 
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
 ·Comcast
| Ugh... Its too bad the money to be made off of stupid users who refuse to secure their machines is more important to BellSouth than the responsible users who do secure their machines.
--
Keep America Strong! Bush/Cheney 2004 | |
|
 | 
Rob
In Deo speramus, God Bless the USA
Premium
join:2001-08-25
Kendall, FL
·Comcast
| Re: Ugh... said by pnh102  :
Its too bad the money to be made off of stupid users who refuse to secure their machines is more important to BellSouth than the responsible users who do secure their machines.
I don't see Comcast making any improvements to help lower the number of spammers on their network -- making them the #1 ISP with the most spam users.
--
It is a man's own mind, not his enemy or foe, that lures him to evil ways. | |
|
| |
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
·Comcast
| Re: Ugh... said by Rob :
I don't see Comcast making any improvements to help lower the number of spammers on their network -- making them the #1 ISP with the most spam users.
But at least Comcast isn't blocking port 25 (yet). I don't see why I should have my network connection hobbled because of idiots who refuse to secure their machines. I would fully support any ISP that yanks connectivity from lusers who refuse to use firewalls and/or patch their operating systems.
--
Keep America Strong! Bush/Cheney 2004 | |
|
| | |
Rob
In Deo speramus, God Bless the USA
Premium
join:2001-08-25
Kendall, FL
·Comcast
| Re: Ugh... said by pnh102 :
said by Rob :
I don't see Comcast making any improvements to help lower the number of spammers on their network -- making them the #1 ISP with the most spam users.
But at least Comcast isn't blocking port 25 (yet). I don't see why I should have my network connection hobbled because of idiots who refuse to secure their machines. I would fully support any ISP that yanks connectivity from lusers who refuse to use firewalls and/or patch their operating systems.
I agree. But maybe if they started blocking port 25 the number of spam messages would go down.
BellSouth isn't blocking all users, only new users and those who upgrade.
Since BellSouth DSL is using PPPOE, and each customer has a "profile", I think it should be on a per customer basis. If a customer is found spamming, their account should get their port 25 blocked and after 6months to 1 year, have the block removed.
If all ISPS continue to block 25, then port 26 will become the new "stanard" port.
--
It is a man's own mind, not his enemy or foe, that lures him to evil ways. | |
|
| | | | 
heels_fan
1.20.09 The start of Socialism
Premium
join:2003-02-07
Columbia, TN
| Re: Ugh... Rob,
sooner or later they will be blocking all users. They started with the Dial-up accts and are slowly migrating to DSl. I had my port 25 block about 2 months before getting the new Extreme package. Eventually everybody will be blocked
--
To win 100 victories in 100 battles is not the highest skill. To subdue the enemy without fighting is the highest skill. -Sun Tzu | |
|
| | | | |
| | | | | |
| | | | weedahoe
join:2003-09-14
Duluth, GA
1 edit | said by Rob :
said by pnh102 :
said by Rob :
I don't see Comcast making any improvements to help lower the number of spammers on their network -- making them the #1 ISP with the most spam users.
But at least Comcast isn't blocking port 25 (yet). I don't see why I should have my network connection hobbled because of idiots who refuse to secure their machines. I would fully support any ISP that yanks connectivity from lusers who refuse to use firewalls and/or patch their operating systems.
I agree. But maybe if they started blocking port 25 the number of spam messages would go down.
BellSouth isn't blocking all users, only new users and those who upgrade.
Since BellSouth DSL is using PPPOE, and each customer has a "profile", I think it should be on a per customer basis. If a customer is found spamming, their account should get their port 25 blocked and after 6months to 1 year, have the block removed.
If all ISPS continue to block 25, then port 26 will become the new "stanard" port.
