buddyfrench
join:2000-07-17
Brandon, MS
clubs: |  Re: Earthlink blocks port 25 outgoing!
This is bad? I hate junkmail ! I wear a Brightmail.com cap! I am tired of doing whois and e-mailing abuse@XXXXXX. I am tired of having to view and forward all headers ! |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | No, its good. Well I think so anyway. |
|
kkb
You go Gura
join:2000-06-11
Montrose, CO
| I disagree. There are valid instances where mass-mailing should be permitted. Your very own Line Monitoring emailed reports would be forbidden if you used MindSpring's mail system. Also, there are private email systems external to MS/EL some folks use that require SMTP password authentication - these systems will not accept MS relays due to the password requirement and the user is hosed 'cause direct access to the mail server is blocked.
I could agree to say a 30 to 90 day probation period for MS/EL to weed out abusers at which time a person could petition to have the restriction lifted from their account. |
|
Brian D9
join:2000-02-26
Camp Hill, PA | Just curious, if it blocked on port 25, could'nt I reconfigure my co-located server to listen for SMTP on a different port number? And then connect to that port number from my sytem here at home? |
|
bil2k
join:2000-08-19
Pompano Beach, FL | yep |
|
jrousseau
Fudge E. Bear
join:2000-08-08
Houston, TX | reply to justin
What, are you kidding? I can make money fast, and there are lonely college girls waiting to hear from me! How am I supposed to find out about it now?!
--
I am the Lizard King...I can do anything! |
|
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL | reply to Brian D9
Sure, then you could connect on another port from home. But how does your coloacated server, now running on a non-standard port, exchange mail with the rest of the world who is still listening on port 25? |
|
wesm
tmb.org
Premium
join:1999-07-29
Lewisville, TX
| reply to justin
This makes me glad I'm not an Earthlink subscriber ... One thing I notice Earthlink cheerfully skipped over, and no one has mentioned here yet, is that some people run their own mail servers. If my ISP did this (which would be a violation by them of their own terms of service), that would mean my own, properly secured, mail relay would no longer function.
Its not an ISPs job to harass everyone due to the actions of the few. Give me the service I pay for and run the abusers off the network. If that means I need to pay a bit more to finance the salaries of the people who do that, then wonderful, I'm all for it.
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy and have the root password. |
|
djrobx
join:2000-05-31
Valencia, CA
 ·PHONE POWER
 ·AT&T U-Verse
·AT&T CallVantage
·Time Warner VOIP
 ·RoadRunner Cable
| reply to kkb
If you were an Earthlink customer, you could still send out the Line Monitoring reports via Earthlink servers. You are right that private SMTP servers would need to be reconfigured, but that's somewhat unusual, most people get to their "private" e-mail accounts via VPN, which the port blocking would not affect.
I do agree that some notice would have been a good idea to protect those few who might be using outgoing SMTP connections respectably. As much as I dislike port blocking in general, I do think the good outweighs the bad in this situation. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to wesm
Well if they only block smtp outgoing, as they imply, then your own mail server would still work for incoming mail. And if you want to use it for outgoing mail, you just have to reconfig it to point to the earthlink mail server which is a very easy change.
And quite possibly if you want to email 10,000 people, you warn them and them exempt the spam trap for you.
Of course this also means they have to be in the loop on what you do with your connection. And they might decide mailing 10,000 people (for whatever reason) is not something that is allowed on your line. |
|
jseymour8
join:2000-07-29
| ISPs blocking the SMTP port outgoing is probably a necessary evil. For dialups.
A few thoughts...
•I would assume Earthlink's new policy applies only to dialup connections.
•I can't imagine any ISP doing this to business customers using dedicated (i.e.: xDSL, Frame, T1 or other digital) connections.
•If one needs to send direct-to-MX for some reason, IMO one should get a business account of some type. At least an account with static IP. But even dynamic IP customers are probably not email abuse sources (much). It's "throw-away" dialup accounts that are the big problem with direct-to-MX and relay-rape spamming.
•I find it somewhat odd that none of the other tech. news sites I visit yet have any news on this. Nor has anything appeared about it in news.admin.net-abuse.email.
|
|
wesm
tmb.org
Premium
join:1999-07-29
Lewisville, TX
|  If one needs to send direct-to-MX for some reason, IMO one should get a business account of some type.
