mindsuck asks:
"As of this Wednesday, my ISP blocked my port 25, leaving my mailserver useless to the outside world as a consequence of spammers and their nasty worms. So I decided to ask the nice people of Slashdot. What can I do now to restore my smtp service, besides changing ISPs, is there a obscure way to run a mailserver off a non-standard port? What about services similar to those provided by dyndns.org for this kind of situations? Pros and Cons of using this services? Should I move my MX to a more 'stable' server than my homegrown one?" This topic was last touched upon in
this article, from 2002. It's been over a year since SMTP blocks have become commonplace. Have you noticed a slowdown in your SPAM? Are ISP SMTP blocks really helping the problem?
Updated: It looks like Charter is also blocking SMTP. Might there be a way to work with your ISP to get them to unblock port 25 for you, if you can sufficiently satisfy them that you are not a spammer?
Krondor wrote in with a similar query: "Charter Communications (in my area) has blocked outbound SMTP connections. I need to be able to send Email to other SMTP servers, besides theirs, for a number of legitamate reasons. My question is this; How can I either still send SMTP to the places I need to, or how can I convince Charter to unblock outbound SMTP (I can understand blocking inbound SMTP without ACK bit set)? They do provide a relay, but won't my messages get labelled as SPAM if I use that? I am also concerned because, this relay is not encrypted with SSL and I don't necessarily trust Charter with that."
Use your ISP for SMTP or change ISP (Score:5, Informative)
Re:Use your ISP for SMTP or change ISP (Score:5, Funny)
(holds out hands as if pleading) "If you... want... a practical... service... itMUSTbeport25(!). If you... can't... offer... port25... either you... need... tousesomeoneelse's... smtp server... or... to... change... ISP!"
Shatnerizing speech is fun! I'm going to have to do that more often. Thank... you(!)...
Incoming or outgoing? (Score:2, Insightful)
I wish more of them would (Score:3, Insightful)
And yes you can run it on non-standard ports. 26 is fairly common.
Re:I wish more of them would (Score:5, Insightful)
One thing I'm doing as a backup to my main connection is (everybody get ready to cringe) UUCP over TCP port 540. It's an easy config in the Unix/Linux world with Taylor UUCP. Sendmail handles it fine. No, no bang paths-- just plain domain names.
This would be a workaround for a problem on incoming mail. In my case, my primary MX record points to my mail server, and my secondary MX points to my UUCP relay site (bungi.com). If a sender can't connect to me, they go to the secondary where it queues. I run an hourly UUCP poll over TCP, which picks up anything waiting. If my main connection went down or were blocked, I could retrieve incoming mail with any generic PPP dial-up account.
I know, sounds kludgy, but it works fine.
This would work as a workaround for outgoing blockage also, but it would be much easier to use your ISP's outgoing mail server.
Re:I wish more of them would (Score:2)
Re:I wish more of them would (Score:2)
Just my two cents though, if y
Move to SMTP over SSL (Score:5, Insightful)
This sucks because you need a box outside your network to do this
Not the perfect solution but you at least get _some_ semblance of control.
Re:Move to SMTP over SSL (Score:2)
one thing is to perhaps use a web mail system (like yahoo) and create 'fake' web clients to 'click' on fields and buttons for you and send the email off that way. I also use a nice prog called fetchmailyahoo which polls yahoo (from my home bsd box) and downloads mail coming to my yahoo web account. works well. and I use yahoo filtering to keep those pesky 'microsoft security update' spams on THEIR system and it never touches my home ds
Re:Move to SMTP over SSL (Score:1)
"""
I also use a nice prog called fetchmailyahoo
"""
google says:
"""
Your search - fetchmailyahoo - did not match any documents.
No pages were found containing "fetchmailyahoo".
"""
Are you sure that's the name?
YAW.
Re:Move to SMTP over SSL (Score:3, Informative)
http://fetchyahoo.sourceforge.net/
its a GREAT program!
Re:Move to SMTP over SSL (Score:2)
Change ISPs (Score:5, Insightful)
Re:Change ISPs (Score:3, Informative)
Hopefully this ISP isn't the only cable provider in town. Sure, he can switch to DSL. But why should he have to change his method of receiving internet traffic?
Also, I'm sure the people who drop this ISP because of the SMTP problem is insignificant to the users that don't give a crap. The days of "The Customer is Always Right" are long gone. I'm constantly amazed that people still seem to think that a single irate letter is gonna change anything. It takes a loud cry from many people to get these letha
Re:Change ISPs (Score:2)
Ah, but it takes many single irate letters to create the loud cry
Fair enough...but who's gonna write the others? (Score:2)
Ah, but it takes many single irate letters to create the loud cry you speak of.