All customers are getting port 25 blocked, it doesnt matter if you are new or old, and there is no getting the block off, it is clearly for spamming and security issues, customers cant get a "business" account and get the port unblocked, it doesnt work that way, if you arent blocked yet then look for it coming, all major ISPs are headed in this direction.....and Im glad......im tired of all the people whining about spam and dont know why they get it. Keep your computer CLEAN and quit giving your address to every website and/or person you meet. Keep you address book in a text file so IF you get infected it cant use it. Get educated on what is out there and what you can get just by going to the wrong site or giving the wrong person/website your email address. | |
|
| | | | | 
KoolMoe
Aw Man
Premium
join:2001-02-14
Annapolis, MD
clubs:
 ·Verizon FIOS
 ·Speakeasy
| Re: Ugh... One reason I have SpeakEasy as my ISP is because they don't block ports nor have limitations against servers. If SE blocked port 25, killing my email server, I would look elsewhere. I don't think SE will do that, however, as such an open ToS is part of its attractiveness.
I would call SpeakEasy a fairly major ISP these days.
BUT I do agree that methods should be made to enable blocking ports on a per-subscriber basis. If I neglect my updates and security, I would have no problem with SE blocking port 25 for a few months if I were found to be a spam relay. In fact, I'd encourage it.
Keeping one's address book as a separate text file is a bit extreme. Myself, I use Mozilla for email and web browsing. So far, haven't had anything infect my machine, much less access and use my address book.
But I guess for some using Mozilla is just as extreme as keeping their address book as a separate text file 
KM
--
War Propaganda
Re-Defeat Bush! No One Died When Clinton Lied | |
|
| | | | berniep3
join:2004-06-29
Boca Raton, FL
| the port 25 blocking is for all bellsouth customers but the ones interested in upgrading their services to business
it is only a money broblem hidden behind a security BS.
if you know any petition or class action law suit I will be glad to join! | |
|
| | | | | weedahoe
join:2003-09-14
Duluth, GA | Re: Ugh... good luck with a class action suit because you agreed with the ToS when signing up for the service. you know, the part where you are to use your own exchange server, email server and things of the like?? | |
|
| | | fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by pnh102 :
But at least Comcast isn't blocking port 25 (yet).
They will, sooner or later. It is the cheapest way for them to fix the problem. No staff to investigate complaints...just lock it all down at the router.
What would be cool is if they and other providers set it up so that users that want port 25 (for example) could request it. Perhaps make it another class of service and include a static IP.
Since, 90 percent (guess) of people dont need or want it the problem is solved and both sides win. | |
|
| | | |
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
·Comcast
1 edit | Re: Ugh... said by fantomposter :
They will, sooner or later. It is the cheapest way for them to fix the problem. No staff to investigate complaints...just lock it all down at the router.
You're correct... simply blocking the port is the easiest (but IMO the most aggravating) way to solve the problem. What bothers me though is that when the next major Internet annoyance comes along, they will just block the port for that too, and so on and so forth, until the whole damn connection is useless.
Next you'll hear of ISPs blocking port 80 to eliminate popup ads and spyware downloads.
--
Keep America Strong! Bush/Cheney 2004 | |
|
| | | | | |
| | | | | | 
Qumahlin
Never Enough Time
Premium,MVM
join:2001-10-05
united state | Re: Ugh... Comcast did do that for a short while, but stopped after complaints.
--
Forum Posts:4326 | |
|
| | | | | | | keyboard5684
join:2001-08-01
Youngsville, PA | Re: Ugh... Verizon does that, it is pretty transparent though.
Still, something many do not know.... | |
|
| | | | | | |
| | | 
shans001
join:2000-08-13
Chesapeake, VA
| Cox in Virginia is blocking it too. I remember things breaking on me. Not only did I have outlook problems, my scripts for the linux servers stopped working. Usually, I have the server email me via a script when it is done doing something, like rsyncing. I wasn't too happy about it. After debugging, I went to the website and searched what they did. Pure B.S.
After this protection against spamming, has it worked? I steadily get more and more spam myself. | |
|
| | | ParanoiaInc
join:2002-08-28
Tucker, GA
| said by pnh102 :
said by Rob :
I don't see Comcast making any improvements to help lower the number of spammers on their network -- making them the #1 ISP with the most spam users.