And why should businesses, or those who can afford the expense of a business account, get standard Internet connectivity, while home users are punished by having TCP/IP ports filtered and blocked? If I pay an ISP for a connection to the Internet, that's what I want, and nothing should interfere with that. Same as my driving on the local toll road: my Taurus gets the same treatment as the business-driven limousine in the other lane.
Degrading your whole network due to the actions of some is a lame tactic, and they know it. The phone company doesn't disconnect an entire town just because a few idiots start making harassing phone calls to neighbouring towns.
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy and have the root password. |
|
graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
| reply to wesm
Earthlink/Mindspring does not allow any type of servers to be run from residential DSL or dialup accounts. It's in their AUP, so the fact that servers aren't allowed shouldn't be news to any of their impacted customers.
The difference now is that rather than merely prohibiting mail servers (and connections to off domain servers) via AUP, they are insuring the prohibition by technical means.
While this is new to Earthlink, Mindspring has been doing it for quite some time. I suppose the recent merger of the two has allowed some of the Mindspring mindset to migrate to the company that gobbled Mindspring up.
Look for similar announcements soon in other Earthlink owned former Mindspring aquisitions, if they haven't already been made - places like Netcom - if they even still have an identity of their own.
And yes, there are ISPs that do cater to those who wish to run servers. I shopped around to find the service and policies I need to operate the way I want to. There's no reason any of the impacted Earthlink customers can't vote with their feet and wallets. It may cost them more, but in my case it didn't.
I can get garbage DSL service from numerous ISPs with draconian AUPs, or excellent and accomodating service for the same price - to the penny. |
|
djrobx
join:2000-05-31
Valencia, CA | reply to graysonf
Using a firewall, you could forward the nonstandard port to 25 so the server effectively listens on both ports....
-- Rob |
|
borahood
join:2000-07-18
Davis, CA
| reply to buddyfrench
This is GREAT news! It means I may consider taking earthlink off my "black hole" list here at work.
I got tired of daily "abuse@" mailings to them, so as acting postmaster, I simply added them to the access denied list, and shut them off entirely in sendmail. For the entire enterprise.  Nobody complained, not a SINGLE person complained that legitimate mail was being blocked.
Now if we can just convince msn.com to do the same...  |
|
JSY
Premium
join:2000-04-05
Elmhurst, NY
clubs:
·RoadRunner Cable
 ·Bway.net
| Not sure how I exactly feel about this. . .
I'm not sure how I feel about this. There are situations where I need to use port 25 using SMTP to send e-mail out through another mail server, and it looks like this would prevent it. I run a website out there, and in order to send outgoing mail with the proper domain name origin, I need to use a different mail server. I could use the "Reply-to" field, but that wouldn't look very professional.
Now, how this mail server attempts to get around spamming is that it uses the POP3 authentication before allowing mail to be sent. (It verifies the password used for POP3 and then opens the SMTP port for a specified amount of time before closing.) I think if more mail servers had this SMTP authentication process, perhaps instances like what Earthlink had to do wouldn't have to be a common practice. Also, maybe this would be useful in the war against spam. It's a small nuisance (of checking for authentication), but I think it's a better solution than to restrict ports because mail servers out there have their SMTP port wide open, or than to have the SMTP port open only from traffic originating from it's own domain.
[text was edited by author 2000-10-04 17:05:51] |
|
jseymour8
join:2000-07-29
| reply to wesm
Re: Earthlink blocks port 25 outgoing!
And why should businesses, or those who can afford the expense of a business account, get standard Internet connectivity, while home users are punished by having TCP/IP ports filtered and blocked?
You read my statement wrong. Perhaps because I was insufficiently clear in the way I wrote it. (Tho I would have thought the bit about "dynamic IP xDSL customers" would have served to make the point.) Put another way: IME, people who wish to do direct-to-MX would be better served by obtaining a business account of some sort. At least an account with a static IP.
As to why I say that: dialup accounts are particularly ill-suited for direct-to-MX delivery for two reasons:
•The dialup netblock will likely be listed on the MAPS DUL database. Many SMTP servers (mine at home and those I admin at work included) will not accept SMTP connections from machines with IP addresses in the DUL database.
•Mail server admins are increasing requiring that SMTP client hosts have a valid and self-consistent rDNS entry. Unlikely in the extreme with a dialup account. (I don't do this check on any of my mail servers - yet.)
So you see: Earthlink's action only completes the job that many mail server admins had already started individually. (Not to mention: apparently enforces the TOS that everybody was supposed to be obeying anyway.)
