
@cox.net | does the secure smtp work for anyone here?
|
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to bbeesley
said by bbeesley  :Port 25 is supposed to be blocked on residential IPs to mitigate SPAM and Trojans...if it wasn't previously, it was likely an oversight by the security group which they have since corrected. But inbound? How does that mitigate the spam problem? I understand how outbound blocks work to mitigate spam and virus propagation. |
|
bbeesley
VIP
join:2003-08-07
Las Vegas, NV
| said by NormanS :said by bbeesley :Port 25 is supposed to be blocked on residential IPs to mitigate SPAM and Trojans...if it wasn't previously, it was likely an oversight by the security group which they have since corrected. But inbound? How does that mitigate the spam problem? I understand how outbound blocks work to mitigate spam and virus propagation. It keeps open SMTP servers from running amok on the network.
Some viruses and trojans setup an open SMTP relay as well. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
1 edit | said by bbeesley :said by NormanS :said by bbeesley :Port 25 is supposed to be blocked on residential IPs to mitigate SPAM and Trojans...if it wasn't previously, it was likely an oversight by the security group which they have since corrected. But inbound? How does that mitigate the spam problem? I understand how outbound blocks work to mitigate spam and virus propagation. It keeps open SMTP servers from running amok on the network. Some viruses and trojans setup an open SMTP relay as well. Spamming Trojans and viruses, in my observation, don't set up SMTP servers, they just set up SMTP clients. The trick is to keep the application footprint as small as possible to better avoid detection. So no actual MTA; no lookups of MX records. KISS principle; only enough code to connect to one MX server per transaction, and take it from there. Cc: and Bcc: lists all to the same domain to minimize domain MX lookup time.
In any case, blocking outbound port 25 would be sufficient. How would an open relay accepting input on a customer's port 25 be useful when outbound port 25 is blocked? To where would such a relay send email, other than the blocked port 25 out?
Just curious; it is up to Cox what to allow, and what to deny.
(Actually, I suspect that the inbound port 25 blocks are really designed to prevent customers from violating the AUP/TOS against running their own servers; such blocks would be somewhat effective at that. Not my problem, though.)
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by NormanS :In any case, blocking outbound port 25 would be sufficient. How would an open relay accepting input on a customer's port 25 be useful when outbound port 25 is blocked? To where would such a relay send email, other than the blocked port 25 out?
The open relay server accepts the spam on the incoming open port 25. That server is set up to relay/smart host via cox's outgoing servers, or secure via some other provider. Rare, but I have seen it. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| said by fantomposter :said by NormanS :In any case, blocking outbound port 25 would be sufficient. How would an open relay accepting input on a customer's port 25 be useful when outbound port 25 is blocked? To where would such a relay send email, other than the blocked port 25 out?
The open relay server accepts the spam on the incoming open port 25. That server is set up to relay/smart host via cox's outgoing servers, or secure via some other provider. Rare, but I have seen it. I would think that needs authentication to get beyond the compromised box. It is certainly beyond the normal spamming proxy technique. --
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by NormanS : I would think that needs authentication to get beyond the compromised box. It is certainly beyond the normal spamming proxy technique. If set up properly, you bet....authentication or it is set up to only accept certain IP's...which ever the 'admin' set it up for.
But if it is a misconfigured wide open relay that accepts and fowards anything, as many 'home' servers are it will just accept and relay it on down the line. Off the top of my head, Exch 5.0 does this no matter what you do to it, 5.5's default set up does this. It is not hard to screw up a mail server and make it an open relay.
