pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
| Thanks Idiots!
I would hereby like to thank all the clueless, ignorant, lazy or just plain stupid computer users out there for prodding my ISP into reducing the functionality of my internet connection because they are too clueless, ignorant, lazy or just plain stupid to learn about basic things like virus protection and to finally stop clicking on every single email attachment without thinking first. Do you all buy cars without learning how to drive as well?
I don't run my own mail server, but I do send email through my own domain hosting company's email server (mail."mydomain.com"). And thanks to all of you stupid fools out there, now I won't be able to do that. Ugh.
--
Do the world a favor, Saddam. Kill yourself. |
|
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
 ·VoicePulse
| I am in the same boat. This will prevent all users from being able to say, send email from their work address at home. Anyone with a Road Runner accoun tfor example can only send email from their rr email address.
Stupid. Just plain stupid.
--
AMD XP2500+ @2388mhz/ Asus A7N8X-E Deluxe/ 2x 512Mb Kingston HyperX PC3500/ WD 120Gb on serial/ Gainward GF4 4600/ Enermax 465P-VE/Custom water cooler |
|
LBDSL
Lightning Bolt
VIP
join:2002-01-07
Auburn Hills, MI
| said by Camelot One  :
Anyone with a Road Runner accoun tfor example can only send email from their rr email address.
This isn't totally true, at least not in some parts of the US.
I have a few clients who use RoadRunner to access the net, but use us to host their site, and email.
They are able to use the SMTP server we give them with their hosting account to send mail.
--
Lightning Bolt Technologies |
|
Steve
R.I.P. 3B2
Consultant
join:2001-03-10
Tustin, CA
| reply to Camelot One
said by Camelot One :
I am in the same boat. This will prevent all users from being able to say, send email from their work address at home. Anyone with a Road Runner accoun tfor example can only send email from their rr email address.
Stupid. Just plain stupid.
What's stupid is that Road Runner even considers the "From" address when relaying email - this is no kind of security (I understand Verizon did this too, perhaps they still do).
If the source IP address is from a "trusted" source - from within RoadRunner's own network - there is no good reason for disallowing users to include any From: address they wish, including valid work addresses.
An ISP that blocks outbound 25/tcp and limits users to the @isp.net From address is doing a bad thing.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
jester121
join:2003-08-09
Lake Zurich, IL
·ViaTalk
| reply to pnh102
said by pnh102 :
I don't run my own mail server, but I do send email through my own domain hosting company's email server (mail."mydomain.com"). And thanks to all of you stupid fools out there, now I won't be able to do that. Ugh.
Since you're on Comcast you can use whatever you want in the FROM address on your e-mail, and send it through smtp.comcast.net. In other words, the e-mail shows up as coming from "pnh102@yourdomain.com".
Unless the recipient looks at the headers, there's no way they'd even notice it. With SMTP-Auth turned on (which Comcast does support) you can even do this from an wifi hotspot anywhere on the internet without changing e-mail settings (if you use a laptop).
Next objection? |
|
Nice Try
join:2003-04-17
Silver Spring, MD
| reply to pnh102
»www.dnsmadeeasy.com/s0306/prod/msf.html
$15.95 a year and problem solved.
Of course, I'm with you, you shouldn't have to pay more but at least there is a solution for you. |
|
ChrisN4BSA
Premium
join:2002-05-31
Clearwater, FL
edit:
January 29th, @02:01PM
| reply to Camelot One
This isn't totally true. I'm net admin for a company here in Tampa, and was able to use our company SMTP server (port 25) via my home Roadrunner connection.
However - just today we have implemented a new non standard inbound SMTP port that will allow us to get around the port 25 filtering for those employees that are lucky enough (or is that unlucky?) to be on an ISP that blocks port 25 SMTP traffic.
And - as much as it sucks, amen for the ISP's blocking port 25. I hate to be punished for clueless users, but if it helps slow down the spread of viruses that spread via email, I'm all for it. I'm sick & tired of having to spend hours every day checking our mail quarantine because of all spam zombies in the wild. |
|
MWR2NY
join:2002-02-06
Edgewood, MD
| reply to jester121
I'm on Comcast and last November when Comcast decided to block port 25 they didn't tell anybody including their own tech support. I went about a week without being able to send mail through my own domain. It took a couple days of tech support at my web host to figure out a work around. Comcast and other ISP's should of posted something to let everyone know what they were doing. |
|
Nice Try
join:2003-04-17
Silver Spring, MD | I don't believe comcast is blocking 25 in my area. I can still send and receive mail. |
|
en102
Canadian, eh?
join:2001-01-26
Valencia, CA | reply to pnh102
If your hosting company is somewhat decent, they should have the ability to do web mail, or allow you to use another port, or better yet, run SMPTS on port 465 (SMTP over SSL) |
|
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
·VoicePulse
| said by en102 :
If your hosting company is somewhat decent, they should have the ability to do web mail
And if your ISP was decent, your hosting company shouldn't have to. I hate webmail. SSL is an option I guess, but I still have a problem with ANY port blocking that is not done by me.
