lordiebeen there, done that.. join:2001-11-13 Sunnyvale, CA |
lordie
Member
2010-Jul-28 7:09 pm
Comcast blocked port 25 (SMTP)???I received this letter from Comcast. I can't see how I have a virus as all my PCs are well maintained, updated, and have teh latest n greatest virus checking SW on them.. None of my PCs use SMTP to send mail so I don;t really care that they blocked that port, but I wonder if they could be wrong, or I do have a virus spamming the world.. Customer Security Assurance Notice
Dear Comcast Customer:
Action Taken: In an effort to help prevent spam and ensure the security of our network and customers, Comcast has modified your modems settings to prevent the sending of email on port 25. That is the default port email programs such as Outlook Express use to send email. Weve taken this action because we may have detected virus-like activity from your modem or received reports from other email providers that mail from your modem generated complaints from their users. Please read this message to understand how this action may impact your ability to send email and what you should do next.
Comcast Webmail Users: If you use a web browser to access your Comcast.net email, this action will not affect your ability to send or receive e-mail. This action also does not affect any non-Comcast webmail services.
Email Program Users (Outlook Express, Outlook, MacMail, etc.): If you use an email program, this action will disable your programs ability to send email until you change your email program settings to send email on port 587. Port 587 uses authentication and is an industry-recommended alternative to port 25. If you use Outlook Express and Comcast.net email, Comcast has provided a simple one click fix for you to use with Internet Explorer. If you use another email program such as MacMail, Eudora, or Thunderbird, please visit our client page for information on how to change the settings for sending email in your email program.
If you are not using Comcast.net email and use another email provider, please contact your provider for its recommended port settings. Most email providers offer an alternative to port 25 for sending email.
All Users: To help protect your security and privacy, it is important to regularly check for and remove any possible viruses from your computer. You can do this using the comprehensive security suite available from Comcast to subscribers at no additional charge or by using other popular antivirus solutions that are widely available. In addition, Comcast recommends that you secure any wireless network in the home and that the operating systems on your computers be updated regularly with the latest security enhancements. Please visit the Comcast.net security channel for more information and tips on how to enjoy a safe and secure online experience.
If you have additional questions please visit www.comcast.net/help.
Thank you for choosing Comcast!
Sincerely,
Comcast Customer Security Assurance
|
|
|
L Supreme Premium Member join:2004-06-05 Lowell, MA |
Someone could have hacked into your network & is spamming on port 25. |
|
|
to lordie
Is your Comcast connection really your own account?
I have come across (more than once, sadly) where another "ISP/telco" was essentially reselling a Comcast business account, meaning they put a Comcast modem in the basement of a building, with a switch, then gave different companies in the building their own "dedicated" Ethernet run that went back to that switch, they also "gave" each tenant who signed up for "their" service one of the static IP's from the Comcast account. Another company in the building was spamming, and thus Comcast blocked port 25 for all the IPs on the account.
I'd suggest you contact Comcast and have them help you. They may just turn it back on without asking allot of questions. |
|
lordiebeen there, done that.. join:2001-11-13 Sunnyvale, CA |
lordie
Member
2010-Jul-28 8:38 pm
said by supergeeky:Is your Comcast connection really your own account? I have come across (more than once, sadly) where another "ISP/telco" was essentially reselling a Comcast business account, meaning they put a Comcast modem in the basement of a building, with a switch, then gave different companies in the building their own "dedicated" Ethernet run that went back to that switch, they also "gave" each tenant who signed up for "their" service one of the static IP's from the Comcast account. Another company in the building was spamming, and thus Comcast blocked port 25 for all the IPs on the account. I'd suggest you contact Comcast and have them help you. They may just turn it back on without asking allot of questions. Yes, it is my own, in my house, no other user on that Modem. I don't mind if port 25 is blocked. I do not use Comcast's SMTP service anyway and I access all my email accounts vial webmail (gmail).. Or use my email's provider secure SMTP server via another port. |
|
beachintechThere's sand in my tool bag Premium Member join:2008-01-06 |
It could be a false positive, but I doubt it.