Yep, rare and outside the normal compromised proxy stuff. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| said by fantomposter :said by NormanS : I would think that needs authentication to get beyond the compromised box. It is certainly beyond the normal spamming proxy technique. If set up properly, you bet....authentication or it is set up to only accept certain IP's...which ever the 'admin' set it up for. But if it is a misconfigured wide open relay that accepts and fowards anything, as many 'home' servers are it will just accept and relay it on down the line. Off the top of my head, Exch 5.0 does this no matter what you do to it, 5.5's default set up does this. It is not hard to screw up a mail server and make it an open relay. Yep, rare and outside the normal compromised proxy stuff. No. No. No. No. No. An open proxy on the home computer is too easy to set up. But, if the user is on a network, such as Cox, or SBC, which blocks outbound port 25 to any other server...oh. Wait. Cox doesn't require authentication from their users for the Cox SMTP servers? Now I get it. SBC Yahoo! DSL users mostly have to use smtp.X.yahoo.com, or smtpauth.X.net SMTP servers; although the legacy SMTP servers are still working, they are no longer recommended for use by the SBC-Y users. An open relay won't fly because it isn't likely to be able to authenticate to the designated SBC SMTP servers.
Cox, on the OTOH, doesn't require user authentication to use their message submission servers. I know how to get around that! Run an SMTP engine which accepts input on any unblocked input port, and relay through the Cox SMTP servers! If a spammer has control of an unwitting user's computer, he can set up to listen on any port he wants, accept the input, then hit the Cox servers. Sweet.
("X" in the server names can be one of nine domains used for ISP connection, or three used in the SMTP AUTH server names; less the .net TLD of the domain name, of course.)
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by NormanS :Cox doesn't require authentication from their users for the Cox SMTP servers? Yep. Now if I have this figured out right, even smtp auth on the Cox servers would not save us. Consider this scenario:
Cox allows inbound port 25.
I have my own server accidentally misconfigured to be a wide open relay.
Cox blocks outbound port 25.
Cox requires SMTP auth on their servers.
Now, to use my server I would simply set it up to smarthost/relay via Cox, and use SMTP Auth. Most email servers will do that.
So spammer rapes my open relay, my server happily auth's to Cox's server and sends the spam on its way. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| That should happen infrequently enough for Cox abuse to be responsive. Of course, if Cox prohibits running servers, then blocking inbound port 25 will effectively enforce the AUP/TOS.
It is Cox' network, and they can do as they will. But any ISP which does not explicitly prohibit servers, and SBC does not, blocking inbound ports for those not prohibited servers would rankle the rank and file.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
smtpuser
@cox.net
| reply to bbeesley
Monopolistic type organizations have to nickle and dime you to increase their profits and satisfy shareholders. Ten bucks says that cox is losing market share to Verizon FIOS. Management is getting the heat for losing market share causing them to re-evaluate current policies and making sure everyone is in compliance (no port 25). Then they can say, "We have been performing according to policy. So don't fire me!" Then comes the squeezing blood from a turnip, then layoffs, then marketing campaigns to current customers, then the selling of customer information.
What are they going to shut off next? Third party VOIP is probably towards the top of the list since COX offers the same service.
Inbound port 25 was the only thing keeping me with Cox. I'll probably switch to Verizon FIOS. If I can't have port 25 I might as well have speed. |
|
A0N9Us
@cox.net
| reply to grep_reaper
"[its cox's network they can do what they want]"
Im paying for internet access, that includes feaking total IPv4 support, none of this blocking crap.
If you can enforce something then i'll become your job todo so. This is a bad direction ISP's are taking. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| Really? Where, in your Cox AUP/TOS, does it say that you are getting "total IPv4 Internet access"; assuming you are speaking of a residential account? I suggest you pay a visit to this site:
»www.cox.com/policy/#Acceptable_Use_Policy
Pay particular attention to Item No. 6:
Servers. You may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server-like functionality in connection with the Service, unless expressly authorized by Cox.
Unless I am mistaken, the primary purpose of port 25 is to run an SMTP server. Because this is a prohibited activity per the Cox AUP, I suspect that Cox is well within their rights to block access.
Of course, IANAL, so you may take my comments with a large grain of salt. However, if you want the definitive word, and have some spare change, take a copy of that document to a contract lawyer, and see if he would be willing to haul the Cox landsharks before a judge over a breach of contract.
If you need "total IPv4 Internet access", find a provider which offers it.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
A0N9Us
@cox.net | reply to grep_reaper
then they should NOT be allowed to call themselfs an ISP.... maybe they dont already.. ITS ALL BS!!@#@!@#$)@{&*U |
|
