dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
10437

lordie
been there, done that..
join:2001-11-13
Sunnyvale, CA

lordie

Member

Comcast blocked port 25 (SMTP)???

I received this letter from Comcast. I can't see how I have a virus as all my PCs are well maintained, updated, and have teh latest n greatest virus checking SW on them..
None of my PCs use SMTP to send mail so I don;t really care that they blocked that port, but I wonder if they could be wrong, or I do have a virus spamming the world..
Customer Security Assurance Notice

Dear Comcast Customer:

Action Taken:
In an effort to help prevent spam and ensure the security of our network and customers, Comcast has modified your modem’s settings to prevent the sending of email on port 25. That is the default port email programs such as Outlook Express use to send email. We’ve taken this action because we may have detected virus-like activity from your modem or received reports from other email providers that mail from your modem generated complaints from their users. Please read this message to understand how this action may impact your ability to send email and what you should do next.

Comcast Webmail Users:
If you use a web browser to access your Comcast.net email, this action will not affect your ability to send or receive e-mail. This action also does not affect any non-Comcast webmail services.

Email Program Users (Outlook Express, Outlook, MacMail, etc.):
If you use an email program, this action will disable your program’s ability to send email until you change your email program settings to send email on port 587. Port 587 uses authentication and is an industry-recommended alternative to port 25. If you use Outlook Express and Comcast.net email, Comcast has provided a simple one click fix for you to use with Internet Explorer. If you use another email program such as MacMail, Eudora, or Thunderbird, please visit our client page for information on how to change the settings for sending email in your email program.

If you are not using Comcast.net email and use another email provider, please contact your provider for its recommended port settings. Most email providers offer an alternative to port 25 for sending email.

All Users:
To help protect your security and privacy, it is important to regularly check for and remove any possible viruses from your computer. You can do this using the comprehensive security suite available from Comcast to subscribers at no additional charge or by using other popular antivirus solutions that are widely available. In addition, Comcast recommends that you secure any wireless network in the home and that the operating systems on your computers be updated regularly with the latest security enhancements. Please visit the Comcast.net security channel for more information and tips on how to enjoy a safe and secure online experience.

If you have additional questions please visit www.comcast.net/help.

Thank you for choosing Comcast!

Sincerely,

Comcast Customer Security Assurance


L Supreme
Premium Member
join:2004-06-05
Lowell, MA

L Supreme

Premium Member

Someone could have hacked into your network & is spamming on port 25.
supergeeky
join:2003-05-09
United State

supergeeky to lordie

Member

to lordie
Is your Comcast connection really your own account?

I have come across (more than once, sadly) where another "ISP/telco" was essentially reselling a Comcast business account, meaning they put a Comcast modem in the basement of a building, with a switch, then gave different companies in the building their own "dedicated" Ethernet run that went back to that switch, they also "gave" each tenant who signed up for "their" service one of the static IP's from the Comcast account. Another company in the building was spamming, and thus Comcast blocked port 25 for all the IPs on the account.

I'd suggest you contact Comcast and have them help you. They may just turn it back on without asking allot of questions.

lordie
been there, done that..
join:2001-11-13
Sunnyvale, CA

lordie

Member

said by supergeeky:

Is your Comcast connection really your own account?

I have come across (more than once, sadly) where another "ISP/telco" was essentially reselling a Comcast business account, meaning they put a Comcast modem in the basement of a building, with a switch, then gave different companies in the building their own "dedicated" Ethernet run that went back to that switch, they also "gave" each tenant who signed up for "their" service one of the static IP's from the Comcast account. Another company in the building was spamming, and thus Comcast blocked port 25 for all the IPs on the account.

I'd suggest you contact Comcast and have them help you. They may just turn it back on without asking allot of questions.
Yes, it is my own, in my house, no other user on that Modem.
I don't mind if port 25 is blocked. I do not use Comcast's SMTP service anyway and I access all my email accounts vial webmail (gmail).. Or use my email's provider secure SMTP server via another port.

beachintech
There's sand in my tool bag
Premium Member
join:2008-01-06

beachintech

Premium Member

It could be a false positive, but I doubt it.

Something on your network / PC's is sending messages out at a high rate. It takes a good bit for that to be triggered.
supergeeky
join:2003-05-09
United State

supergeeky to lordie

Member

to lordie
I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... in which case, perhaps the letter is in error?

netcool
Premium Member
join:2008-11-05
Englewood, CO

netcool

Premium Member

said by supergeeky:

I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... in which case, perhaps the letter is in error?
It's not blocked by default:

»customer.comcast.com/Pag ··· Internet

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

1 edit

EG to supergeeky

Premium Member

to supergeeky
said by supergeeky:

I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed...
Disagree ! I've known many people that are Comcast subs and also have read many posts on various forums and I've never seen a pattern or any evidence to indicate/prove your assertion. I have been a CC residential subscriber for nine years myself and port 25 always was and still is open and active here..