But at least Comcast isn't blocking port 25 (yet). I don't see why I should have my network connection hobbled because of idiots who refuse to secure their machines. I would fully support any ISP that yanks connectivity from lusers who refuse to use firewalls and/or patch their operating systems.
Which IS the problem! Until Comcast blocks port 25 to keep 'certain' customers from using Comcast SMTP servers for inappropriate activities, the problem will continue. | |
|
| | |
| | | Daemon
Premium
join:2003-06-29
San Francisco, CA | Re: Ugh... That's probably because you are on SBC and the attacks tend to come from sources closer to you (i.e. fewer hops)
--
-Ryan
Find me in the networking and Microsoft help forums | |
|
| | | |
| |
| | russotto
join:2000-10-05
Collegeville, PA | Re: Ugh... Why should anyone provide SMTP at an alternate port, except to get around blocks such as this one? Port 25 is the standard. | |
|
| | | |
| ParanoiaInc
join:2002-08-28
Tucker, GA
| Mindspring was blocking port 25 back in 1996 when I worked for them. This is not new at all. There shouldn't be a legit reason to be sending mail using your ISP's dmain mail server while not using your ISP's domain.
And the problem isn't as simple as stupid users not securing their accounts/computers, but that Spammers signup for accounts and then use accounts elsewhere to relay through the unfortunate ISP's SMTP. This is an old trick that no mature ISP would allow the convenience of port 25 being open in the first place. | |
|
| | fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| Re: Ugh... said by ParanoiaInc :
There shouldn't be a legit reason to be sending mail using your ISP's dmain mail server while not using your ISP's domain.
Large attachemnts. The IPS's are way behind the times on file size and limits. Other than that you are corrrect  | |
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Nothing new... A number of local providers do that already. It's a decent tactic, as it prevents most worms from working. Clued users with useful ISPs and mail providers can still use whatever servers they want.
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
|
| 
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26 | Re: Nothing new... I agree, providers need to do that with an increasing number of spammers using residential broadband.
--
Jesus saves, but only Buddha makes incremental backups. | |
|
Nightfall
My Goal Is To Deny Yours
Premium,MVM
join:2001-08-03
Grand Rapids, MI
·AT&T Midwest
 ·Site5.com
·Comcast
| Should be a standard for all consumer broadband! The blocking of port 25 should be a set standard for all consumer broadband connections across the board. Frankly, if users want to run mail servers, but can't lock them down, then they should be blocked. If a user wants that port unblocked, then the user can apply to have it unblocked.
Personally, I don't see why a common user would want to have that port open. In fact, I will go as far to say that 95% of the people on consumer broadband doesn't have a need to have that open. Those that do want that open, well, the application they fill out will explain if they are infected or exploited, then their connection will be shut off.
I know, a little extreme, but in this world of zombied machines and server administrator wannabes, it is the best thing to do.
--
My Domain
Nightfall's Hockey and Life Journal | |
|
|
|
See 13 replies to this post |
|
|
|
See 6 replies to this post |
|
cox user in alexandr
@206.107.x.x
|  Cox Blocks
Just wondering, has anyone heard of cox performing system upgrades in the Central Louisiana area? We're still paying $$$ for 1024/128!! | |
|
| RogerDucky
join:2002-01-04
Plano, TX
| Re: Cox Blocks Actually, simply blocking port 80 doesn't disallow http traffic -- you just have to set up the home web server to use some other port, and have people connect to your server via "http://my.website.com:someport/"
A little harder for people to type, perhaps, but not impossible to do. | |
|
| |
Joe P
@206.107.x.x
|  Re: Cox Blocks
| |
|
| | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Re: Cox Blocks said by Joe P:
Yeah. I wasn't too worried about the website of it. I was more aggrevated at the inbound SMTP to machines other than cox's mail severs was being blocked.
But it comes down to, "what services are you paying for" and "what does your ToS say?" If you aren't paying for a server-oriented service and/or have a ToS that prohibits running servers, then you really don't have room to complain.
If those types of activities are critical to you, find a service that allows it and PAY for it (and trust me, those services are considerably more expensive).
-tom
--
"There are 10 types of people in the world... those who understand binary and those who don't."