You're right, of course. Still, I think unless you can get some guarantee from others to 'match' your letters, I think you are wasting your time. It sounds like the original questioner has already resigned himself to the fact that he has neither the time or desire to organize some kind of protest to the ISP. I can sympathize -- I'd do the same thing in his place. My original message was a response to sweetooth who seemed t
Re:Fair enough...but who's gonna write the others? (Score:2)
Sounds like voting to me. Vote for the person you think is the ideal candidate and that's enough, delusional. Organizing other people to vote or do something else to make a change -- that's worthwhile.
Re:Fair enough...but who's gonna write the others? (Score:2)
Re:Change ISPs (Score:2)
Re:Change ISPs (Score:2)
But to see thei
Re:Change ISPs (Score:2)
easy (Score:3, Interesting)
Second find a machine with net access outside of your isp.
Third make an ssh tunnel from that machine to your machine.
That should work perfectly. But nothing is guaranteed.
Re:easy (Score:1)
It does not help against spam (very much) (Score:3, Insightful)
Although this helps a little bit in the fight against spam, the effect is not as large as your ISP thinks. Spammer/cracker gangs nowadays use viruses to infect zombie hosts (virii typically use ports 80 to infect IIS, or ports 135-139 to infect the CIFS filesharing). Once on your machine, these virii can easily send out spam on outbound port 25, no matter if your ISP blocks the inbound port or not.
Explain this to them, maybe they'll reconsider...
(Yeah,right).
Re:It does not help against spam (very much) (Score:3, Insightful)
Re:It does not help against spam (very much) (Score:2)
My experiences (Score:2, Interesting)
Use a mail forwarding service (Score:2, Informative)
Something like this [changeip.com].
Works well as a backup in case your isp goes down too.
Possibly a real solution to SPAM coming soon! (Score:4, Informative)
I think this has a lot of potential, unlike the other bazillion idiotic non-solutions that have been proposed, like X-mulct headers [subsume.com], for example.
I am planning some thing on these lines... (Score:3, Insightful)
These spammer bastards are making our life hell
raj
What we did... (Score:3, Informative)
I work for a small ISP. We worked around this problem a little differently..
Instead of blocking outbound SMTP, we opted to transparently proxy outbound SMTP sessions to our mail server.
The mail server does connection-rate throttling, and if the load on the server exceeds 'normal', the on-duty admin gets paged, so he can check the mail queue
Re:What we did... (Score:2)
>
>Instead of blocking outbound SMTP, we opted to transparently proxy outbound SMTP sessions to our mail server.
If more residential broadband ISPs did the kinds of things you're doing 18 months ago, I wouldn't have had to block all inbound port 25 traffic from 200.0.0.0/7, 12.0.0.0/8, 24.0.0.0/8, and the various
Re:What we did... (Score:2)
That is a HORRIBLE solution. I would not use an ISP that hijacked my traffic. It is much better to block outgoing traffic on TCP port 25 so that users know it is blocked and can find a different solution, such as relaying mail through your server.
Re:What we did... (Score:1)
Perhaps that's a security problem, but then, STMP over SSL would solve it, so what's the problem? On the face of it, this does seem like a really good solution
Re:What we did... (Score:2)
The problem is that the ISP is hijacking a customer's traffic. If you want to block certain packets, fine. Don't alter them.
Re:What we did... (Score:2)
Care to explain why?
I would not use an ISP that hijacked my traffic.
We're not "hijacking" anything - the mail ends up going exactly where it's supposed to be going.
What does it matter if the mail is relayed through SMTP server A or SMTP server B? As long as it reaches it's destination, there is no problem.
It is much better to block outgoing traffic on TCP port 25 so that users know it is blocked
If you read the responses here, you'll find that most people disagree with
Re:What we did... (Score:2)
You're hijacking my traffic. If initiate a TCP connection to a remote host, I expect it to connect to the remote host, not somewhere that my ISP chooses for me.
As long as it reaches it's destination, there is no problem.
What if the remote host is currently down? The mail then sits in your mail queue, even though I was told it was delivered to what I thought was the correct destination.
What if your mail s
Re:I am planning some thing on these lines... (Score:2)
sniff the data. if you see M$ this and M$ that and stuff that looks and smells like your system was hijacked, block that farker for sure! and tell him why so he can reinstall winblows.
but if its NORMAL user traffic, no way should he be blocked.
