en102
Canadian, eh?
join:2001-01-26
Valencia, CA | its about time
It's about time most ISP's start blocking the ports.
There's way too much spam out there being relayed. I think that those that 'need' port 25, can purchase a business style account, or use a form of webmail. |
|
Boomerang86
Got FUD?
Premium
join:2002-10-18
VampireState
clubs: |  This blows...
OOL has crappy mail servers already. Now they expect people who use outside mail servers to switch back? I think not. |
|
jester121
join:2003-08-09
Lake Zurich, IL
 ·surpasshosting
 ·ViaTalk
| Say what you want....
...it's only a matter of time until this is S.O.P. for all residential broadband providers, and it can't happen soon enough for me. Everyone got used to the big wide open internet but that's obviously a failed experiment.
Time to pony up for a business-grade service, or find other means of relaying through a remote server (which isn't really difficult at all.) |
|
jaa
Premium,MVM
join:2000-06-13
 ·Optimum Online
·Vonage
1 edit | OOL not blocking 25 for me
Guess they know I would be pissed if I could not use my third-party SMTP server.
Of course, if they didn't have ridiculously low restrictions on our use of the OOL SMTP server, I would be happy to use it.
Edit: Fortunately my mail provider has an alternate port for SMTP in case your IPS blocks 25. Just changed to use the alternate - no sense in waiting until OOL gets around to blocking me.
--
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists. |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to Boomerang86
Re: This blows...
Once again, I have to say, blocking ports across the board only masks the symptoms, it does NOT solve the underlying problem.
It's better to identify and disconnect zombied systems. Even with port 25 blocked, zombies can still do a lot of damage, such as DDoS attacks. And as this tactic becomes more popular, spammers will just find other ways to get their crap out, so it doesn't stop spam either.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by kpatz  :
Once again, I have to say, blocking ports across the board only masks the symptoms, it does NOT solve the underlying problem.
The underlying problem is that "lots of users are idiots", and I don't think that's an ISP's problem to solve.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
antiphishing
Phishing Scam Terminator
Premium
join:2004-06-09
Wilkes Barre, PA
| reply to jaa
Re: OOL not blocking 25 for me
________________________________________________________
NOTHING justifies terrorism. We don't negotiate with terrorists. Those that support terrorists are terrorists.
_________________________________________________________
In my opinion, spammers are terrorist who hide behind the internet so they can propagate their crimes. This is why all ISP's must be forced to block port 25.
--
Dslreports.com Forum No-Spin zone starts here.
»www.antihotmail.com
spammers_are_scumbags@antihotmail.com |
|
cowboy
So Much For Subtlety
Premium
join:2000-03-14
Morgan Hill, CA
 ·Covad Communications
·DSL EXTREME
|  reply to en102
Re: its about time
For probably 95% of the users, you are probably right - However, there is still a significant portion of the population (and I expect that number to grow) that are more or less completely screwed by the current state of affairs!!!
I've yet to see one of these guys do this the right way:
*) Open the submission port(587) and require auth+TLS on it
...This port *MUST* be accessible outside the ISP net !
*) Require authentication on intranet submission via port 25
*) Do *NOT* require the ISP domain name on the Envelope From:, it could be valid to require it on the header.
Now, the have accurate accounting of who sent what, *AND* the user can sendmail via the ISP from wherever they are.
If all the ISPs and companies did this, *THEN* it is valid to block port 25 outbound, and possibly inbound. *THEN* it becomes feasible to impliment SPF/domainkeys/etc... But *NOT* before, because things are flatly B0RKED.
Without doing this properly, the ISP are screwing with telecomuters, tech folk, etc...
For example, I regulary sendmail from whatever box I'm on (work, home, laptop during travel) from any one of at least six different domains ! Yes, I use my ISP as a smarthost at times, but at times I can't.
I couldn't even use my prior ISP (Bellsouth) outside of their netblocks... and won't use my current (DSLExtreme) outside until they impliment SSL and port 587. Wanna take bets on if my company allows external mail?... How about the volunteer work I do with a Linux distribution ?