"That's only 2 types of people, moron" | |
|
|
| 
roamer1
sticking it out at you
join:2001-03-24
Atlanta, GA
clubs:
| Re: Spammers are already getting around this! said by fatmanskinny :
How? If Bellsouth's e-mail only recognize @bellsouth.net e-mails for outgoing, spammers just put a fictitious e-mail ending in @bellsouth.net and add a different REPLY TO e-mail when you try and reply to that @bellsouth.net address.
BellSouth.net doesn't do and AFAIK has never done what Verizon did (i.e., you don't have to use @bellsouth.net as your From: address). The point of blocking outbound port 25/tcp (note, INBOUND port 25/tcp is usually not blocked by ISPs that block outbound -- I don't know about BellSouth specifically) is to cut down on "relay rape" and "direct to MX" types of spamming, and allow the ISP to count/rate-limit outgoing emails from a user to help nip spammers in the bud.
Port 25/tcp blocking doesn't usually create problems with using other ISPs'/companies' AUTHENTICATED SMTP servers, since they usually run on other ports (commonly 465/tcp or 2525/tcp.)
-SC
--
No-Bull SE US Wireless Info: »www.sewireless.info/
Atlanta Apt/Condo Cable & Broadband Info: »www.atlaptcable.info/ | |
|
| fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| said by fatmanskinny :
How? If Bellsouth's e-mail only recognize @bellsouth.net e-mails for outgoing, spammers just put a fictitious e-mail ending in @bellsouth.net and add a different REPLY TO e-mail when you try and reply to that @bellsouth.net address.
Maybe I misread what you ment, but outgoing smtp on all ISP's is much different than you describe.
Bellsouth does not look at the from address. They look at two things. One, if the to address is to bellsouth it accepts the email and delivers it locally.
Or two if the to address is not bellsouth they look at the IP address that the connection is coming from. If the sending connection is on Bellsouth's network it accepts the email and delivers it offsite. If the IP is from somewhere else, it refuses the email and returns a 5XX relaying denied error.
The from address is never looked at, for just the reason you mention, anyone can get around it.
Some ISP's do use authentication, either smtp username and password or pop before smtp. | |
|
| | |
| | | fantomposter
Phantom Poster
Premium
join:2002-09-21
Independence, OH
| Re: Spammers are already getting around this! said by fatmanskinny :
If I am not mistaken, when a company requires you to use OutGoing Mail Authentication, they are checking to see if you have a valid user account and password associated with that company. See images below.
Yep. But you wont find many ISP's that do that. They only do IP verification. So the fix to your above problem was to not use the company smtp for outgoing, but to use their ISP's. | |
|
RXDOC
You want what?
Premium,MVM
join:2002-03-13
Palatine, IL
clubs:
| From teh BellSouth site "Port 25: Why Filter Port 25?
Port 25 Filtering will stop Spammers from sending out huge waves of unauthorized junk email by preventing BellSouth.net email from being sent out through any non-.net mail servers. With Port 25 filtering, anyone logged into a BellSouth.net access number or connected via a defined BellSouth IP Address will only be able to send mail through the .net mail servers, thereby allowing us to block Spam sent out through our network."
Eventually all users will have this port blocked...not just Extreme
--
Join Team Discovery TSC! | Join The Health & Fitness Forum | |
|
| 
BIGMIKE
Premium
join:2002-06-07
Westminster, CA
| Re: From teh BellSouth site ISP's piping junk Porn that ok
Companies like General Motors, AOL Time Warner and Marriott earn revenue by piping adult movies into Americans' homes and hotel rooms, but you won't see anything about it in their company reports
»Corporate America Is Profiting from American Porn | |
|
bmn
? ? ?
Premium,ExMod 2003-06
join:2001-03-15
hiatus
 ·Packet8
| Work around... Posted this in the Cox forum when they blocked SMTP...
This works on Bellsouth as well since they don't block SMTPS. I use it everyday to connect to my mail server at Nac.net.
»Bypassing the outgoing SMTP (port 25) block...
--
Communism never failed, because it never existed...