Khaos
-K-OS-
Premium Member
join:2007-03-12
West Palm Beach, FL

Khaos to lordie

Premium Member

to lordie
I've also seen the letter sent when the CM's Mac is spoofed somewhere else and they are spamming on port 25. The MAC comes up on 2 different cmts. I would swap that modem to be on the safe side.

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu to lordie

MVM

to lordie
To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details:

»[Spam] Comcast reporting spam from my IP

lordie
been there, done that..
join:2001-11-13
Sunnyvale, CA

lordie

Member

said by koitsu:

To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details:

»[Spam] Comcast reporting spam from my IP
Thanks for sharing your experience with them. It is good to know that when I get such a letter from Comcast it does not necessarily mean that I was abusing sendmail, and it could have been a Comcast brain fart...

Since nothing in my network uses SMTP at all, I can't see how I would be sending spam. And since I do not use SMTP, I don't care if they block port 25.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to supergeeky

MVM

to supergeeky
said by supergeeky:

I've found that port 25 is always blocked on Comcast residential accounts - only on the business accounts is it allowed... in which case, perhaps the letter is in error?
I've tested from my sister's Comcast connection in Oregon, from time to time, and never found their connection to have a port 25 block. Per their own policy, Comcast only blocks port 25 out on a case-by-case basis.

n0xlf
join:2001-03-28
Castle Rock, CO

1 edit

n0xlf to koitsu

Member

to koitsu
said by koitsu:

To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details:

»[Spam] Comcast reporting spam from my IP
Koitsu, I read through your thread and may know why you got blocked, since I faced a similar situation and eventually was forced to business class because of the port 25 blocks. I was never spamming (well, mostly, keep reading), but I learned two things (after being unblocked by abuse about 6 times, after which they completely refused).

First, if you aren't authenticating to your own internal mail server, they flag it as spam, assuming that you have an open relay. I'm not as familiar with postfix as a I am sendmail, but in the sendmail case, not authenticating to it locally and then using smtp.comcast.net as a smarthost (even if you are authenticating to their smtp) was apparently carrying enough header info from the unauth'd sendmail session to their smtp to indicate an open relay (which it wasn't - I had it restricted to the LAN). I figured this one out after certain messages weren't getting delivered, which is when I also learned that they do spam filtering on smtp as well.

Second, and this doesn't sound like your case (but was mine), they monitor volume of port 25 traffic, even if it's incoming. My server is/was processing about 3k messages/day, so I obviously had a lot of port 25 chatter. They don't distinguish between incoming and outgoing though, so I got dinged there as well.

And last, there was one unintentional case where I was "spamming", and that was when one of my users had set up a .forward - That forward was being processed by procmail before spamassassin could look at anything, thus I ended up "spamming" the spam message to their forwarded email, and as stated above, their smtp was catching that as spam. I fixed this with sa-milter.

In any case, that's a bit more info on port 25 blocks...Another bad thing I noticed, which could have changed, is that the TP-25 configs (port 25 blocks) did not have powerboost, so there was additional incentive to not have a TP-25 config...

beachintech
There's sand in my tool bag
Premium Member
join:2008-01-06

1 edit

beachintech

Premium Member

Ok for the above poster - having a SMTP server behind a router restricted to a lan is an open relay. There's no authentication other than not being accessible to the outside. Still open to your lan, so it's still technically an open relay.

No traffic is incoming on port 25 (unless you have a relay, which is still technically all sent messages), that would violate standards and the RFC's. So if you are processing 3000 messages a day, you are sending a boat load of email that should not be coming from a residential connection.

n0xlf
join:2001-03-28
Castle Rock, CO

n0xlf

Member

Having a public facing SMTP server is far different than one on a trusted network. Both are technically open relays, as you mention. (BTW, it wasn't behind a router - that's all part of sendmail config). Comcast used to allow (or maybe it was ATTBI) unauthenticated SMTP sessions that were simply allowed by IP, so at the time, having an open relay on a small trusted network was no biggie...

The second part of your message confuses me entirely. I do run my own relay, but the 3000 messages/day are incoming, which has nothing to do with "..technically all sent messages", RFCs, or "...sending a boat load of email". Incoming is incoming...It comes in on port 25, gets processed, and sits there. Beyond that, 3000 messages is nothing as far as BW is concerned.

In any case, the goal of my message was to point out a few other cases that may have not been considered for port 25 blocking. Comcast has traditionally been very tolerant of low bandwidth servers on residential connections, as evidenced by their lack of port blocking and scanning. The exception to this is port 25, which is an automated process for blocking. Obviously they still reserve the right to change their stance on enforcement at any time based on the AUP. They are far more concerned with bandwidth usage (server or not) on residential connections, as they should be...

beachintech
There's sand in my tool bag
Premium Member
join:2008-01-06

beachintech

Premium Member

I believe port 25 blocking is more about curbing spam more than bandwidth. 3000 messages is thousands of times more than a normal residential user will send on average.

n0xlf
join:2001-03-28
Castle Rock, CO

n0xlf

Member

That's exactly what it's for...Again, the 3000 messages is received, not sent...

