 
Smokey
I'm so much cooler offline
Premium
join:2003-05-20
Va Beach
clubs: | Be honest!! If you are going to block it, at least be upfront about it.
--
TEAM USA!! | |
|  | 
kharri1073
join:2001-03-22
Englishtown, NJ | Re: Be honest!! yea just happened to me the other day, i was in the dark as to why i couldnt access my 1and1 account... | |
| | 
lazarus_
join:2002-08-31
Resolute, NU
edit:
August 23rd, @10:11AM
| Why block 25 inbound? | |
| | | 
IhatemyISP
MM3 Corbski
Premium
join:2003-01-27
Goose Creek, SC | Re: Be honest!! said by lazarus_  :
Why block 25 inbound?
To block open relay servers. | |
| | | | | | Shady Bimmer
Premium
join:2001-12-03
Northport, NY
clubs:
| said by lazarus_ :
Why block 25 inbound?
•It is (and has always been) a violation of the TOS
•It helps contain access to open-relays to within OOL netblocks, preventing use from outside OOL.
•Combined with forced use of OOL's mail relays for outbound SMTP helps OOL identify both Spam sources as well as those running SMTP servers as open-relays. | |
| | apd111psu
join:2004-08-25
Hoboken, NJ
edit:
August 25th, @12:59PM
| Ah nevermind, I wish they would open up inbound port 25 atleast. | |
| | rkris2000
join:2004-08-30
Rochester, NY | I use : smtpport.com . So far no compaints! It'll take a random high port to a lower port on any server you choose.
-Rob | |
|
IhatemyISP
MM3 Corbski
Premium
join:2003-01-27
Goose Creek, SC | Want cheese with that whine? Oh boo hoo.
Just about every major ISP is blocking port 25.
It's the norm.
Cry me a river. | |
| | lesopp
join:2001-06-27
Land O Lakes, FL
| Re: Want cheese with that whine? After hearing all the bragging about speed, a little whining will provide some balance. Although smtp is now blocked I am sure it happening much faster.
Welcome to the real world OOL users, sorry to hear your service provider is becoming more like ours. | |
| 
jaa
Premium,MVM
join:2000-06-13
New Canaan, CT
 ·Vonage
 ·Optimum Online
| Any restriction is a service downgrade Any additional restriction a provider places on a service is a downgrade. The only question is how important that downgrade is to a particular subscriber.
Inbound port 25 blocking only affects users running their own mail servers - which OOL already prohibits.
Outbound port 25 blocking only affects those who use an external smtp server, which is probably a small percentage. Of those, most can either switch to use the OOL smtp server, or use an alternate port for their mail server.
Those who are most affected may leave for another service. Unfortunately, they may have a hard time finding a provider who does not block port 25, or worse, switch to another provider just to find they start blocking port 25.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. | |
| | 
Plasticman
Will Work For Bandwidth
Premium
join:2002-09-06
Harrisville, RI
clubs: | Re: Any restriction is a service downgrade Well if they want to have access to port 25. Then they should see about upgrading to a SOHO account.......
Plasticman | |
| | |
jaa
Premium,MVM
join:2000-06-13
New Canaan, CT
·Vonage
·Optimum Online
| Re: Any restriction is a service downgrade They do not need to upgrade to SOHO. They can just use an alternate port. My hosting company provides and alternate port. 1and1 provides an alternate port.
I just don't see why this is an issue. The problem is that port 25 has 2 uses: mail server to server transfer, and mail client to server transfer. Should have been using two different ports from the beginning.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. | |
| | | | | | 
reub2000
Premium
join:2001-12-28
Evanston, IL | They can switch to DSL. I know speakeasy advertises that they don't block ports. | |
| | | kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| Re: Any restriction is a service downgrade said by reub2000 :
They can switch to DSL. I know speakeasy advertises that they don't block ports.
Not everyone can get DSL, or Speakeasy. I for one would love to see cable and DSL providers offer a "Power User" tier that allows servers (at least to an extent) and no port blocking, at maybe $5-10 higher than the standard residential service. Then those of us who want or need to use email servers other than the ISP's have a choice.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. | |
| | | | | | | | | | | | | | Shady Bimmer
Premium
join:2001-12-03
Northport, NY
clubs:
| said by wolfox :
If anything, it would cost $LESS$. Think about it - without having to monitor, wave a big stick over your Internet experience, etc. Just leaving you alone does not cost any more dough...
Except for one gaping hole - what would stop a spammer/abuser from spending an extra few bucks and continue their abuse? If it were really that easy OOL could lower their costs for a higher net profit.
