said by Hehe :

I was told if Comcast ever detects ports 25 or 53 open then will drop me permanently.

said by funchords :

As SMTP, there are a couple of different Comcast practices in use here.

One is their Comcast.net mail server policy -- which has limits "per message" and limits "per day" -- I don't know if the numbers quoted above are right, but they're something like that. Accessing it via port 25 or port 587 does not change these limits.

The other is their spam-complaint response policy. If customers provide evidence that your IP is spamming, Comcast will change the configuration of your connection such that you no longer can connect to TCP port 25. This is because most malware that spam connect from the local IP address directly to the mail server of the spam target. This is exactly what happens if you run your own SMTP server, too, however you running your own server will rarely result in spam complaints from others. If Comcast tells you that you no longer can connect to mail servers using port 25, and that you have to use port 587 and authentication instead, then you likely have (or had) spamming activity that you were not aware of. Check your system for malware.

I've had these open for years at a time. No sweat.

Comcast can't prohibit you from having an open port. Contrary to people who cannot read and understand the TOS, Comcast doesn't prohibit you from running a private server.

They claim to be able to prohibit you (via the TOS) from running a public service. FCC Broadband policy further makes no such restriction, and Comcast promised to comply with that policy in lieu of formal regulation. Still, running a public service on a Comcast connection is roughly the same as bringing a squirt gun to a 5-alarm fire.

Running a public service is not the same thing as having an open port for personal use. I have an SSH server. Anyone can access it from anywhere in the world and try to log in. They'll get nothing without the right cryptographic keys.

You can run your own DNS server (Why you'd want to? I dunno.). You don't have to secure it. But if it starts interfering with the network in any way, I'd expect to come home to slow flashing lights on my disconnected modem -- and rightly so. (DNS servers that are on home networks is one of the habits of zombie-controlled networks. I've written to abuse@comcast on several occasions -- they really do respond to those complaints.)

said by funchords :

My firewall prevents any IP in my house from sending out on port 25. So I am not a SPAMer. Other than the SPAM I forwarded to my gmail account.

said by bigchris :

OUT on port 25, or out of the firewall TO a remote port 25?

said by Hehe :

Well, about 1 month after they said I was spamming and made me shut down my ports 25 and 53 I got my service back. 1 month later they disconnected me, when I called I was told ports 25 and 53 are active, so they shut me down. I promised to never use those ports again. They said if they ever detected them open my service would be permanently disabled. So, who do I call at the FCC about this? Also, I have been told Verizon just blocks those ports (and more). So you can't even attempt a web, email or DNS server. So is Verizon in trouble with the FCC? I would order FIOS today if I could use those ports!

said by Hehe :
Well, about 1 month after they said I was spamming and made me shut down my ports 25 and 53 I got my service back. 1 month later they disconnected me, when I called I was told ports 25 and 53 are active, so they shut me down. I promised to never use those ports again. They said if they ever detected them open my service would be permanently disabled.

said by Hehe :

What is wrong with a home DNS server? I have been doing DNS for about 10 years now.

said by NormanS :

I don't think the FCC really cares whether residential ISPs block certain ports, when those ports are not really necessary for residential services.