Something on your network / PC's is sending messages out at a high rate. It takes a good bit for that to be triggered. |
|
|
to lordie
I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... in which case, perhaps the letter is in error? |
|
netcool Premium Member join:2008-11-05 Englewood, CO |
netcool
Premium Member
2010-Jul-28 9:06 pm
said by supergeeky:I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... in which case, perhaps the letter is in error? It's not blocked by default: » customer.comcast.com/Pag ··· Internet |
|
EGThe wings of love Premium Member join:2006-11-18 Union, NJ 1 edit |
to supergeeky
said by supergeeky:I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... Disagree ! I've known many people that are Comcast subs and also have read many posts on various forums and I've never seen a pattern or any evidence to indicate/prove your assertion. I have been a CC residential subscriber for nine years myself and port 25 always was and still is open and active here.. |
|
Khaos-K-OS- Premium Member join:2007-03-12 West Palm Beach, FL |
to lordie
I've also seen the letter sent when the CM's Mac is spoofed somewhere else and they are spamming on port 25. The MAC comes up on 2 different cmts. I would swap that modem to be on the safe side. |
|
koitsu MVM join:2002-07-16 Mountain View, CA Humax BGW320-500
|
to lordie
To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details: » [Spam] Comcast reporting spam from my IP |
|
lordiebeen there, done that.. join:2001-11-13 Sunnyvale, CA |
lordie
Member
2010-Jul-29 10:09 am
said by koitsu:To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details: » [Spam] Comcast reporting spam from my IP Thanks for sharing your experience with them. It is good to know that when I get such a letter from Comcast it does not necessarily mean that I was abusing sendmail, and it could have been a Comcast brain fart... Since nothing in my network uses SMTP at all, I can't see how I would be sending spam. And since I do not use SMTP, I don't care if they block port 25. |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to supergeeky
said by supergeeky:I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... in which case, perhaps the letter is in error? I've tested from my sister's Comcast connection in Oregon, from time to time, and never found their connection to have a port 25 block. Per their own policy, Comcast only blocks port 25 out on a case-by-case basis. |
|
n0xlf join:2001-03-28 Castle Rock, CO 1 edit |
to koitsu
said by koitsu:To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details: » [Spam] Comcast reporting spam from my IP Koitsu, I read through your thread and may know why you got blocked, since I faced a similar situation and eventually was forced to business class because of the port 25 blocks. I was never spamming (well, mostly, keep reading), but I learned two things (after being unblocked by abuse about 6 times, after which they completely refused). First, if you aren't authenticating to your own internal mail server, they flag it as spam, assuming that you have an open relay. I'm not as familiar with postfix as a I am sendmail, but in the sendmail case, not authenticating to it locally and then using smtp.comcast.net as a smarthost (even if you are authenticating to their smtp) was apparently carrying enough header info from the unauth'd sendmail session to their smtp to indicate an open relay (which it wasn't - I had it restricted to the LAN). I figured this one out after certain messages weren't getting delivered, which is when I also learned that they do spam filtering on smtp as well. Second, and this doesn't sound like your case (but was mine), they monitor volume of port 25 traffic, even if it's incoming. My server is/was processing about 3k messages/day, so I obviously had a lot of port 25 chatter. They don't distinguish between incoming and outgoing though, so I got dinged there as well. And last, there was one unintentional case where I was "spamming", and that was when one of my users had set up a .forward - That forward was being processed by procmail before spamassassin could look at anything, thus I ended up "spamming" the spam message to their forwarded email, and as stated above, their smtp was catching that as spam. I fixed this with sa-milter. In any case, that's a bit more info on port 25 blocks...Another bad thing I noticed, which could have changed, is that the TP-25 configs (port 25 blocks) did not have powerboost, so there was additional incentive to not have a TP-25 config... |
|
beachintechThere's sand in my tool bag Premium Member join:2008-01-06 1 edit |
Ok for the above poster - having a SMTP server behind a router restricted to a lan is an open relay. There's no authentication other than not being accessible to the outside. Still open to your lan, so it's still technically an open relay.
No traffic is incoming on port 25 (unless you have a relay, which is still technically all sent messages), that would violate standards and the RFC's. So if you are processing 3000 messages a day, you are sending a boat load of email that should not be coming from a residential connection. |
|
n0xlf join:2001-03-28 Castle Rock, CO |
n0xlf
Member
2010-Jul-30 2:51 pm
Having a public facing SMTP server is far different than one on a trusted network. Both are technically open relays, as you mention. (BTW, it wasn't behind a router - that's all part of sendmail config). Comcast used to allow (or maybe it was ATTBI) unauthenticated SMTP sessions that were simply allowed by IP, so at the time, having an open relay on a small trusted network was no biggie...
The second part of your message confuses me entirely. I do run my own relay, but the 3000 messages/day are incoming, which has nothing to do with "..technically all sent messages", RFCs, or "...sending a boat load of email". Incoming is incoming...It comes in on port 25, gets processed, and sits there. Beyond that, 3000 messages is nothing as far as BW is concerned.