Business service is OOL's answer. No it is not cheap, but it provides a static IP that the subscriber can't change making it very easy to identify, track, and ultimately prevent abusers. Unfortunately providing the level of service BOOL offers incurrs additional costs, resulting in a higher subscription rate. | |
| | | | | | budke
join:2003-07-22
Rye, NY
| Re: Any restriction is a service downgrade That's nice, but OOL doesn't offer static IPs (yet, but don't rule in out in the infinite future acording to them). They also do other filtering other than port 25 (inbound 53 for one, and the general inability to do srcprt 53 work. I'm sure there are others, but $40 more a month for the ability to send mail out on 25 and run a backup server on 25 on optonline isn't worth the price. | |
| | | | | 
Wildcards2000
@washdctt.d
| Punish everyone else because of a few people So cable companies are going to punish everyone else because of a few bad apples? Why not monitor the layer 2 and block the MAC if the person is sending 100 email through port 25 in a 24hrs period? This is very easy to do. I fact that is what I do with my company's firewall. If we get hit with email viruses, I can tell where it's comes from and block it at the firewall. Come on people, start thinking out of the box!! | |
| | 
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Re: Punish everyone else because of a few people said by Wildcards2000:
So cable companies are going to punish everyone else because of a few bad apples? Why not monitor the layer 2 and block the MAC if the person is sending 100 email through port 25 in a 24hrs period? This is very easy to do. I fact that is what I do with my company's firewall. If we get hit with email viruses, I can tell where it's comes from and block it at the firewall. Come on people, start thinking out of the box!!
That may be very easy for you to do, but it's not the simplest thing when you have millions of customers. Your company's pf box or Cisco probably doesn't scale that high.
--
Jimmysquid.com - I take pictures. | |
| | |
Wildcards2000
@washdctt.d
| Re: Punish everyone else because of a few people "That may be very easy for you to do, but it's not the simplest thing when you have millions of customers."
It's very easy to do. It doesn't matter how many people you have.  | |
| | | |
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Re: Punish everyone else because of a few people said by Wildcards2000:
It's very easy to do. It doesn't matter how many people you have.
No, it really isn't. Your solution, whatever it may be, probably doesn't scale.
--
Jimmysquid.com - I take pictures. | |
| | | | Shady Bimmer
Premium
join:2001-12-03
Northport, NY
clubs:
| said by Wildcards2000:
"That may be very easy for you to do, but it's not the simplest thing when you have millions of customers."
It's very easy to do. It doesn't matter how many people you have.
No, it is not very easy to do.
DOCSIS 1.1 specifically prohibits this being done at the CM or CMTS for "outbound" traffic. Once traffic passes through the CMTS, layer 2 information changes. So, it really isn't easy to do at all.
Now, DOCSIS 1.1 does require compliant cable modems to support a minimum of 16 IP filters. The problem then becomes identifying offenders, which is where forcing the use of OOL's own mail relays comes in.
If you don't understand the technology you can't make assumptions about it. Data Over Cable isn't even close to your corporate ethernet network. | |
| | | 
visio
join:2001-08-29
Clifton, NJ | If CV/OOL has the ability to cap a specific user, after their systems determine that specific user is 'abusing' upload bandwidth, im sure they have the ability to track specific users who are mass-mailing out of port 25. | |
| | | | Shady Bimmer
Premium
join:2001-12-03
Northport, NY
clubs:
edit:
August 23rd, @09:22PM
| Re: Punish everyone else because of a few people said by visio :
If CV/OOL has the ability to cap a specific user, after their systems determine that specific user is 'abusing' upload bandwidth, im sure they have the ability to track specific users who are mass-mailing out of port 25.
Not quite.
DOCSIS 1.1 compliant cable modems (OOL uses these) must support QOS, including maximum bandwidth and burst rates.
DOCSIS 1.1 also specifically states that compliant cable modems must not apply LLC filters "outbound".
In other words, caps are applied at the individual cable modems (easy to do), but MAC filtering can not be. | |
| |
jaa
Premium,MVM
join:2000-06-13
New Canaan, CT | It is not punishment. They should just use a port different than 25 - is that too much to ask? | |
| | 
Jeremy341
Bye
Premium
join:2000-01-06
localhost
| said by Wildcards2000:
Why not monitor the layer 2 and block the MAC if the person is sending 100 email through port 25 in a 24hrs period?
My ISP does something similar. If they detect a large amount of outgoing mail, the modem's configuration file is changed to one that blocks outbound e-mail, and the modem is rebooted. That way, the customer loses all access to e-mail, and has to call in. Then when they call in, they're told why they're blocked, and that they need to clean up their system. | |
| |
NeilB
@152.119.x.x
| I am the league webmaster for a local youth baseball leauge and I probably have around 1,100 email addresses that we use to communicate to parents when we have something important to say (Spring and Fall Registrations, all fields are closed because of rain, etc.).
