kshakir
join:2006-05-01
Somerville, MA
|  [E-Mail] SMTP.rcn.com silently not relaying, again
If you are using a configuration like the one below, you might want to check if people have actually been receiving your emails. Just ran some tests, and I'm pretty sure smtp.rcn.com is silently eating email again. No return-receipts, error messages, etc. I wonder where these messages are going...
Background:
- RCN blocks all outgoing SMTP (port 25) traffic, *except* to smtp.rcn.com. This means you cannot use smtp.yourcompany.com (port 25) to send email from home.
- You can hack around the port 25 restriction by using a third party server on another port, but this is NOT explained in the RCN help.
- Until a few days ago, you could send email from yourname@yourcomany.com using the RCN smtp server, even without login (great for visiting relatives), as long as you wer connecting from an RCN ip address.
What changed, smtp.rcn.com seems to:
- Still relay email if it comes From:
> any_user@rcn.com
> any_user@gmail.com (evidence of a whitelist??)
> (possible other whitelist domains I don't know)
- Silently NOT relaying message From:
> any_user@yourcompany.com
> any_user@yahoo.com
> any_user@( most domains ).com
Net result: If you work at home, you cannot use smtp.rcn.com, nor your own server, to send email for work, and are forced to sign up for a third party alternate-port server like gmail (here's to hoping you don't have certain customer email, which you might not want relayed through google  ).
Anyone know how to report this? I spent hours the last time and got nowhere with the CSRs or sales departments. Posted here and it was fixed pretty quickly, so hoping someone is listening again!
(It'd be nice if RCN unblocked outgoing 25, but I understand that we're currently fighting a war on spam.) |
|
rcnman
Jason Nealis
Premium,VIP
join:2003-05-02
Herndon, VA | I've forwarded over to the guy who runs email.
You can get port 25 open if you buy a static ip. FWIW.
--
Jason Nealis,
Sr. Director, Video Product and Network Operations |
|
kshakir
join:2006-05-01
Somerville, MA
| said by rcnman  :I've forwarded over to the guy who runs email. You can get port 25 open if you buy a static ip. FWIW. Thank you!
While I'll happily trick out my account with all kinds of packages (love the 20mbps!)-- my "dynamic" ip hasn't changed in a year, and I'd prefer not to pay RCN ransom money purely for ports 25 and 80. |
|
kshakir
join:2006-05-01
Somerville, MA |  reply to rcnman
Email is being received again. Please forward my thanks! |
|
rcnman
Jason Nealis
Premium,VIP
join:2003-05-02
Herndon, VA | Indeed, he looked into it and whitelisted some of your domains. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
 ·Pacific Bell - SBC
| reply to kshakir
said by kshakir :You can hack around the port 25 restriction by using a third party server on another port... I don't consider this a "Hack". RFC 2821 only defines port 25 for "Message Transfer"; moving email messages from MTA to MTA. It doesn't clearly define a method of "Message Submission".
RFC 2476 clearly defines "Message Submission", including defining port 587 as the official "Message Submission" port. In addition, port 465 has become a de facto standard for SMTP with Secure Sockets Layer (SSL). And party running an SMTP message submission server, and expecting access from users on any part of the Internet, needs to compensate for ISPs, such as AOL, AT&T, and Cox, which all (in addition to RCN) block outbound port 25 (and there are others; even Comcast, under certain conditions).
I occasionally use a few third party SMTP message submission servers (as well as two offered by my ISP):
mail.pacbell.net:587*
smtp.aim.com:587
smtp.aol.com:587
smtp.gmail.com:465 (w/SSL)
smtp.gmail.com:587 (w/STARTTLS)
smtp.gmx.com:587 (w/STARTTLS)
smtp.myrealbox.com:465 (w/SSL)
smtp.att.yahoo.com:465 (w/SSL)*
smtp.mail.yahoo.com:465 (w/SSL)
smtp.mail.yahoo.com.au:465 (w/SSL)
smtp.mail.yahoo.co.jp:465 (w/SSL)
(*) denotes my ISP mail servers.