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to beachintech

MVM

to beachintech
Poster says he is RECEIVING 3,000 messages per day, not sending them. I was receiving close to that on one Yahoo! account, due to receiving "bounces" to spam sent as "from" that Yahoo! email address; even though I was not the sender (the email address was forged by the spammer).
supergeeky
join:2003-05-09
United State

supergeeky to n0xlf

Member

to n0xlf
It seems very obvious to me that an APC SmartUPS which sends self-test emails once a week (1 that the test started, then shortly after 1 that the test completed ok or not) was "way too much" email, such that it triggers the SMTP block on Comcast connections.

...this has happened to me at about 20+ customers...

As such, I prefer to follow the rule of thumb that you shouldn't rely on port 25 on Comcast for any reason, because they can/will shut it off on a whim :-/

My solution in these cases is to setup a local SMTP server that uses gmail as the smarthost, therefor mail goes out over the more reliable port 587 or 465
noisefloor
join:2010-05-09

noisefloor to n0xlf

Member

to n0xlf
Just because the binfile doesn't say pwboost or pb in the name doesn't mean it isn't configured with burst enabled. I can look at one of the tb25 bin files tomorrow and find out for sure if burst is enabled on it.

netcool
Premium Member
join:2008-11-05
Englewood, CO

netcool to n0xlf

Premium Member

to n0xlf
said by n0xlf:

In any case, that's a bit more info on port 25 blocks...Another bad thing I noticed, which could have changed, is that the TP-25 configs (port 25 blocks) did not have powerboost, so there was additional incentive to not have a TP-25 config...
That could have been the case back then but the config files have changed to point at service class name on the CMTS now. So PB should be enabled on all tb25 bootfiles since that change.

camper
just visiting this planet
Premium Member
join:2010-03-21
Bethel, CT

camper to lordie

Premium Member

to lordie
I received this letter from Comcast. I can't see how I have a virus as all my PCs are well maintained...
In my opinion, the allegations in the letter from Comcast are likely to be bogus. I also received such a letter saying, that due to the large number of outbound port 25 connections, Comcast was blocking port 25.

My firewall logs every outbound port 25 connection, so I knew exactly how many outbound port 25 connections I generated. When I told Comcast of the quantity, they said that it was not enough to cause their software to flag my port 25 connections.

Whatever means Comcast uses to determine if your PC is infected, their method can generate false positives.


n0xlf
join:2001-03-28
Castle Rock, CO

n0xlf to lordie

Member

to lordie
Netcool, glad to hear that has changed (not that I have to worry about it anymore on BC)...

On a side note, any chance we'll be seeing PB on BC service, like we had discussed in the past?

MalibuMaxx
Premium Member
join:2007-02-06
Chesterton, IN

MalibuMaxx to lordie

Premium Member

to lordie
meh I was blocked about id say 7-9 months ago... I am a computer technician and even though I have 8-10 computers including virtual machines I know I am not infected as they claim. I dont use port 25... I run antivirus and make sure all is up to date on them... and run scans habitually... as well as reinstall OS's like mad... so I can't see me even remotely using port 25... I was using outlook for a while on my laptop but since ditched it in favor of webmail... Either way when I was on outlook i was using a different port... I think they just eventually block you no matter what because they dont want a res account running any mail servers period... Its just my take on it.

ksg
@rogers.com

ksg to lordie

Anon

to lordie
If you don't want to resort to webmail, you can always run a virtual SMTP server that appears to Outlook (or whatever client you're using) to be an SMTP server, but communicates to a real SMTP server on a different port. My company's Loa PowerTools, for example, uses Port 443, the https port.

Inbound25off
@comcast.net

Inbound25off to lordie

Anon

to lordie
The question is, will comcast 'unblock' inbound port 25 for a residential customer? Has anyone had any luck with this? If so, how?

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

EG

Premium Member

said by Inbound25off :

The question is, will comcast 'unblock' inbound port 25 for a residential customer? Has anyone had any luck with this? If so, how?
Sometimes.. It's worth a try to plea your case with their security division.
KookyMan
join:2001-09-09
Clio, MI

KookyMan to lordie

Member

to lordie
About a year or two ago, I suddenly couldn't send email. No explanation, no nothing if I recall correctly. After calling Comcast to find out what was going on, they told me I had to contact the abuse dept. I contacted them and that was about as useful as taking a whiz into the wind. They had locked down my access to the comcast smtp server, the only reason they would give is "Someone had accused me of spamming them."

Wouldn't give me any information beyond that. No dates, times, addresses, frequency, etc. No opportunity to defend myself, no information to know if I've been compromised (Easy to tell if its a single spam message or thousands). You know, sometimes a little information is useful. And there are ways to provide information without breaking privacy or releasing know how of actual transgressions.