It has become almost impossible for me to communicate with parents because ISP's have restricted things down so much. I've contacted the ISP's directly to let them know that I'm sending 1,100 emails with permission, but to no avail. Unfortunately, it's the kids (and their parents) that get hurt because of these restrictions... | |
| | |
See 18 replies to this post | |
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
clubs:
 ·Site5.com
 ·AT&T Midwest
·Comcast
| Blame the morons who don't secure their systems As much as I want to blame the ISP, this isn't their fault. The problem is the fact that the common users don't secure their systems. Then, when thousands of zombied PCs are spamming the general population, you hear a lot of tough talk coming from the people here. Shut down their internet access! Do something to stop the flow of spam! Well, when they do something about it, everyone bitches.
To be honest, it is easier to do a blanket block of port 25. The simple fact of the matter is that there are people out there that run their own mail servers and don't secure them. These wannabe administrators make a bad name for those of us who take security seriously. It is a couple bad apples that will ruin it for the rest of us.
As a rule, I would close down port 25, 80, and other ports that cause problems as default. If a user wanted those open, I would make sure they signed a waiver stating if their system was comprimised, their access would be shut off at a moments notice. That way, security pros would make sure to keep up with the patches, while those morons who don't take it seriously would have no access and LEARN how to patch when their access gets shut off.
I know, it is a pretty basic plan, but it is a shame that some of these ISPs don't come up with a similar plan.
--
My Domain
Nightfall's Hockey and Life Journal | |
| hedyd4u
Premium
join:2003-12-16
Schenectady, NY
| Restrictions are the norm today Every time someone gets hurt or is unhappy the solution is to place a blanket law or restriction on the whole. And little by little all freedom will be lost. Use another port and it will soon be blocked too.
Do this don't do that can't you read the sign. | |
| |
See 14 replies to this post | |
kd6cae
P2p Shouldn't Be A Crime
join:2001-08-27
Palmdale, CA
·RoadRunner Cable
·DSL EXTREME
·Dreamhost
·Charter Pipeline
| users should have the choice to open blocked ports I don't mind the blocking of ports necessarily, but what I do mind is that users that want to run their own mail server for instance aren't given the choice of having port 25 open. You shouldn't have to change a port that a server runs on just because of a few people! I actually wouldn't feel to strongly on this if it were any other service such as web or FTP for instance, but as I mentioned in an earlier thread not long ago, the way email works is like this. If I send a message to my friends mail server which BTW I can no longer do, the mail server I send through looks for the MX record for the domain to which the message is destined for. The MX record shows the IP address of the mail server that is to receive incomming messages for the domain. Nowhere in the MX record does it say what port on the server it is to connect to! This is because all servers know that they are to connect to port 25 on the MX host! for a time a couple years back I ran my own mail server because my ISP's mail server was awful and would either never deliver messages I sent, or I'd email someone about plans for something we were gonna do that day, and they'd receive the message 3 days later! when I ran my own mail server, mail always got where it was suppose to when it was suppose to, 100 percent of the time! So although my friend could change the port his SMTP server listens on, that would only allow me to send outgoing mail from his domain, but anyone wanting to send mail to my friend? Well their messages would never ever get to his server! They should be punishing the users of zombies, not everyone, I mean if that's how IsP's what to handle things and they don't want us running our own servers where we have control of what's going on with our servers instead of them, just block globally ports 1-65535 at the ISP, and I garuntaee the complaints will flood in. It's the same internet whether you're on cable, DSL, a T1 or an OC12! So if an ISP wants to restrict their users and what they can do on the internet, then at least give those that want to run their own servers and those users only the chance to do so! | |
| | BosstonesOwn
join:2002-12-15
Everett, MA
clubs:
·Comcast Formerly ..
| Re: users should have the choice to open blocked p said by kd6cae :
I don't mind the blocking of ports necessarily, but what I do mind is that users that want to run their own mail server for instance aren't given the choice of having port 25 open. You shouldn't have to change a port that a server runs on just because of a few people! I actually wouldn't feel to strongly on this if it were any other service such as web or FTP for instance, but as I mentioned in an earlier thread not long ago, the way email works is like this. If I send a message to my friends mail server which BTW I can no longer do, the mail server I send through looks for the MX record for the domain to which the message is destined for. The MX record shows the IP address of the mail server that is to receive incomming messages for the domain. Nowhere in the MX record does it say what port on the server it is to connect to! This is because all servers know that they are to connect to port 25 on the MX host! for a time a couple years back I ran my own mail server because my ISP's mail server was awful and would either never deliver messages I sent, or I'd email someone about plans for something we were gonna do that day, and they'd receive the message 3 days later! when I ran my own mail server, mail always got where it was suppose to when it was suppose to, 100 percent of the time! So although my friend could change the port his SMTP server listens on, that would only allow me to send outgoing mail from his domain, but anyone wanting to send mail to my friend? Well their messages would never ever get to his server! They should be punishing the users of zombies, not everyone, I mean if that's how IsP's what to handle things and they don't want us running our own servers where we have control of what's going on with our servers instead of them, just block globally ports 1-65535 at the ISP, and I garuntaee the complaints will flood in. It's the same internet whether you're on cable, DSL, a T1 or an OC12! So if an ISP wants to restrict their users and what they can do on the internet, then at least give those that want to run their own servers and those users only the chance to do so!