There are some other third party email service providers which use some non-standard message submission ports, as well.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
dehmmy
join:2004-11-20
Bethesda, MD
edit:
May 11th, @06:23AM
| said by NormanS :said by kshakir :You can hack around the port 25 restriction by using a third party server on another port... OR better yet. You could snmpwalk the modem changing only allow outgoing port 25 to RCN to deny all outgoing port 25 to RCN and allow all others. A 180 it would seem. Or you could input an invalid IP which you'd never send smtp to thus allowing outgoing port 25 (smtp) to any IP but I thought the first example was funnier. But like you have to be really really smart and it's really hard and I advise people to never EVER do that! ;pIn actuality, they just don't want people spamming.=) jay |
|
dehmmy
join:2004-11-20
Bethesda, MD
edit:
May 11th, @06:26AM
| reply to kshakir
said by kshakir :If you are using a configuration like the one below, you might want to check if people have actually been receiving your emails. Just ran some tests, and I'm pretty sure smtp.rcn.com is silently eating email again. No return-receipts, error messages, etc. I wonder where these messages are going... Background: - RCN blocks all outgoing SMTP (port 25) traffic, *except* to smtp.rcn.com. This means you cannot use smtp.yourcompany.com (port 25) to send email from home. - You can hack around the port 25 restriction by using a third party server on another port, but this is NOT explained in the RCN help. - Until a few days ago, you could send email from yourname@yourcomany.com using the RCN smtp server, even without login (great for visiting relatives), as long as you wer connecting from an RCN ip address. What changed, smtp.rcn.com seems to: - Still relay email if it comes From: > any_user@rcn.com > any_user@gmail.com (evidence of a whitelist??) > (possible other whitelist domains I don't know) - Silently NOT relaying message From: > any_user@yourcompany.com > any_user@yahoo.com > any_user@( most domains ).com Net result: If you work at home, you cannot use smtp.rcn.com, nor your own server, to send email for work, and are forced to sign up for a third party alternate-port server like gmail (here's to hoping you don't have certain customer email, which you might not want relayed through google ). Anyone know how to report this? I spent hours the last time and got nowhere with the CSRs or sales departments. Posted here and it was fixed pretty quickly, so hoping someone is listening again! (It'd be nice if RCN unblocked outgoing 25, but I understand that we're currently fighting a war on spam.) Actually you can.. just put in the Reply-To: line yourname@company.com which will tell the receiving party to reply to that address
It's actually in one of the RCN FAQs
=0
jay |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to dehmmy
said by dehmmy :said by kshakir :You can hack around the port 25 restriction by using a third party server on another port... Or you could input an invalid IP which you'd never send smtp to thus allowing outgoing port 25 (smtp) to any IP but I thought the first example was funnier. Just trying to figure out how that would work.
just put in the Reply-To: line yourname@company.com which will tell the receiving party to reply to that address...
Not really a satisfactory solution. And a bunch of us, whose ISP gave us Yahoo! mail servers to use, are beating up both our ISP, and Yahoo!, over a similar restriction imposed by Yahoo!.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
dehmmy
join:2004-11-20
Bethesda, MD
| said by NormanS :said by dehmmy :said by kshakir :You can hack around the port 25 restriction by using a third party server on another port... Or you could input an invalid IP which you'd never send smtp to thus allowing outgoing port 25 (smtp) to any IP but I thought the first example was funnier. Just trying to figure out how that would work. just put in the Reply-To: line yourname@company.com which will tell the receiving party to reply to that address...
Not really a satisfactory solution. And a bunch of us, whose ISP gave us Yahoo! mail servers to use, are beating up both our ISP, and Yahoo!, over a similar restriction imposed by Yahoo!. Yeah, they should at least have deep packet inspection to auto cut would be spammers instead of forcing you to use their smtp.. i agree
jay |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| said by dehmmy :Yeah, they should at least have deep packet inspection to auto cut would be spammers instead of forcing you to use their smtp.. i agree They aren't forcing you to use their SMTP server. They aren't blocking message submission ports; that I know of. It is just that, when using their SMTP server, they shouldn't care what your "From:" email address is.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
dehmmy
join:2004-11-20
Bethesda, MD
| said by NormanS :said by dehmmy :Yeah, they should at least have deep packet inspection to auto cut would be spammers instead of forcing you to use their smtp.. i agree They aren't forcing you to use their SMTP server. They aren't blocking message submission ports; that I know of. It is just that, when using their SMTP server, they shouldn't care what your "From:" email address is. Well, in my area at least they block all outgoing port 25 sessions unless it's to one of their smtp servers thus forcing you to use it and no one elses.
