Re: its about time in

Re: its about time in http://www.dslreports.com/forum/r11104106 en Sun, 29 Nov 2009 01:57:26 EDT Sun, 29 Nov 2009 01:57:26 EDT Re: its about time http://www.dslreports.com/forum/remark,11104106 stridr69 : hehehe..
ROFL..
:D
Good take, man..]]> http://www.dslreports.com/forum/remark,11104106 Fri, 20 Aug 2004 02:00:22 EDT Re: its about time http://www.dslreports.com/forum/remark,11096557 en102 : No... you're missing the point...
*) I am not a business
*) I have personal web based mail, as does my ISP, my company and groups I do volunteer work for DO NOT !
*) Some of the groups I volunteer for DO NOT have VPNs setup
*) I have a VPN to work - unfortunately it is Windows only - there is a hack to do similiar on Linux, but it is *NOT* supported - and often broken.

A) Get your company to get up to date, with either web based access or VPN based access. If they require you to access remotely, then they should be providing a reasonable/secure access method.

If your answer is for me to become a business - upgrade my phone and DSL (usually both have to be done) to work around poorly planned and implimented filters by ISPs - and lack of decent company support.... then too much of your income comes from the ISP/telco side.
Work with your ISP, they might give you port 25 for no charge. While I agree that there are going still going to be holes in almost any fix, and blocking port 25 is only a bandaid to a much more serious problem.

Good for them ! Do they also allow authenticated sending from outside their network ?

Yes!]]> http://www.dslreports.com/forum/remark,11096557 Thu, 19 Aug 2004 12:30:34 EDT Re: its about time http://www.dslreports.com/forum/remark,11094752 n2jtx :

said by en102 :
It's about time most ISP's start blocking the ports.
There's way too much spam out there being relayed. I think that those that 'need' port 25, can purchase a business style account, or use a form of webmail.

Actually they should block quite a few more:

21 - will stop people from transferring files they shouldn't
23 - will stop people from logging into systems they shouldn't.
80 - will stop the downloading of rogue ActiveX components.
110 - will stop people from getting infected email and spam.
143 - same reason as 110.
144 - will stop people from getting to the alt.binaries.* groups.
443 - will stop phishers from using phoney SSL certificates.

In fact now that I think of it, blocking 1-65535 would go a long way towards solving many of the problems with the Internet.

:uhh: :uhh:
--
I support the right to keep and arm bears.]]> http://www.dslreports.com/forum/remark,11094752 Thu, 19 Aug 2004 08:18:00 EDT Re: its about time http://www.dslreports.com/forum/remark,11093816 cowboy : :) Good luck, keep us posted as to the responce you (don't) receive.
--
Richard Nelson]]> http://www.dslreports.com/forum/remark,11093816 Thu, 19 Aug 2004 02:08:16 EDT Re: its about time http://www.dslreports.com/forum/remark,11092110 anon : Dear Bellsouth Agent,

Apparently someone in your office has provided you with inaccurate information again.

I do not have an email server attached to the Bellsouth (FastAccess) DSL network. I have a consumer PC. For several years, I have been able to send email with my computer to my server (located in Texas and hosted with EV1Servers.net) for legitimate email communications with customers, friends, family, and loved ones. Now that bellsouth has blocked the transmission of data with intent to have all bellsouth DSL users redirect their email to your server ("Insert the Outgoing Mail Server (SMTP Server). This should be set to mail.bellsouth.net" from »home.bellsouth.net/csbellsouth/s···.htm&ck=

And the statement "It simply allows BellSouth Internet Service to help ensure that spam is not being sent out through the BellSouth network." From »home.bellsouth.net/csbellsouth/s···er=y&ck=

And your statement "Our customers are more than welcome to use our SMTP server (mail.bellsouth.net) to send personal mail, even for non-BellSouth e-mail addresses." ) only proves that bellsouth is using this means to collect users personal and confidential data without them knowing or being aware of it. How else would you be able to verify unless you in some way read the content of the email. Also, sounds to me that your servers are configured to be an open relay which is a big no no in the network would.

The statement made by the above web posting on your site also says, "If your secondary e-mail account is an AOL account, you should not have to make changes to your e-mail software." Means that AOL mail users have been excluded from this port blocking, blocking of data, and the anti-Spam and e-mail class of service rules configured on the BellSouth mail system. Sounds to me that non-bellsouth email users and non-AOL email users have been blocked.

I'm shocked to see that bellsouth does not stop the porn that transmits across your network or even the virus infected websites, but chooses to block email or more specifically the transmission of my data.

Here are the points I wish to make.
1. I've had unlimited access and data communication via the network until 10pm Monday evening for several years.
2. Your reference to running a server is merely a smoke screen as I am not running a server. Although any bellsouth customer that has the netsky or beagle virus is running a server. Actually every Windows PC is technically a server by definition.
3. AOL has been excluded from the blocking tactic.
4. You block the transmission of data, and then tell me to purchase a more expensive plain to open the port back up. Sounds like extortion to me, or do you refer to it as the American way of doing business.
5. I think BellSouth aka FastAccess is guilty of breaking the law more specifically the Georgia Computer Systems Protection Act. OCGA 16-9-90
6. I will be seeking a warrant and permission for class action.]]> http://www.dslreports.com/forum/remark,11092110 Wed, 18 Aug 2004 22:24:20 EDT Re: its about time http://www.dslreports.com/forum/remark,11090670 cowboy : This is just another reason to have

A) A Business account, which would not restrict these ports (vs. standard!), and could allow you to run servers if you want
B) Web based email.
C) VPN to your email / business

No... you're missing the point...
*) I am not a business
*) I have personal web based mail, as does my ISP, my company and groups I do volunteer work for DO NOT !
*) Some of the groups I volunteer for DO NOT have VPNs setup
*) I have a VPN to work - unfortunately it is Windows only - there is a hack to do similiar on Linux, but it is *NOT* supported - and often broken.