Conservatives = enemies of personal freedom || Liberals = enemies of economic freedom | |
|
| Alphy
join:2001-12-31
Troy, MI | Sad but true I would venture to say over 50% (and that would be a rather conservative estimate) of an ISP's clients have unpatched/infected boxes. That's why they won't cut them off. | |
|
medfly
join:2003-05-15
Windsor, CO
| Bell south needs to block port 25 badly. I run my own mail server, and bell south has a HUGE spam problem. Because Bell south ignores ALL abuse complaints sent to it, as well as they host lots of major spammers outright, i've ended up blocking any ip address that show up in my logs that belong to Bell South. My current firewall shows these ranges as being blocked.
68.153.0.0/16
66.20.0.0/15
208.62.0.0/16
68.158.0.0/16
216.79.0.0/16
68.154.0.0/16
67.34.0.0/16
65.80.0.0/14
216.76.0.0/14
66.156.0.0/15
67.32.0.0/14
68.208.0.0/13
68.216.0.0/14
209.214.0.0/15
205.152.0.0/16
208.60.0.0/14
68.16.0.0/14
65.0.0.0/14
65.4.0.0/15
65.6.0.0/16
68.152.0.0/13
68.208.0.0/12 | |
|
| ParanoiaInc
join:2002-08-28
Tucker, GA
| Re: Bell south needs to block port 25 badly. As a business person dealing with problems originating in part from Bellsouth IP blocks, I am surprised you have not taken the time (have you?) to send a letter or email to Dwight Ackerman, CEO of Bellsouth and letting him know about the problems his ISP division presents in being anti-standard in the ISP industry. Let me know if you need his email addy. | |
|
| | medfly
join:2003-05-15
Windsor, CO
| Re: Bell south needs to block port 25 badly. said by ParanoiaInc :
As a business person dealing with problems originating in part from Bellsouth IP blocks, I am surprised you have not taken the time (have you?) to send a letter or email to Dwight Ackerman, CEO of Bellsouth and letting him know about the problems his ISP division presents in being anti-standard in the ISP industry. Let me know if you need his email addy.
As a network admin ,its been my experience that Telco's just dont give a shit about who gets harrassed with spam coming from their network. I block so much of verizon, SBC, Bell south, etc its not funny. I find it easier to harshly firewall telco ip ranges then waste time bitching at some suit who probably cant even tell me what TCP stands for, let alone understand the problem of spam. Eventually when many of these large isps are so heavily blocked and firewalled their their network traffic comes to a crawl (Hello NAC anyone?), they will get a clue and clean up. In the mean time, say hello to my little friend (waves iptables at the spammers on Bell south) | |
|
hang10
join:2002-11-03
Temecula, CA | DSL Extreme Does not Block DSL Extreme takes a proactive role. They will unblock your port 25 but they also randomly check for open relays on your system. If they find an open relay they shut you down.
Thats the way it should be done | |
|
| |
epojohnsonmn
join:2004-08-18
Palm Coast, FL
| BellSouth Port 25 Blocking I upgraded to BellSouth xtreme DSL on Tuesday the 3rd of August. On Saturday August 7th, I lost the ability to send or receive mail through port 25, except through the BellSouth mail servers which limit attachment sizes to "about" 3Mb.
I wasn't notified of the impending change as is stated as a requirement to changing the terms of service, located at:
»home.bellsouth.net/csbellsouth/s···greement
Being adversely affected both because my service was reduced while my bill remains the same, and because I wasn't notified causing me extra hardship, I called BellSouth and spent half the day getting transferred around to all departments trying to find a resolution.
I finally negotiated 2 months free DSL, which of course doesn't make up for the loss, but may be the only recourse that is available (until cable comes to my area).
Call:
888.321.2375
Option 3 for billing
and negotiate your compensation dammit!
If you don't get a refund, file a complaint with the public service commission of your state (search for "Public Service Commission Florida") replacing Florida with your state. (In fact, file a complaint no matter what you get!) | |
|
|
|
|
Blocking Port 25
·
Spammers are already getting around this!