jay |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| said by dehmmy :Well, in my area at least they block all outgoing port 25 sessions unless it's to one of their smtp servers thus forcing you to use it and no one elses. Unless they are also blocking ports 465 and 587, they are not preventing users from accessing any other mail servers.
I refer you to the list of mail servers I use, several posts up, none of which are blocked by blocking port 25.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
rcnman
Jason Nealis
Premium,VIP
join:2003-05-02
Herndon, VA
| reply to dehmmy
said by dehmmy :said by NormanS :said by dehmmy :Yeah, they should at least have deep packet inspection to auto cut would be spammers instead of forcing you to use their smtp.. i agree They aren't forcing you to use their SMTP server. They aren't blocking message submission ports; that I know of. It is just that, when using their SMTP server, they shouldn't care what your "From:" email address is. Well, in my area at least they block all outgoing port 25 sessions unless it's to one of their smtp servers thus forcing you to use it and no one elses. jay This is done in order to control outbound spam from zombies on the network. If you want to get around this block you can purchase a static IP that will open port 25. |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| said by rcnman :This is done in order to control outbound spam from zombies on the network. If you want to get around this block you can purchase a static IP that will open port 25. Or, if you are using a Gmail account, use either port 587, or port 465. RCN shouldn't be blocking those ports. You should be able to use *any* message submission server which listens on a proper message submission port. There is no law of nature, or Congress, which requires that message submission must use port 25.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
jsolo1
join:2001-07-01 | Perhaps if all servers required authentication, port 25 could be left open. No credentials, no smtp.
--
Insanity is living in a state of disillusion. |
|
negativeduck
Premium,VIP
join:2002-02-14
Centreville, VA
| You can infact relay mail from any mail-client as user@anydomain.com through smtp.rcn.com. Case by Case restrictions to this may be imposed as result of a compromised computer or host although in several of those cases enabling smtp auth will correct this.
If you are having a trouble sending email with your "From" setup as something other than rcn.com I would suggest enabling smtp auth and seeing if that helps with your problem.
We process a tone of email with customers doing just this scenerio so there is a possibility of specific 'one off' spam domains and what not. That being said if you want to message me some details around one of these 'dropped' emails we can research into where your mail is going.
--
Bryan Laird
Director Product and Technology |
|
NormanS
Premium,MVM
join:2001-02-14
San Jose, CA
·Pacific Bell - SBC
| reply to jsolo1
said by jsolo1 :Perhaps if all servers required authentication, port 25 could be left open. No credentials, no smtp. How would your email service relay agents move email if they were required to authenticate the connection? The basic idea is to separate message submission (which may require authentication) from mail transfer (which should not require authentication).
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
jsolo1
join:2001-07-01
| Norman good point. My response was based on email submission, not transmission. You do bring up a good point though. Not sure how that would work. I imagine there may be a white list of sorts?
--
Insanity is living in a state of disillusion. |
|
negativeduck
Premium,VIP
join:2002-02-14
Centreville, VA
edit:
May 13th, @05:46PM
| Several mail hosts will not accept unauthenticated delivery requests from hosts that are NOT known isp's, or rather they specifically 'reject' or do not allow communication from a host that "appears" to be a dynamic IP pool connecting to their mail exchangers.. now this is a different scenario than say 'smtp' servers while fundamentally they same they like to serve different purposes.
IE if you run your own mail-server on a standard dynamically allocated IP there is a strong chance that you will never be able to deliver your email to alot of hosts. This is where smart-hosting and smart-relaying come in where you transfer your mail to a larger ISP for delivery to another large entity.
--
Bryan Laird
Director Product and Technology |
|