The only saving grace for me, is that my ISP allowed me to opt out of the port 25 block (in exchange for scanning, which I'm cool with - no open proxies) - so in a pinch I can always bounce mail through my home box to wherever I need it to go (via STARTTLS/AUTH on port 587, of course).
For the poor folk who have an ISP that requires certain domain names on their From: lines, even this is not an option 
--
Richard Nelson |
|
Natfly
join:2004-02-26
Fairfax, VA
| bleh
I'd much rather have the ISPs actively seek out the spammers and either block them or just kill their service. I don't think blocking a specific port across all of their users is a good solution. Although most users wont know much less even care about this limitation. This is very similar to the admins at my college blocking all outgoing traffic on 21 and 80. They deny that 21 is blocked and claim that blocking 80 was a side effect of their new 'virus protection'. |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| reply to antiphishing
Re: OOL not blocking 25 for me
said by antiphishing :
In my opinion, spammers are terrorist who hide behind the internet so they can propagate their crimes. This is why all ISP's must be forced to block port 25.
So, let's ban email on our ISP's network because of those spammin' terrorists then!
That's sort of like outlawing cars because people use them to get away after robbing a bank, or use them in drive by shootings.
I hate spam as much as the next guy, but I don't want unnecessary restrictions on my Internet access. I'm not even in an OOL area but this topic really gets me steamed. If an idiot gets zombied, or a spammer sets up shop, well then that subscriber is in violation of the TOS and should be disconnected.
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend. |
|
drake
drizzy
Premium,MVM
join:2002-06-10
Brooklyn, NY
·Optimum Online
| reply to Boomerang86
Re: This blows...
said by Boomerang86 :
OOL has crappy mail servers already. Now they expect people who use outside mail servers to switch back? I think not.
I don't know about crappy mail servers, ever since I've been a subscriber with their service(Since December 2003), I haven't had any issue with their servers or even getting mail; So far, I've been satisfied...
--
Intel Pendleton 2 Motherboard, Pentium 4 @ 2.00GHz, Dell 128 MB + 512MB DIMM RAM,
GeForce4 MX 420 64MB Vid Card, CNET Pro200WL 10/100 NIC, 16x DVD-ROM and Dell 48x CD-RW, 40GB HD. |
|
Sysadmin
NoBama
Premium,MVM
join:2000-07-07
Sacramento, CA
·Pacific Bell - SBC
| reply to kpatz
I think it is a good short term solution to slow down the spammers. You are correct that they will find ways around it but at least it will break what they have in place for the moment.
In the long term ISP's need to force the responsibility on the end users (by making it part of their TOS) and take them offline of they don not fix their zombie computers.
--
Join Team Starfire SETI@Home
Put your unused clock cycles to work! |
|
dragonhorse
join:2004-06-30
Ottawa, ON
| reply to Natfly
Re: bleh
said by Natfly :
They deny that 21 is blocked and claim that blocking 80 was a side effect of their new 'virus protection'.
that is quite BULLSHIT....a lot of standard access (opening webpages or so) usually use that particular port.. 80 that is
dragonhorse.... |
|
Natfly
join:2004-02-26
Fairfax, VA
| said by dragonhorse :
said by Natfly :
They deny that 21 is blocked and claim that blocking 80 was a side effect of their new 'virus protection'.
that is quite BULLSHIT....a lot of standard access (opening webpages or so) usually use that particular port.. 80 that is
dragonhorse....
Yes I'm aware of 80 being the standard http port, which is why other students like myself who are running web servers had to host on some other port such as 81 to get them to be accessible. |
|
BlitzenZeus
Burnt Out Cynic
Premium,MVM
join:2000-01-13
Beaverton, OR
 ·Verizon FIOS
·Verizon Online DSL
1 edit | Non-Default Ports
Many mail servers also allow non-default ports which bypass this quite easily, and as a matter of fact one of my smtp servers uses non-default ports due to the fact that that many isp's block tcp 25 outbound to other than their mail server.
