Jump to content



Photo

Help me argue against AT&T blocking my outbound SMTP traffic

exchange smtp network

  • Please log in to reply
27 replies to this topic

#16 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 07 August 2013 - 02:11

You CAN NOT send out on 25 from most major players.. If comcast does not block they should, and even if they don't you can not send to any major players that do any sort of filtering based up you ip block (home user) Glad to see ATT is now blocking it as well.. There is NO reason for home connection to be able to send directly outbound on 25, there just isn't!! Now I don't like filters either, but the spammers ruined it for everyone!! And the only reason they could do that is idiot users actually opening and even looking at email that says **** like

Drugstore (Viagra,Cialis) 180 pills 174$ Secure and Trusted

For example - I'm on comcast, and I use to be able to telnet to aol mx for example... Just tried and seems I am blocked now? Good about time they did that!! But here example point I was going to make by actually connecting to aol.com mx from my home connection.

Example error you would coming from an IP that should not be sending mail.

Trying 205.188.156.193...
Connected to mailin-03.mx.aol.com.
Escape character is '^]'.
220-mtain-dl03.r1000.mx.aol.com ESMTP Internet Inbound
220-AOL and its affiliated companies do not
220-authorize the use of its proprietary computers and computer
220-networks to accept, transmit, or distribute unsolicited bulk
220-e-mail sent from the internet.
220-Effective immediately:
220-AOL may no longer accept connections from IP addresses
220 which no do not have reverse-DNS (PTR records) assigned.


Here is the thing to run a email server, there are few rules you need to follow. One as you can see above is your PTR should actually match the forward you present to the server your wanting to send mail too.. So for example if my server is mail.domain.com -- when you look up its IP via PTR it should return mail.domain.com

Another rule most major players play by is your IP block your coming from can not be listed as dynamic or used to give IPs address to home users, etc..

If you want to run smtp server out of your house - you want to send email directly your going to have to follow the rules.. If your on a dynamically assigned IP from a major ISP, these are going to be blacklisted..

example
554 RTR:DU

AOL uses the Spamhaus PBL to block mail from dynamic and residential IP addresses. Per our E-mail Guidelines, we do not accept mail from such addresses. If you believe your IP is listed in error, please contact your ISP directly and have them update their listing with the PBL. If...
your ISP reports that the IP is correctly listed in the PBL, and that you should be able to send mail from it, or
you were recently assigned IPs, have changed the rDNS on them, and allowed 48-72 hours for propagation time...and you are still getting the error, please open a support request.

Home internet connections are normally not meant for you to run services such as email, ftp, http servers that provide services to the public net.

And even if their AUP does not deny you the ability to run such services, most major players will not accept mail from you if your IP is listed as a home/residential type connection.

If you want to run mail services out of your house, where you actually send email directly to accepting smtp servers for a domain. Your going to want a valid PTR that matches your forward you present to them, and your also going to need to have your IP not listed as a home user type connection.

Normally there is no block in accepting email, so you could use a smart host to send your mail.. Either your isp mail server, but they normally don't allow you to send from address other than your own. But there are plenty of services will be a smart host for you.. where you send them your outgoing mail, and they send it on for you (relay) where their servers meet the requirements of sending mail on the public net. And normally you can talk to them on a port other than 25, which again is quite often blocked outbound from major ISPs.

There really is no valid reason to run email services out of your house on user type connection.. Its not worth the time, its not saving you any money - having to have box open 24/7/365 - dealing with security issues.. if you don't know what your doing your going to be a spam relay very quickly.

It much easier and safer and cheaper to just run the server at a host, be it a vps, be it a dedicated server, be it a webhost even - they can accept mail for your domain(s) and send for them as well.

If you really want a exchange server at your house -- get a cheap $15 a year vps and use it to route your mail for your domains, and just have your exchange server pick up and relay mail through it.

Good luck though.. I figured out its pointless hosting my own mail out of my home connection about 10+ years ago ;)


#17 vcfan

vcfan

    Straight Ballin'

  • Tech Issues Solved: 3
  • Joined: 12-June 11

Posted 07 August 2013 - 02:12

Oh? He specifically mentions Exchange. If he doesn't have an Exchange Server he should be connecting via ActiveSync or RPC over HTTP. Either way SMTP wouldn't be used and wouldn't be a problem.

 

-Forjo

yeah youre right.for some reason i completely misread exchange as outlook. not enough coffee ;) but yeah,some isps do block connections to remote smtp servers from software like outlook. but my bad,servers are mostly a big no no like you said with isps



#18 lars77

lars77

    Neowinian

  • Joined: 18-April 08
  • Location: USA

Posted 07 August 2013 - 02:51

Is your port 25 unencrypted?  Why would anyone want to send email through an unencrypted port 25 connection anyway?

 

There's a reason Gmail's SMTP only uses ports 587 (TLS) and/or port 465 (SSL).  Port 25 is way too old school & unsecured thus is generally blocked by default.  If you really want to pursue setting that up, at least do it correctly & lock it down with TLS/SSL.



#19 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 36
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 07 August 2013 - 12:36

Congratulations your mail client has an encrypted path to the mail server but did you know that the mail servers still talk to each other on port 25? So that means even though you encrypted your leg it eventually is put on an unencrypted leg.

#20 Brian M.

Brian M.