Not only against spammers (Score:2)
E.g. My ISP is so flexible that it has incremental business plans for opening each smtp, http, ftp, etc. ports for a fee. The most expensive of all is unrestricted tcp services, which are normally needed by medium-to-large companies.
You might find the strategy being unfair to domestic users, but they've to d
Re:Not only against spammers (Score:2)
Re:Not only against spammers (Score:1)
Have you tried asking? (Score:3, Insightful)
Re:Have you tried asking? (Score:2)
Be sure to check your terms of service first. You don't want to call them and tell them that you are running a server that is against their TOS and get your account canned. More and more ISPs are getting draconian about this sort of thing and won't even blink at canning your account for running a "rogue server". Don't get yourself into trouble. Lots of these companies aren't here to help you - they just want your money.
Of course,
Re:Have you tried asking? (Score:1)
Or perhaps call them up and sing "I want my.... I want my.... I want my SMTP"
No offense, but, "duh..." (Score:2, Interesting)
If you want to connect to outside SMTP servers, you'll either have to go with a smaller ISP that doesn't have paranoid, 'we're not going to be the front for spam' policies in place (and make a sacrfice, be it limited dialing area, higher prices, or whatever)
Re:No offense, but, "duh..." (Score:1)
"Easy! Just plug it into a DSL or cablemodem without patching it or using a firewall! Guaranteed your XP Home Edition machine will be transformed into a high-volume SMTP engine in 15 minutes or less!"
Yes, change ISP's (Score:2)
Besides, if you have dynamic IP on your box, you probably shouldn't be running an SMTP server to begin with.
Re:Yes, change ISP's (Score:2)
Why not? I have a dynamic IP, although since I rarely reconnect, my IP often stays the same for months. I have a script that simply updates my MX records whenever my IP changes, essentially making sure people can send me emails without interruption.
And running my own SMTP server has helped me reduce the amount of spam I get. When I give out my email addy, I leave in a reference to the site. Eg me@e
Get mailserver on a port other than 25 (Score:2)
Why do we have e-mail servers (for sending)? (Score:2, Interesting)
(this is just ignorance, I'm actually wondering why)
Re:Why do we have e-mail servers (for sending)? (Score:2)
Because the receiving mail server may not be up, or the link may be slow.
If you're sending a large attachment, for example, it makes more sense to send it to your local mailserver (to which you have a fast, stable connection), and let it deal with timeouts or whatever..
Would you want to keep your mail program open for hours or days when you didn't have to?
Re:Why do we have e-mail servers (for sending)? (Score:2)
This goes back to when the internet was young and sparse. Since clients didn't always have reliable connections and servers went down a little more often, it seemed logical to hand your message to a server and let it try to connect to a possibly unavailable server repeatedly than for your to sit and wait for the receiving server to come back online after an outage hitting "send" over and over again. Especially
Re:Why do we have e-mail servers (for sending)? (Score:1)
Re:Why do we have e-mail servers (for sending)? (Score:2)
A properly implemented SMTP server for outbound mail is nontrivial. There are zillions of different cases you have to be ready to deal with: the destination host is unreachable, temporarily unavailable, etc. To do this properly your mail program would have to be always running so that it could manage the outbound queue. Not to mention that I would be willing to bet that the people that write email applications have neither the skill
Re:Why do we have e-mail servers (for sending)? (Score:2)
Mydomain? (Score:2)
It's unclear to me what exactly you're trying to do. I run Mydomain, and forward my accounts from there to a pop server. My computer then goes to the pop server and downloads the mail. A perl script then looks at the "for" in the first "Received" header, and forwards the message to sendmail. This is good enough for me, because I don't use the incoming IP address information. If you do, you might have to adjust your scripts accordingly.
Re: (Score:2, Insightful)
Re:Mydomain? (Score:2)
I'd find anything other than direct control over my SMTP server difficult as I use it as part of an anti-spam procedure that's one of the few that's absolutely fool proof (ie no false positives, no permanent false negatives) - my journal explains what I'm doing.
I thought I would have the same problem, but I don't. All the information the SMTP server gets is right there in the header files. You just reinsert the email into your SMTP server, and it can't tell the difference.
I like Time Warner's solution (Score:2, Interesting)
first they ignored me... (Score:1)
Then I ran into the problem where my email address, short and begins with 'a', was a popular choice for the last round of viruses. I eventualy had to block about 40 DSL and cable modems at my firewall.
Then my trafic was over 99% dropped packes, effectively denying service.
