dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
11
share rss forum feed


n0xlf

join:2001-03-28
Castle Rock, CO
kudos:1

1 edit
reply to koitsu

Re: Comcast blocked port 25 (SMTP)???

said by koitsu:

To the OP: I've been down this road already. You won't get any answers from Comcast regarding technical details (timestamps, logs, or anything useful). Here's my story, with extensive technical details:

»[Spam] Comcast reporting spam from my IP
Koitsu, I read through your thread and may know why you got blocked, since I faced a similar situation and eventually was forced to business class because of the port 25 blocks. I was never spamming (well, mostly, keep reading), but I learned two things (after being unblocked by abuse about 6 times, after which they completely refused).

First, if you aren't authenticating to your own internal mail server, they flag it as spam, assuming that you have an open relay. I'm not as familiar with postfix as a I am sendmail, but in the sendmail case, not authenticating to it locally and then using smtp.comcast.net as a smarthost (even if you are authenticating to their smtp) was apparently carrying enough header info from the unauth'd sendmail session to their smtp to indicate an open relay (which it wasn't - I had it restricted to the LAN). I figured this one out after certain messages weren't getting delivered, which is when I also learned that they do spam filtering on smtp as well.

Second, and this doesn't sound like your case (but was mine), they monitor volume of port 25 traffic, even if it's incoming. My server is/was processing about 3k messages/day, so I obviously had a lot of port 25 chatter. They don't distinguish between incoming and outgoing though, so I got dinged there as well.

And last, there was one unintentional case where I was "spamming", and that was when one of my users had set up a .forward - That forward was being processed by procmail before spamassassin could look at anything, thus I ended up "spamming" the spam message to their forwarded email, and as stated above, their smtp was catching that as spam. I fixed this with sa-milter.

In any case, that's a bit more info on port 25 blocks...Another bad thing I noticed, which could have changed, is that the TP-25 configs (port 25 blocks) did not have powerboost, so there was additional incentive to not have a TP-25 config...


beachintech
There's sand in my tool bag
Premium
join:2008-01-06
kudos:5

1 edit
Ok for the above poster - having a SMTP server behind a router restricted to a lan is an open relay. There's no authentication other than not being accessible to the outside. Still open to your lan, so it's still technically an open relay.

No traffic is incoming on port 25 (unless you have a relay, which is still technically all sent messages), that would violate standards and the RFC's. So if you are processing 3000 messages a day, you are sending a boat load of email that should not be coming from a residential connection.
--
Tech at the Beach.
I speak for myself, not my employer.


n0xlf

join:2001-03-28
Castle Rock, CO
kudos:1
Having a public facing SMTP server is far different than one on a trusted network. Both are technically open relays, as you mention. (BTW, it wasn't behind a router - that's all part of sendmail config). Comcast used to allow (or maybe it was ATTBI) unauthenticated SMTP sessions that were simply allowed by IP, so at the time, having an open relay on a small trusted network was no biggie...

The second part of your message confuses me entirely. I do run my own relay, but the 3000 messages/day are incoming, which has nothing to do with "..technically all sent messages", RFCs, or "...sending a boat load of email". Incoming is incoming...It comes in on port 25, gets processed, and sits there. Beyond that, 3000 messages is nothing as far as BW is concerned.

In any case, the goal of my message was to point out a few other cases that may have not been considered for port 25 blocking. Comcast has traditionally been very tolerant of low bandwidth servers on residential connections, as evidenced by their lack of port blocking and scanning. The exception to this is port 25, which is an automated process for blocking. Obviously they still reserve the right to change their stance on enforcement at any time based on the AUP. They are far more concerned with bandwidth usage (server or not) on residential connections, as they should be...


beachintech
There's sand in my tool bag
Premium
join:2008-01-06
kudos:5
I believe port 25 blocking is more about curbing spam more than bandwidth. 3000 messages is thousands of times more than a normal residential user will send on average.
--
Tech at the Beach.
I speak for myself, not my employer.


n0xlf

join:2001-03-28
Castle Rock, CO
kudos:1
That's exactly what it's for...Again, the 3000 messages is received, not sent...


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to beachintech
Poster says he is RECEIVING 3,000 messages per day, not sending them. I was receiving close to that on one Yahoo! account, due to receiving "bounces" to spam sent as "from" that Yahoo! email address; even though I was not the sender (the email address was forged by the spammer).
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

supergeeky

join:2003-05-09
United State
kudos:3
reply to n0xlf
It seems very obvious to me that an APC SmartUPS which sends self-test emails once a week (1 that the test started, then shortly after 1 that the test completed ok or not) was "way too much" email, such that it triggers the SMTP block on Comcast connections.

...this has happened to me at about 20+ customers...

As such, I prefer to follow the rule of thumb that you shouldn't rely on port 25 on Comcast for any reason, because they can/will shut it off on a whim :-/

My solution in these cases is to setup a local SMTP server that uses gmail as the smarthost, therefor mail goes out over the more reliable port 587 or 465

noisefloor

join:2010-05-09
reply to n0xlf
Just because the binfile doesn't say pwboost or pb in the name doesn't mean it isn't configured with burst enabled. I can look at one of the tb25 bin files tomorrow and find out for sure if burst is enabled on it.


netcool
Premium,VIP
join:2008-11-05
Englewood, CO
kudos:109
reply to n0xlf
said by n0xlf:

In any case, that's a bit more info on port 25 blocks...Another bad thing I noticed, which could have changed, is that the TP-25 configs (port 25 blocks) did not have powerboost, so there was additional incentive to not have a TP-25 config...
That could have been the case back then but the config files have changed to point at service class name on the CMTS now. So PB should be enabled on all tb25 bootfiles since that change.