HolyRoses
join:2002-10-09
Grand Rapids, MI
| blocked port 25?
I am trying to send mail using a different SMTP server other than the one charter provides and it will not work. I cannot connect to port 25 on the remote server. I can connect to the port from other machines.
Anyone know whats up? This used to work before.
-HR |
|
stan999
Premium,VIP
join:2001-11-19
Fort Worth, TX
| said by HolyRoses  :
I am trying to send mail using a different SMTP server other than the one charter provides and it will not work. I cannot connect to port 25 on the remote server. I can connect to the port from other machines.
Anyone know whats up? This used to work before.
-HR
You can only send charter.net e-mail with a Charter connection. Port 25 is blocked as a way to block spammers from sending junk e-mails directly from their servers to the servers of their recipients, bypassing the ISP's logged mail servers. This means you cannot use a client to send e-mail using another smtp server with your Charter connection.
Stan Gunn
--
Charter Pipeline Solutions Website, TX Charter Pipeline Texas Support Board |
|
penelope_b
join:2001-12-09
Monroe, MI
| reply to HolyRoses
Stan is correct.
Due to the recent incredible proliferation of spam-sending worms/trojans/viruses, filters have recently been placed in Michigan to allow connections only to port 25 if you are a) a business subscriber or b) connecting to charters own SMTP servers.
Peace,
Pen |
|
Anarque
join:2001-12-13
Rancho Cucamonga, CA
| I recieved blocked emails from Aol address today. Here is the message
The original message was received at Fri, 17 Oct 2003 16:04:50 -0400 (EDT) from 66-215-192-188.rc-eres.charterpipeline.net [66.215.192.188]
----- The following addresses had permanent fatal errors -----
(reason: 554-(RLY:B1) The information presently available to AOL indicates this)
----- Transcript of session follows ----- ... Deferred ... while talking to mailin-04.mx.aol.com.:
>>> QUIT
>> QUIT
>> QUIT
>> QUIT
554-(RLY:B1) The information presently available to AOL indicates this 554-server is generating high volumes of member complaints from AOL's 554-member base. Based on AOL's Unsolicited Bulk E-mail policy at 554-»www.aol.com/info/bulkemail.html AOL may not accept further 554-e-mail transactions from this server or domain. For more information, 554 please visit »postmaster.info.aol.com. 554 5.0.0 Service unavailable
Since Changing to Charter.net from Earthlink's service nothing as been easy. 90% of my emails to Yahoo and Hotmail address are bouced too. I am going to have to pay Earthlink for thier email service. |
|
Apophis
Jaffa Kree
Premium
join:2001-12-27
Holmen, WI
clubs: 
| reply to HolyRoses
This isn't a 100% true
I've got a CBN account, ALL ports are open for me.....
Is HolyRoses referring to Residential customers?
--
Just say NO to Same-Sex Marriages, Affirmative Action, Liberals and PETA.Re-Elect George Bush 2004, The True Leader of this Country!!! |
|
paulhaskew
Unoffical Dominos Spokesman
join:2002-01-10
Vancouver, WA
clubs: | reply to HolyRoses
for CBN accts, no ports are blocked... as PEN said above... |
|
rlonghofer
join:2001-01-27
Lake Dallas, TX
| If you have your own server out on the internet, you might contact your provider, to see if they can route port 26 to 25 internal on their server, I run my own web servers, and ran into this problem with one of my customers who uses aol. They do the same thing, route port 25 thru their server no matter what server your trying to reach.
here is the linux addition that needs to be added to the server in the ipfpreroute.rules (Im using APF).
$IPT -t nat -I PREROUTING -p tcp --dport 26 \-j REDIRECT --to-port 25
or something similar, of course port 26 should be enabled to recieve too.
[text was edited by author 2003-10-17 23:27:05]
[text was edited by author 2003-10-17 23:27:55] |
|
Slayback
@mi.ch
| reply to stan999
Actually, it seems that you can send to/from any address if you're on the charter network. So, basically just change your SMTP server to mail.charter.net and it's business as usual. Granted, you may not completely TRUST them to handle your email, but that's a different story.
Seems to me that they're opening themselves up for spam generated internally. If that happens and they lock it down, then we're screwed.
I, for one, am going to be spending tonight getting SSL going on my mail server... |
|
mmainprize
join:2001-12-06
Houghton Lake, MI
| reply to HolyRoses
This sucks bigtime, Port 25 blocking just limits the power users and dont relay stop spam.
If you have more then one account provider then you are stuck using charter for STMP. I have a NEWS account as no ISP supplies a good NEWS server these days, Now i would have to post to the news server through the charter STMP server and that will expose all header info and take away the privacy i pay for from the NEWS service provider. This is just another loss of anunimity and lets other people track your evey move.