I finally gave up and hosted my e
What were those reasons? (Score:2)
Blocked SMTP (Score:2, Informative)
Use a mail forwarder (Score:2, Informative)
It's not free, unfortunately, ($20 a year I think), but the nice thing is that they'll store 100 MB of email if for some reason they can't deliver it to your host - and since my mail is all done off of my cable, and I live in a weird area (My p
Ask your ISP to help (Score:2)
What reasons? (Score:2)
Enumerate these reasons. I, personally, can't think of many reasons where a residential user needs 25 outbound, when using the network mailservers as a smarthost will work fine.
Re:What reasons? (Score:2)
Well, using the ISP as smarthost will mean that their mailspool will contain any email you send out. Not using the ISP as smarthost will make it harder (but not impossible) for the ISP to track your emails.
</Paranoia>
Re:What reasons? (Score:2)
Using the ISP period means that they can snoop each and every packet you send out. Not a lot of difference between checking the mail logs and checking the etherial logs.
</Paranoia>
The simple fact of the matter is, this guy probably doesn't need to connect on port 25 outbound.
Re:What reasons? (Score:2)
Re:What reasons? (Score:2)
If you're really that paranoid, I suggest you encrypt your mail at the source.
If you don't think you can trust your ISP to keep your spooled mail private, then what makes you think they can be trusted to not packet-sniff your direct connections?
And once you're encrypting your mail, it won't matter if your ISP has it spooled or not.
Re:What reasons? (Score:2)
I'm indifferent to it, and was just offering a possible explanation for the OP not wanting to use the ISP's mail server as smarthost.
Re:What reasons? (Score:2)
You miss my point.
I'm not saying that ISP's can be trusted with your privacy. I personally believe that they can't be. And I'm certain that government routinely snoops on all kinds of communication, whether they're officially allowed to or not. But this has no impact on whether or not you should be relaying your outbound mail through an ISP server. It's just as easy to transparently proxy-and-store packets that are being sent "directly" to a remote host.
Witho
Re:What reasons? (Score:2)
Re:What reasons? (Score:2)
The reason it needs to be justified is that there are legitimate reasons to disallow his connections (spammers), and he has a reasonable solution (user upstream smtp server as a smart host)
Re:What reasons? (Score:2)
It has to be justified to some guy on Slashdot because it was asked to some guy at slashdot.
And you're right; a few have ruined it for everybody. Nevertheless, this fellow has a common problem; he does't ask for the right answer. He's looking to find out how to implement a specific solution; he's not asking what solution he should be implementing.
I liken it to 'what's the most efficient way I can shovel the snow out of my driveway with this large teaspoon?' while talking to the guy in charge of snow b
Re:What reasons? (Score:2)
Just wait until your ISP starts randomly dropping messages, or leaves them sitting in the queue for hours.
Re:What reasons? (Score:2)
That's a quality of service problem, and is addressed separately.
Re:What reasons? (Score:2)
Re:What reasons? (Score:2)
No, it isn't.
If the mail server is broken, get them fixed, or switch ISPs.
If you're on a residental account with restrictions such as 'no servers,' but they say 'we'll not enforce those restrictions unless we have to,' then don't whine when they start enforcing them.
There are services out there where it would never even occur to the company to consider even thinking about blocking off a port; pony up and go for it.
Inbound vs. outbound SMTP (Score:2)
The updated article, with the bit about Charter blocking direct outbound SMTP connections, should not be much of a problem for the casual home user - even those that wish to run their own inbound SMTP server. Simply set the SMTP server up to use the designated smarthost.
Moreover, many MTAs now reject incom
ISP don't want home users to run "servers" (Score:4, Informative)
There are a couple of justifications for this. Some are probably more realistic than others.
My cable-modem ISP (Cox) blocks outbound 25. This is a minor only a minor issue to me because Cox's outbound mail servers are generally:
I receive mail with co-lo servers that are part of my business.
The comment of not trusting outbound relaying because they might look at it is a bit misplaced. Looking at internet traffic is pretty easy for anyone with the desire and means to do so. If you send outbound SMTP on your cable modem, your ISP can look at the packets if they have the desire to do so (and I doubt that this breaks any laws). It does not really matter if they relay the traffic or not. They have physical access to the network, so they can sniff either way. On the other hand, they are pretty unlikely to do so unless they are asked by some governmental agency. Basically, sniffing such large amounts of data is uninteresting to them, so why would they bother. If you are worried about eavesdropping on email, encrypt.
In your case, I suspect that the blocks have two reasons:
Inbound blocks to 25 are just an enforcement to a no servers rule. I suspect that there are also blocks on 80 and perhpas a bunch of others. In all fairness, I would hate to run a mail server in-house on a cable modem. Mail is just too important to me, and I don't trust my in-house systems to be up 24x7. That is what co-lo is for.