If it'll make you feel better, I'll re-direct my outgoing through my ISP's mail gateway. It makes no-never-mind to me. I do direct-to-MX because I can, not because there's some Holy Advantage or great Geek Power Points gained thereby. It was incoming SMTP connections over which I wanted control--the reason I wanted to run a mail server. Why did I want to run my own mail server? To control incoming spam. Ironic, in light of the discussion, no? |
|
jseymour8
join:2000-07-29
|  reply to JSY
Re: Not sure how I exactly feel about this. . .
I run a website out there, and in order to send outgoing mail with the proper domain name origin, I need to use a different mail server.
Unless Earthlink's MTAs are messing with the inside (or "header") "From:" line, this is not true. They shouldn't be doing that. I would be mildly surprised to find they were.
It so-happens that the MTAs I admin are configured to show all email coming from from "somebody@example.com." (As opposed to including the originating hostname.) But they're all corporate or private mail gateways. For an ISP-provided mail gateway: this should not be the case.
Yes, the "Received:" headers will show the transit through Earthlink's MTAs. Is there a problem with that? Is Earthlink not a respectable ISP? Should one be embarrassed that somebody should notice they're using Earthlink?
Before I got my SOHO-business-class DSL circuit at home, incoming email was delivered to my machine via an Internet-to-UUCP mail gateway. Outgoing was directed through my dialup ISP's SMTP server. Never was there a problem with who the email was "from." After my DSL line was in, but before I got around to moving my domain over, I simply switched the relay host parameter to my new DSL provider's specified mail gateway. I made no other changes in my MTA's configuration. Nobody not looking at the "Received:" headers would have ever noticed the difference. In fact, even though I'm now doing direct-to-MX: still nobody not looking at the headers would see the difference.
Heck, if Earthlink would let me relay through them, I could do so and still nobody would notice anything different if they didn't look at the "Received:" headers.
Why do you suppose forged spam headers are so effective?
There is no good reason that I can think of that anybody running a small, residential system cannot relay through their ISP's mail gateway.
The only reason a business of any size does direct-to-MX is that there's no point to doing otherwise when you have a domain with proper DNS and rDNS records. And there's no point to adding your traffic to an ISP's mail gateway in such a case. My dedicated commercial ISPs don't even mention such a thing as a "mail gateway."
As I noted elsewhere: I do direct-to-MX from my home system now simply because I can. So there's one less "hop?" <shrug> Whoop-de-doo. It just ain't no big thayng. |
|
jseymour8
join:2000-07-29
| reply to borahood
Re: Earthlink blocks port 25 outgoing!
It means I may consider taking earthlink off my "black hole" list here at work.
Yup. I've had Earthlink manually black-holed for years. I recently added a single email address to an exception list that let that one Earthlink address in. Now maybe I can take them off the black-list.
Now if we can just convince msn.com to do the same...
You may be amused (I was) to find that MSN recently found itself on the MAPS RBL (I believe it was). I only noticed because I get a daily summary of mail gateway activity from each gateway, and observed that there was a reject (multiple rejects? Don't remember) from the MSN domain. Reject reason was, IIRC, for being on the MAPS RBL. |
|
wesm
tmb.org
Premium
join:1999-07-29
Lewisville, TX
| reply to jseymour8
If it'll make you feel better, I'll re-direct my outgoing through my ISP's mail gateway. It makes no-never-mind to me. I do direct-to-MX because I can, not because there's some Holy Advantage or great Geek Power Points gained thereby. It was incoming SMTP connections over which I wanted control--the reason I wanted to run a mail server. Why did I want to run my own mail server? To control incoming spam. Ironic, in light of the discussion, no?
My apologies, I wasn't intending to get on your case. I run my own mail server for the same reason. Basically, two things miffed me here, and I'm sorry for it getting the better of me:
1- That Earthlink sees the need to start filtering what, by all rights, should be an unfiltered line (TOS notwithstanding, which I realize prohibits servers anyway, but Direct-to-MX and other technical reasons mean, to me, it should be left open. Kick the abusers off)
2- That "get a businss connection" seems to be the standard response by a lot of ISPs and users, whenever someone complains they're not getting something that's been "standard" with Internet connections since the beginning of the 'net (i.e. a static IP, or the ability to connect to your home machine from work, etc; those things, for me, being the primary reason why I wanted DSL, not just the speed)
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy and have the root password. |
|