In any case, the goal of my message was to point out a few other cases that may have not been considered for port 25 blocking. Comcast has traditionally been very tolerant of low bandwidth servers on residential connections, as evidenced by their lack of port blocking and scanning. The exception to this is port 25, which is an automated process for blocking. Obviously they still reserve the right to change their stance on enforcement at any time based on the AUP. They are far more concerned with bandwidth usage (server or not) on residential connections, as they should be... |
|
beachintechThere's sand in my tool bag Premium Member join:2008-01-06 |
I believe port 25 blocking is more about curbing spam more than bandwidth. 3000 messages is thousands of times more than a normal residential user will send on average. |
|
n0xlf join:2001-03-28 Castle Rock, CO |
n0xlf
Member
2010-Jul-30 3:06 pm
That's exactly what it's for...Again, the 3000 messages is received, not sent... |
|
NormanSI gave her time to steal my mind away MVM join:2001-02-14 San Jose, CA TP-Link TD-8616 Asus RT-AC66U B1 Netgear FR114P
|
to beachintech
Poster says he is RECEIVING 3,000 messages per day, not sending them. I was receiving close to that on one Yahoo! account, due to receiving "bounces" to spam sent as "from" that Yahoo! email address; even though I was not the sender (the email address was forged by the spammer). |
|
|
to n0xlf
It seems very obvious to me that an APC SmartUPS which sends self-test emails once a week (1 that the test started, then shortly after 1 that the test completed ok or not) was "way too much" email, such that it triggers the SMTP block on Comcast connections.
...this has happened to me at about 20+ customers...
As such, I prefer to follow the rule of thumb that you shouldn't rely on port 25 on Comcast for any reason, because they can/will shut it off on a whim :-/
My solution in these cases is to setup a local SMTP server that uses gmail as the smarthost, therefor mail goes out over the more reliable port 587 or 465 |
|
|
to n0xlf
Just because the binfile doesn't say pwboost or pb in the name doesn't mean it isn't configured with burst enabled. I can look at one of the tb25 bin files tomorrow and find out for sure if burst is enabled on it. |
|
netcool Premium Member join:2008-11-05 Englewood, CO |
to n0xlf
said by n0xlf:In any case, that's a bit more info on port 25 blocks...Another bad thing I noticed, which could have changed, is that the TP-25 configs (port 25 blocks) did not have powerboost, so there was additional incentive to not have a TP-25 config... That could have been the case back then but the config files have changed to point at service class name on the CMTS now. So PB should be enabled on all tb25 bootfiles since that change. |
|
camperjust visiting this planet Premium Member join:2010-03-21 Bethel, CT |
to lordie
I received this letter from Comcast. I can't see how I have a virus as all my PCs are well maintained... In my opinion, the allegations in the letter from Comcast are likely to be bogus. I also received such a letter saying, that due to the large number of outbound port 25 connections, Comcast was blocking port 25. My firewall logs every outbound port 25 connection, so I knew exactly how many outbound port 25 connections I generated. When I told Comcast of the quantity, they said that it was not enough to cause their software to flag my port 25 connections. Whatever means Comcast uses to determine if your PC is infected, their method can generate false positives. |
|
n0xlf join:2001-03-28 Castle Rock, CO |
to lordie
Netcool, glad to hear that has changed (not that I have to worry about it anymore on BC)...
On a side note, any chance we'll be seeing PB on BC service, like we had discussed in the past? |
|
MalibuMaxx Premium Member join:2007-02-06 Chesterton, IN |
to lordie
meh I was blocked about id say 7-9 months ago... I am a computer technician and even though I have 8-10 computers including virtual machines I know I am not infected as they claim. I dont use port 25... I run antivirus and make sure all is up to date on them... and run scans habitually... as well as reinstall OS's like mad... so I can't see me even remotely using port 25... I was using outlook for a while on my laptop but since ditched it in favor of webmail... Either way when I was on outlook i was using a different port... I think they just eventually block you no matter what because they dont want a res account running any mail servers period... Its just my take on it. |
|
|
ksg to lordie
Anon
2010-Aug-3 4:39 pm
to lordie
If you don't want to resort to webmail, you can always run a virtual SMTP server that appears to Outlook (or whatever client you're using) to be an SMTP server, but communicates to a real SMTP server on a different port. My company's Loa PowerTools, for example, uses Port 443, the https port. |
|
|
Inbound25off to lordie
Anon
2010-Aug-11 12:06 am
to lordie
|
|
EGThe wings of love Premium Member join:2006-11-18 Union, NJ |
EG
Premium Member
2010-Aug-11 1:00 am
Sometimes.. It's worth a try to plea your case with their security division. |
|
|
to lordie
About a year or two ago, I suddenly couldn't send email. No explanation, no nothing if I recall correctly. After calling Comcast to find out what was going on, they told me I had to contact the abuse dept. I contacted them and that was about as useful as taking a whiz into the wind. They had locked down my access to the comcast smtp server, the only reason they would give is "Someone had accused me of spamming them."
Wouldn't give me any information beyond that. No dates, times, addresses, frequency, etc. No opportunity to defend myself, no information to know if I've been compromised (Easy to tell if its a single spam message or thousands). You know, sometimes a little information is useful. And there are ways to provide information without breaking privacy or releasing know how of actual transgressions. |
|