    Neowinian Senior

  • Tech Issues Solved: 11
  • Joined: 07-January 05
  • Location: London, UK

Posted 07 August 2013 - 13:03

Congratulations your mail client has an encrypted path to the mail server but did you know that the mail servers still talk to each other on port 25? So that means even though you encrypted your leg it eventually is put on an unencrypted leg.

 

He doesn't need to be concerned about how servers do or do not talk to each other. All he needs to be concerned about is getting his email to his SMTP server, and I haven't seen anything in this thread that says he can't do that.

 

I wish all ISPs blocked port 25 personally - there's no need to use it, and if someone get's a virus from going to a random porn site, I'd prefer their machine wasn't able to help contribute to the massive amounts of email spam that you get.



#21 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 36
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 07 August 2013 - 13:09

He doesn't need to be concerned about how servers do or do not talk to each other. All he needs to be concerned about is getting his email to his SMTP server, and I haven't seen anything in this thread that says he can't do that.

 

I wish all ISPs blocked port 25 personally - there's no need to use it, and if someone get's a virus from going to a random porn site, I'd prefer their machine wasn't able to help contribute to the massive amounts of email spam that you get.

 

 

He wants to be able to send out from his smtp server on his site that is on the ATT Uverse network. 

 

 

 

Before when I was on comcast, I had no issues sending/receiving from Exchange to gmail, yahoo, etc.  The moment I swapped the line, I could only receive, but not send.    I did some research and saw that it looks like AT&T Uverse blocks SMTP traffic, so I called up AT&T and first got the Philippines, which was no help, then I got someone in India, who didn't even know what Exchange was.   They claim they don't block any ports (except neither could tell me what port SMTP ran on), yet when I try doing some basic tests, I get failures."

 

He has to be concerned with how servers talk to each other because how I am reading this, he has an Exchange Server (which is a mail server) on premise that is connected to the ATT network to transmit mail messages.  The only way around this is to relay messages, as budman stated, to a source that can relay messages.  A mail relay probably won't use a default communications port to accept the incoming messages to get around the port 25 block.

 

Another solution would be to upgrade to business class with static addressing, they shouldn't block anything on business class with a static address block.



#22 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 07 August 2013 - 13:19

So took a quick look, since I am on comcast and use to be able to outbound on 25..

http://customer.comc...nger-supported/

So this makes sense why blocked now, date on that is july 19th, so even if you would of kept comcast you would of been out of luck..

In the article they list

Comcast does not support port 25 for the transmission of email by our residential Internet customers. Much of the current use of port 25 is by computers that have been infected by malware and are sending spam without the knowledge of the users of those computers.

Many ISPs, both in the USA and around the globe, block port 25. These include:

Verizon
AT&T
NetZero
Charter
People PC
Cox
EarthLink
Verio
Cablevision
All Japanese ISPs
France Telecom / Orange

#23 MikeFu84

MikeFu84

    m0o!

  • Tech Issues Solved: 1
  • Joined: 09-December 03
  • Location: Fredericton, NB
  • OS: Windows 8.1 x64 Pro / Mac OS X 10.9.5 Mavericks
  • Phone: Nexus 5 (KitKat 4.4.4 w/ Franco Kernel)

Posted 07 August 2013 - 13:44

I work for an ISP and we won't unblock it. Hardware we currently have in place doesn't allow one off exceptions. We do however allow normal SMTP traffic on 587 as the OP mentioned, not just SMTPS. From my understanding of ISP's I've personally delt with, this is common practice in Canada if you are not using the ISP's SMTP servers.



#24 Night Prowler

Night Prowler

    Root Access

  • Joined: 26-August 01
  • Location: Wilmington, NC

Posted 07 August 2013 - 14:13

I spent two hours trying to explain to an 8 year, level 1 tech at AT&T that they were blocking the IP to my website. I could access it from any other connection that that was not AT&T. I finally gave up as it appears they hire inadequate high level techs that just don't have a clue.

 

I finally contacted my hosting site and they changed my IP and in about an hour I had a connection on the AT&T network.



#25 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 36
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 07 August 2013 - 14:24

level 1 is basically help desk, the higher the number the more knowledgeable they are.  level 1 is just about the equivelant as talking to a wall that is about to crumble on top of you, of which you are trying to explain why not to cruble on top of you in hopes that it will understand your reasoning not to crush you...its a falling wall, it doesn't have ears, but it will crush you.



#26 Torolol

Torolol

  • Joined: 24-November 12

Posted 07 August 2013 - 14:44

most ISP block these connections though, unless you forks more $$$ for these 'extra':

block.png

 



#27 Shadrack

Shadrack

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 20-December 01

Posted 07 August 2013 - 19:36

Can't you just use a different port number?  A lot of  ISPs block the default set of ports but almost all servers will work just fine on a port that you specify and most client software can be configured to connect to a port you specify. 



#28 Roger H.

Roger H.

    Neowinian Senior

  • Tech Issues Solved: 22
  • Joined: 18-August 01
  • Location: Germany
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 07 August 2013 - 20:03

Changing port to another port does you no good if other servers don't know to send it to you on another port. That's what standards are for.

 

You can listen on any port you want but if my server is sending on 25 to your 25 and gets no answer it will fail.

 

There are obviously workarounds as mentioned by BudMan but honestly it's prolly easier/cheaper to get a static IP which then allows you to open whatever port you need.