--
AMD XP2500+ @2388mhz/ Asus A7N8X-E Deluxe/ 2x 512Mb Kingston HyperX PC3500/ WD 120Gb on serial/ Gainward GF4 4600/ Enermax 465P-VE/Custom water cooler |
|
en102
Canadian, eh?
join:2001-01-26
Valencia, CA | I can see the day, when all ISP's will be running discount web for NAT traffic, and browsers will be full of cookies as well.... I weep for that as well. |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| reply to Steve
That is what REPLY-TO/reply address is for
quote:
I am in the same boat. This will prevent all users from being able to say, send email from their work address at home. Anyone with a Road Runner accoun tfor example can only send email from their rr email address.
That is what the REPLY-TO (in OE accounts, the "reply address") is for.
SENT-BY (FROM or, in OE accounts, the "email address") is formally supposed to be the email address on the ISP the computer is actually on. As noted by another poster, only a few ISPs check this.
ISPs should not be limiting the REPLY-TO (unless maybe the customer has been a problem), but to follow the original intent of the standards, they all should have been limiting the SENT-BY.
My personal feeling is that ideally such filtering (port 25, spam, email virus) should a user configurable, and default to filtering for new accounts.
I think the problem is technical:
1. It increases overhead to add a bunch of individual IP addresses to port blocking rules in the router.
2. There is a bit of manual effort involved in updating the rules for individual customers.
It isn't dumb users that are responsible for "reduced functionality", it is the hackers and spammers who exploit them. |
|
cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| reply to ChrisN4BSA
Re: Thanks Idiots!
Indeed. For access to business servers or other SMTP servers that your ISP blocks, a simple ipfw rule on the server machine (or the router the server is behind) will fix this:
sudo ipfw add fwd serveraddress,25 tcp from any to me inboundport
Where serveraddress is the address of the server (usually "localhost") and inboundport is the port you want to listen on in addition to 25.
NOTE: I'm not responsible for any damage to your machine running this command may incur. Always modify ipfw rules locally as they may interrupt tcp/ip access. Tested on MacOS 10.3.2.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? |
|
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
| reply to jester121
said by jester121 :
Since you're on Comcast you can use whatever you want in the FROM address on your e-mail, and send it through smtp.comcast.net. In other words, the e-mail shows up as coming from "pnh102@yourdomain.com".
First, why should I have to do anything differently? I am not sending out viruses or spam so I should not be inconvenienced. Go punish the idiots who refuse to properly protect their machines. Its not rocket science or brain surgery, anyone who is willing to read up on the topic can do it.
Second, its mail.comcast.net, not smtp.comcast.net 
said by jester121 :
Unless the recipient looks at the headers, there's no way they'd even notice it.
True, but still it begs the question, why should someone who is not part of the problem be inconvenienced?
--
Do the world a favor, Saddam. Kill yourself. |
|
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
| reply to MWR2NY
said by MWR2NY :
I'm on Comcast and last November when Comcast decided to block port 25 they didn't tell anybody including their own tech support.
This is somewhat off-topic but there was a time when I thought Comcast had done the same thing to me. I contacted Comcast through a support email and they told me they had not started blocking port 25. The problems turned out to be the result of me changing the MAC address of my router and not changing some settings therein to make it work right. Once I changed the MAC address to the original one, my email worked fine.
--
Do the world a favor, Saddam. Kill yourself. |
|
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
| reply to ChrisN4BSA
said by ChrisN4BSA :
I hate to be punished for clueless users, but if it helps slow down the spread of viruses that spread via email, I'm all for it.
Why not yank access for the idiots who don't bother to secure their machines and/or clean up their systems?
--
Do the world a favor, Saddam. Kill yourself. |
|
Steve
R.I.P. 3B2
Consultant
join:2001-03-10
Tustin, CA
| reply to keith2468
Re: That is what REPLY-TO/reply address is for
said by keith2468 :
That is what the REPLY-TO (in OE accounts, the "reply address") is for.
SENT-BY (FROM or, in OE accounts, the "email address") is formally supposed to be the email address on the ISP the computer is actually on.
Says who?
This premise cannot possibly hold water, and it's hard to even know where to start.
First, and most broadly, your online identity is anything you want it to be, and in my book, you "are" any email address to which you have valid access to the mailbox. This gives me probably a half a dozen email addresses, none of which is the "real" address unless I say one of them is.
Second, many people purchase IP services with the sole intent of routing IP packets, and they do not buy into the additional services (email, web space, home page) that the ISP may offer. I have Pac*Bell DSL, but as far as I know I don't have a @pacbell.net email address.
Finally, there is no required connection between "email address" and "physical location" - otherwise this premise would play havoc with the salesman on the road: does he get a new "Sent-From" email address in every hotel?
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
purdyturdy
@207.46.x.x
| reply to Nice Try
Re: Thanks Idiots!
Same here, Seattle area and can send mail through Comcast to my own SMTP server at another ISP (which uses SMTP auth).
-template-
I say they should block port X, because a virus/trojan/worm/backdoor/spammer/hax0r could pass traffic through that port to do naughty things.
-endtemplate- |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| reply to en102
said by en102 :
If your hosting company is somewhat decent, they should have the ability to do web mail, or allow you to use another port, or better yet, run SMPTS on port 465 (SMTP over SSL)
Err... Use of port 465 (SMTPS) is technically depricated. Mail servers should run TLS/SSL on port 25. It's just up to the SMTP client to ask the SMTP server to talk TLS/SSL.
Granted, you can also do SMTP transactions on other ports (either through a second listener on the SMTP server or using additional firewall redirects on firewall protected mail servers), but the current specs define functionality for TLS/SSL be done over standard SMTP ports.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" |
|