Outbound blocks to 25 are an attempt to slow down spam. Specifically, they prevent hacked home systems from becoming SMTP relays. In general, this is probably a good thing and most users with hacked boxes never know the damage they are doing.
Your only real solutions that you have are:
None of these are 100% free or pretty, but the bottom line is that you are using your cable-modem line in a manner that doesn't fit your provider's pre-conceived image of the type of user they have/want.
On the other hand, the solutions above are not necessarily that expensive either. You can get email hosting with adequate access for <$10/mo, co-lo virtual servers for <$15/mo, and full dedicated co-lo servers for <$100/mo.
Re:Cox IP blockages (Score:2, Informative)
I see a couple of ports in your list that are not in theirs, so the FAQ may be a little out of date.
In general, I would love to see a "control panel" that let you set this up yourself (instead of making it global), but there choices are not unreasonable on the surface. They also appears to be full disclosure here, so I would compliment Cox
Exactly the opposite (Score:3, Informative)
Re:Exactly the opposite (Score:2)
I had configured Sendmail for the direct sending of e-mail (with receiving accomplished via POP3 with Fetchmail). All was good until the first time I tried to send an e-mail to someone at AOL. The e-mail bounced back to me, as the originating IP address was from Comcast's block of dynamically assigned IPs. So I reconfigured Sendmail to use Comcast's SMTP server as a smarthost and everything was cool. Then I tried to e-mail a company that
Re:Exactly the opposite (Score:2)
Dyndns Mailhop May be what you are looking for (Score:1)
Then use a NAT/IP-Masquerading/firewall setup on your box (iptables) to redirect port 2525 to port 25 for any incoming smtp traffic.
This method has the benefit of having two available ports for smtp. Port 25 for everyone behind the NAT/IP-Masquerading/firewall box and Port 2525 for all those on
Pick up 2600 Magazine. (Score:2)
--
Blocking inbound/outbound port 25 should be strd (Score:2)
Re:Blocking inbound/outbound port 25 should be str (Score:2)
-tor
Re:Blocking inbound/outbound port 25 should be str (Score:2)
Re:Blocking inbound/outbound port 25 should be str (Score:2)
Viruses/worms cause networks and servers to slow down to a crawl, affecting everybody. Without such blocks in place, everyone gets affected. With the blocks in place, only a handful of users are affected. So we are assuring connectivity FOR EVERYONE. And I'm not even mentioning the "no server" clause of the AUP. The only reason a port 25 block would affect you is if you are running a mail server, which is agai
Easy fix.. (Score:2)
I still run my own server, I can set up whatever filtering I want, other machines on my network never have to be reconfigured, but now all my mail is immediately forwarded through my ISP's mail server instead of being delivered directly.
BTW; My ISP doesn't block port 25 but many other ISP's won't accept mail from dialup and ADSL connections. I got sick of the bounces.
A little late here... (Score:1)
Re: (Score:2)
IPv6 (Score:2)
Alternatively, use IPv6 to a host you control outside your ISP that can use SMTP AUTH to let you realy. Or use IPsec to a host you control outside your ISP. Or better yet
Two cases here... (Score:2)
* ISP is blocking outbound port 25 traffic, except to their mail server ("smarthost" as it's known.) In this case, you cannot send mail directly. THe solution is to relay through your ISP's smarthost. If you can configure one of the various forms of authentication then usually you can send as any email address, so you don't have to worry about your domain name not being the same as your ISP's. You can also use a third party's s
Check out this thread: (Score:2)
http://ask.slashdot.org/article.pl?sid=03/04/19 / 23 27248&mode=nested&tid=126
I was hoping to find a "virtual" mail ISP which would allow me to relay my outgoing mail (preferably in a encrypted tunnel, but I'm not holding my breath). Instead, I ended up configuring postfix to relay only mail destined
How about the other way? (Score:2)
Tried sending through the school's SMTP host with From & Reply-To set to her "hosted" address. Refused to relay.
Our host set up an additional port, in the hopes that they just blocked the standard port. I can telnet from her machine to the host on that port, but MozMail can't make the connection.
Then my VNC connection
Re:SMTP (Score:2)
So, in the PhysicsGenius vein, I'll just point out that if you had your mail program use a tachyon stream that ran backwards in time, you could sidestep the ping time problem entirely, by ensuring that the app always ran in 0 time.
Re:SMTP (Score:1)
Best responce to a troll ever... (Score:2)