This is not a good fix, and will cause as many problem with legit use as it will for malicious use. Its also very easy to listen on a non-default port...
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
The biggest error is sitting in front of your keyboard. |
|
ggtaylor
Michigeezer
join:2001-04-02
Saginaw, MI
clubs:
·Charter Pipeline
| No problem sending, they just don't get received.
My work mail uses a third-party mailer. I don't have any problem sending e-mails but when I cc: myself at hotmail and at home, the hotmail copy ends up in junkmail, even after identifying it as valid mail. The copy to my home (Charter) never gets "received". Makes me wonder, what other valid mail I'm not getting due to arbitrary rules that seem to be applied. |
|
DarkOne427
@telus.net
| Not going to work
The ISP are stupid for doing stuff like this, there are other ways or going around it, (just like people who pirate software, the companies keep trying to come up with new protections but they are always cracked) what it does is screw the little guy, I run a legit company and I was unable to send emails using my pocomail and 3rd party mail server which I pay for, for 4 days, it cost me a fair bit of money (I'm in advertising not random spam). Anyways as I said there are other ways to go around it, most mail servers will accept port 2525 which sends just fine, that's all I did and it works great.
mail.yourdomain.com:2525
Regards |
|
macmouse
Premium
join:2002-05-30
Saratoga, CA
| reply to cowboy
Re: its about time
Well, if you already have a *nix box at home, you can foreword the port via SSH.
Its not perfect (requires manual intervention) but it works quite well in a pinch.
ssh me@my.linux.box -L 2525:mail.isp.net:25 (smtp)
ssh me@my.linux.box -L 1110:mail.isp.net:110 (pop)
Then, you point your email client to connect to localhost (on the high number port # defined).
BTW - I'm also pretty sure there is openssh in the cygwin package for windows, so you can use that or some other "native" ssh client. |
|
en102
Canadian, eh?
join:2001-01-26
Valencia, CA
·RoadRunner Cable
·DSL EXTREME
| reply to cowboy
Without doing this properly, the ISP are screwing with telecomuters, tech folk, etc...
For example, I regulary sendmail from whatever box I'm on (work, home, laptop during travel) from any one of at least six different domains ! Yes, I use my ISP as a smarthost at times, but at times I can't.
This is just another reason to have
A) A Business account, which would not restrict these ports (vs. standard!), and could allow you to run servers if you want
B) Web based email.
C) VPN to your email / business
The only saving grace for me, is that my ISP allowed me to opt out of the port 25 block (in exchange for scanning, which I'm cool with - no open proxies) - so in a pinch I can always bounce mail through my home box to wherever I need it to go (via STARTTLS/AUTH on port 587, of course).
I agree that ISPs could offer to allow port 25 in exchange for scanning. I have SBC, which requires authentication for sending email as well as recieving, and I for one do not mind. On a daily basis at work, my domains see between 2000 and 5000 spam messages a day, and those are the ones that don't get rejected due to fake domains, etc. It's a waste of bandwidth and resources. I agree that this will not stop everything, as spam is big business. |
|
jap
Premium
join:2003-08-10
038xx
·RoadRunner Cable
| reply to BlitzenZeus
Re: Non-Default Ports
said by BlitzenZeus :
Many mail servers also allow non-default ports which bypass this quite easily, and as a matter of fact one of my smtp servers uses non-default ports due to the fact that that many isp's block tcp 25
Exactly. I get so tired of this issue. It's just another half-step solution that perhaps makes spammers get one more notch sophisticated but costs legions of legit use headaches. I relay via port26 to my 3rd-party provider who has had all their SMTPs monitoring 25+26 for years due to this "block 25 at the perimeter" mentality. It's nothing more than a stop-gap measure that gets parlayed into "solution" status only because ISPs cannot get it together to simply block all the ranges of spam-friendly hosts. If just 20% of the mail-providing ISPs could get it together to block the spam-friendlies would fall in-line so fast it would make our collective heads spin: they'd loose every legit acct if legit accts couldn't get their mail through. 2 months of pain for some for a permanent fix; sounds like heaven at this point. |
|