They do it's called a business package. It's not really hard to understand. You pay the extra money for the ability to run servers. Simple.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
| | | ilvhse
join:2003-06-21
Boiceville, NY
| Re: users should have the choice to open blocked p Not everyone has the option for a business package. If your like me, and have road runner their business package cost 2 times more for about the same speed. They do offer a static i.p, But my DHCP address hasn't changed in a year. I have a speed of 3.5/384 their comparable package called "tier 4" with speeds of 4/384 is really retarded. who in their right mind pays $179/m for that? I see no point to a static i.p since you cant really upload or serve anyone with that upload crap. Anyway I think OOL has it great with incredible speeds(used OOL @ friends house). Sending a couple files to a friend (without abuse) is fast. | |
| 
Jafo232
You Can't Spell Democrat Without Rat.
Premium
join:2002-10-17
Boonville, NY | Different port, same problem If you can configure to a different port, what then has blocking port 25 actually accomplished? Nothing. | |
| | | | | | Shady Bimmer
Premium
join:2001-12-03
Northport, NY
clubs:
| said by Jafo232 :
If you can configure to a different port, what then has blocking port 25 actually accomplished? Nothing.
Actually, it accomplishes a bit.
Most providers don't allow annonymous connections to alternate ports. A form of authentication is typically required (though not always). This alone significantly reduces spam through that relay.
For servers using alternate ports for SMTP (authenticated or not) there is no standard and finding large numbers of these is difficult at best. If a spammer wants to attempt to use a single (or very few) smtp servers using unauthenticated alternate ports he'll be generating large amounts of messages throught that relay. This accomplishes the same purpose as OOL forcing users to use their own relays. Essentially, by blocking outbound port 25 OOL is preventing a large number of smtp servers from being used in a very short amount of time (a common tactic of spammers to avoid detection). | |
| hovno2002
join:2002-04-30
Hackensack, NJ
| Switching to VOL I have Verizon at my house in NH, and it works fine for me. I am going to cancel my NJ OOL service and order VOL. OOL speeds are fantastic, but I have several POP email accounts that will be affected and that is unacceptable.
OOL - you just lost another customer. I am also getting rid of my premium cable as well. See YA!!! | |
| | Shady Bimmer
Premium
join:2001-12-03
Northport, NY
clubs:
| Re: Switching to VOL said by hovno2002 :
I have several POP email accounts that will be affected and that is unacceptable.
Here we go again!
Exactly how will this affect your pop service?
OOL is not blocking POP3 (port 110) so you'll still be able to receive email with your pop client.
For sending, you should configure your client to use OOL's mail relay instead of the POP provider. You should be able to leave your "From" address (both envelope and header) unchanged and your recipients won't know the difference.
Alternatively, contact your pop providers and query them about alternate port usage. | |
| 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA |  So...
-tom | |
| jdandrea
join:2001-12-20
Basking Ridge, NJ
edit:
September 16th, @11:24AM
|  VPN no longer working, Laptop woes on the road
As of yesterday, I had to change those all to mail.optonline.net, port 25 (default), no authentication. For my wife's desktop that's just fine. It's not going anywhere.
But my laptop does. Since there's no authentication on mail.optonline.net, I'm guessing they only allow connection from folks ON optonline's network. If that's true, I'm guessing I'll now have to change the profile for every account back-and-forth between optonline.net and the actual SMTP servers!
[update: that is true - at least from my tests, I can't connect to mail.optonline.net port 25 from outside of Optimum Online.]
What's more, I can no longer connect to my VPN, which requires port 500 (send AND receive), and one of port 4500 (standard for NAT traversal) and 10001. Right now, I am unable to connect to port 500, with the same symptoms as trying to connect to any SMTP port. (Eventual timeout.)
[update: Optimum Online support claims that port 500 outbound is not being blocked, but they did observe that I've got AT&T CallVantage via a D-Link box, so they suggested I take that out of the loop and see if everything works again. It's possible that the D-Link firmware was just upgraded, but that sort of timing would be incredibly uncanny, no?]
Is there some way to at least get an exception for VPN access? (VPNs are not always used for business either!) Also, for SMTP, will I be able to connect to mail.optonline.net using some form of authentication so I don't have to keep changing all my settings every time I travel and then come back home?
Reading Optimum Online's official statement, I'm at a loss as to why "Business" customers are not subjected to the same limitations. Their computers are surely no less vulnerable to attacks than "Consumer" systems, right? | |
| | | |
|
|
Optimum Port Blocking