I setup OE6 to get mail from many e-mail accounts and use the switch user account feature to send mail, well the switch user will no longer work. Now all mail has to come from the charter account and that means that i will be spamed like crasy on that address as that is the address everyone will see in the from section of the mail. |
|
Robo74
@wi.cha | reply to HolyRoses
I have work email and a couple domains hosted outside of charter and all mail works for me..... |
|
HaloBox
join:2002-01-10
 ·Verizon FIOS
| reply to stan999
said by stan999 :
This means you cannot use a client to send e-mail using another smtp server with your Charter connection.
Stan Gunn
Hmmmm... I just did it. In fact, I can use any of the smtp servers I have to send SMTP email. You guys are routing my email just fine.
To be clear, you may be blocking connections from my cable modem to another SMTP server outside the Charter subnets, but you aren't blockng anything internal.
[text was edited by author 2003-10-24 00:26:54] |
|
borked
Cheese With That Whine?
Premium
join:2003-08-10
Kalamazoo, MI | reply to mmainprize
You may have to use Charter's SMTP server for sending mail. Your FROM address does NOT have to be a charter email address.
--
Whould you like a little cheese with that whine? |
|
CodeGorilla
join:2003-08-30
Salem, IL |  reply to HolyRoses
Maybe Charter should reread another BBR article from 10/22/2003 »Spam Zombies
Then Charter should get some competent technical advice on how to attack the problem and proceed INTELLIGENTLY. |
|
HaloBox
join:2002-01-10
·Verizon FIOS
| said by CodeGorilla :
Then Charter should get some competent technical advice on how to attack the problem and proceed INTELLIGENTLY.
Why do you think it's the ISP's issue? I'd prefer to have the ISP just deliver network connectivity.
The broadband ISP's get into trouble whenever the try to deliver other services like email, usenet, webpages, etc. They should stick with the key requirement and drop the price.
Then companies that want to build a business around email, nntp, http hosting and security could deliver those services packaged or ala carte.
The operating system vendors need to ship the OS with built-in safeguards and firewalls. It looks like Microsoft is moving that direction, and the Linux vendors have certainly packaged some goodies but they still haven't made it "easy" enough for the masses. |
|
penelope_b
join:2001-12-09
Monroe, MI
| reply to mmainprize
said by mmainprize :
This sucks bigtime, Port 25 blocking just limits the power users and dont relay stop spam.
I don't think you'd say that if you saw the matches on the ACL :P
Peace,
Pen |
|
pomfret
Who? Me?
Premium
join:2002-02-22
Pomfret Center, CT
clubs:
 ·Charter VOIP
 ·Charter Pipeline
| reply to paulhaskew
said by paulhaskew :
for CBN accts, no ports are blocked... as PEN said above...
Hmm... here in CT, I had to upgrade from a CBN Basic to a CBN Premium account in order to have "full access". I was told that all non-static IP accounts have port blocking enabled on them. |
|
CodeGorilla
join:2003-08-30
Salem, IL
| reply to HaloBox
My point was that the ISP can do some SIMPLE things to slow the spread of spam, including requiring password authentication in order to send spam on their networks, rather than the simpler and less secure method of using allowed access for IP blocks.
If you are connected to the Charter network, your computer can send e-mail THROUGH Charter's servers without any form of challenge. Therefore, if (or when) a Charter customer's computer is compromised, it can be used as a trojan for spammers, etc. to spread spam and/or virii. This gets especially hairy when the trojan listens on an unmonitored port (such as 6969 or the like) for remote commands from its originator. In this case, the trojan receives its commands via port 6969 and sends its outgoing payloads through charters own SMTP servers WITHOUT CHALLENGE.
As long as ISP's implicitly trust computers on their networks with open access to their SMTP servers, their networks will be insecure.
Personally, I'd like to see traffic shaping performed on all ISP's as well, but I doubt the money men will go for that. It seems more cost-effective to blame the users and perform "feel-good" security rather than implement REAL security measures. |
|
HaloBox
join:2002-01-10
·Verizon FIOS
| Your first point was too terse and didn't do much to educate anyone on the issue you are concerned with. Nobody will disagree that left unabated, we are due for some particularly nasty storms.
My point was that Charter should focus on providing data and video on the wire in the most cost effective fashion possible and get out of the email and other services business.
It will get interesting in the next year or two to see how protocol and packet filtering/forwarding/dropping will be handled by the broadband providers. |
|
rtcy
FACTS only please
Premium
join:1999-10-16
Beverly Hills, CA | reply to Slayback
you might inquire into setting up a openBSD box as a front end and then just do it al thru port 22. openssh. it might work better |
|