If your answer is for me to become a business - upgrade my phone and DSL (usually both have to be done) to work around poorly planned and implimented filters by ISPs - and lack of decent company support.... then too much of your income comes from the ISP/telco side.

I agree that ISPs could offer to allow port 25 in exchange for scanning. I have SBC, which requires authentication for sending email as well as recieving, and I for one do not mind.

Good for them ! Do they also allow authenticated sending from outside their network ?

On a daily basis at work, my domains see between 2000 and 5000 spam messages a day, and those are the ones that don't get rejected due to fake domains, etc. It's a waste of bandwidth and resources. I agree that this will not stop everything, as spam is big business.

Right... so after filtering, we'll suffer through SPF, DomainKeys, etc... and each will fail to stop the problem :( Remember, spam isn't SPFs selling point - it is forged senders... but all these break in subtle ways with forwarding, and/or have other issues.

And unfortunately, a some of that money winds up in the ISPs pockets... Thats why netblocks (or the threats of same) used to be resorted to...
--
Richard Nelson]]> http://www.dslreports.com/forum/remark,11090670 Wed, 18 Aug 2004 19:54:27 EDT Re: its about time http://www.dslreports.com/forum/remark,11090517 cowboy : hehe, btdt, I now use OpenVPN on Linux and windows - works great !
--
Richard Nelson]]> http://www.dslreports.com/forum/remark,11090517 Wed, 18 Aug 2004 19:34:18 EDT Re: its about time http://www.dslreports.com/forum/remark,11090021 en102 : Without doing this properly, the ISP are screwing with telecomuters, tech folk, etc...
For example, I regulary sendmail from whatever box I'm on (work, home, laptop during travel) from any one of at least six different domains ! Yes, I use my ISP as a smarthost at times, but at times I can't.

This is just another reason to have

A) A Business account, which would not restrict these ports (vs. standard!), and could allow you to run servers if you want
B) Web based email.
C) VPN to your email / business

The only saving grace for me, is that my ISP allowed me to opt out of the port 25 block (in exchange for scanning, which I'm cool with - no open proxies) - so in a pinch I can always bounce mail through my home box to wherever I need it to go (via STARTTLS/AUTH on port 587, of course).

I agree that ISPs could offer to allow port 25 in exchange for scanning. I have SBC, which requires authentication for sending email as well as recieving, and I for one do not mind. On a daily basis at work, my domains see between 2000 and 5000 spam messages a day, and those are the ones that don't get rejected due to fake domains, etc. It's a waste of bandwidth and resources. I agree that this will not stop everything, as spam is big business.]]> http://www.dslreports.com/forum/remark,11090021 Wed, 18 Aug 2004 18:36:07 EDT Re: its about time http://www.dslreports.com/forum/remark,11089669 macmouse : Well, if you already have a *nix box at home, you can foreword the port via SSH.

Its not perfect (requires manual intervention) but it works quite well in a pinch.

ssh me@my.linux.box -L 2525:mail.isp.net:25 (smtp)
ssh me@my.linux.box -L 1110:mail.isp.net:110 (pop)

Then, you point your email client to connect to localhost (on the high number port # defined).

BTW - I'm also pretty sure there is openssh in the cygwin package for windows, so you can use that or some other "native" ssh client.]]> http://www.dslreports.com/forum/remark,11089669 Wed, 18 Aug 2004 17:53:23 EDT Re: its about time http://www.dslreports.com/forum/remark,11089011 cowboy : For probably 95% of the users, you are probably right - However, there is still a significant portion of the population (and I expect that number to grow) that are more or less completely screwed by the current state of affairs!!!

I've yet to see one of these guys do this the right way:
*) Open the submission port(587) and require auth+TLS on it
...This port *MUST* be accessible outside the ISP net !
*) Require authentication on intranet submission via port 25
*) Do *NOT* require the ISP domain name on the Envelope From:, it could be valid to require it on the header.

Now, the have accurate accounting of who sent what, *AND* the user can sendmail via the ISP from wherever they are.

If all the ISPs and companies did this, *THEN* it is valid to block port 25 outbound, and possibly inbound. *THEN* it becomes feasible to impliment SPF/domainkeys/etc... But *NOT* before, because things are flatly B0RKED.

Without doing this properly, the ISP are screwing with telecomuters, tech folk, etc...

For example, I regulary sendmail from whatever box I'm on (work, home, laptop during travel) from any one of at least six different domains ! Yes, I use my ISP as a smarthost at times, but at times I can't.

I couldn't even use my prior ISP (Bellsouth) outside of their netblocks... and won't use my current (DSLExtreme) outside until they impliment SSL and port 587. Wanna take bets on if my company allows external mail?... How about the volunteer work I do with a Linux distribution ?

The only saving grace for me, is that my ISP allowed me to opt out of the port 25 block (in exchange for scanning, which I'm cool with - no open proxies) - so in a pinch I can always bounce mail through my home box to wherever I need it to go (via STARTTLS/AUTH on port 587, of course).

For the poor folk who have an ISP that requires certain domain names on their From: lines, even this is not an option :(
--
Richard Nelson]]> http://www.dslreports.com/forum/remark,11089011 Wed, 18 Aug 2004 16:37:01 EDT its about time http://www.dslreports.com/forum/remark,11088833 en102 : It's about time most ISP's start blocking the ports.
There's way too much spam out there being relayed. I think that those that 'need' port 25, can purchase a business style account, or use a form of webmail. ]]> http://www.dslreports.com/forum/remark,11088833 Wed, 18 Aug 2004 16:17:33 EDT