ISP blocking port 25.


Recommended Posts

Use SSL or TLS to send your email -- this will normally be open.. For example, gmails smtp is on port 587 an uses TLS.

You sure its your ISP an not some antivirus running on your machine? Mcafee for example by default blocks 25.

But yes quite a few isps block 25 outbound from their network, since you should be using their smtp servers to send email ;)

Failing that - dyndns provides a smtp on different ports

http://www.dyndns.com/services/mailhop/outbound.html

Capabilities and Features

* Alternate outgoing ports: 25, 465, 2525, 10025, and 10465

* Authenticated relaying over SSL/TLS and SMTPS

  • 1 month later...
  nonick said:
What kind of lame ISP that blocks standard port for email? lol wtf?!

Quite a few LARGE ISPs block outbound traffic from their network on 25, since NO users computers should have any use to talk to email servers directly.. They should/would be using the ISPs email servers to send email. If your machine is trying to talk to servers outside your ISPs network on 25, more than likely its infected with something trying to send spam or itself to other users.

For that matter most major email domains would not accept email from a dynamic IP anyway, etc.

Users have little use for talking on port 25 outbound from their ISPs network. If more ISPs did this, you would see a HUGE reduction in spam..

If you need to use a smtp server outside of your ISPs network, then you should be connecting to this server SECURE anyway, ie using SSL or TLS -- which would NOT be on port 25.. Connecting to your an outbound smtp server without the use of encryption sends everything in CLEARTEXT across the public net, quite possible your username an password if your smtp server requires auth -- which most of them do.. Does that sound like something any sane person would want to do??

  Shof said:
26 should always work i think

An where would you have gotten that idea from? 26 is NOT a standard smtp port, nor is it a standard the ISPs would use to allow users from outside their network to talk to their servers on. Yes some do -- but that does not in any way mean "it should always work" :rolleyes:

Unless the smtp server has been specifically set to listen on this port - it would NOT WORK! Now what is a STANDARD is for the smtp server to use SSL or TLS which are standard ports -- an normally would be open for traffic outbound from a ISPs network vs 25.

Well if you have a large infrastructure of servers protected by firewalls that block port 25 directly, and don't offer a way to send email unless you are actually on their network...there's not a ton of ways to scam your way in/out.

Public domains that allow direct connects on port 25 get their servers spammed all day long. We used to get over 25,000 per day (we have 8 people in this company) and went with Postini. We now get about 1,000, all which are legitimate. (Yes, I used the word all - no one here gets spam) We block port 25 for EVERYONE unless it comes from Postini's servers. So unless they find a way around that, our firewall will continue to block that crap all day, every day. I don't see a spammer getting around that without putting more money into a solution than what they'd stand to make out of the ROI.

I wouldn't go as far as to say that blocking ports is never a solution. It takes care of the majority of the needs out there. And if further filtering is needed, it can be done with minimal effort.

Lets also keep in mind there is a HUGE freaking difference between a SMTP server to accept inbound mail for a domain, an one that is setup to SEND email on behalf of users of that domain. Even though they both use tcp port 25, an yes this quite often can be the same server.

Blocking OUTBOUND from a ISPs network on 25 for machines other then their sending SMTP servers is very LEGIT way to curb spammers an more an more ISPs are doing it. Here lets go over the basics.

Lets say your a customer of ISP-X, they give you an email address user@isp-x.com -- to send email from this address you talk to smtp.isp-x.com.. This is on the ISPs network, an so are you -- there is no traffic outbound from their network on 25 needed for you to send email thru this server. Since their server smtp.isp-x.com is allowed to talk outbound from their network on 25, an will deliver the email to whatever domain your sending to.

If your machine gets infected with something that wants to send email directly to other domains, it can not! Since your not allowed to talk outside of the ISPs network on 25.

If you infected with something or just use want to send spam using your ISPs smtp server to relay the email, for starters the from address has to BE yours -- not some made up crap, since the ISPs smtp server will only send email from users@isp-x.com So it would be easy to track the spam sent from your legit from address -- an all the kickbacks to bad addresses would get kicked back to the sending domain. Also most likley your ISP email server limits outbound email per hour, an would notice you trying to send 1000's of emails, etc. Also their server most likely would require you to auth before sending to it.. Some infection more than likely would not be able to do that, etc.

Now lets say your on the road an want to send your email from some other network that does the same thing they block oubound from their network on 25 for anything other than their smtp servers delivering mail to other domains.

That should not be a problem if you were using SSL or TLS to talk to your isp-x smtp server to send mail, since this road network does not block those ports.. Only 25 which is used to deliver inbound email as well as outbound email, the SSL an TLS ports can not be used to deliver email, only for sending it. They accept inbound taffic from anywhere on 25, they just do not allow it out.. Since there is NO REASON for any of their customers machines to talk outbound from their network on 25 - NONE!!

Any sane person would be encrypting any traffic they are sending outbound to some other smtp server. An would not be affect by any block -- only spam coming from the client machine trying to directly talk to the mail servers for domainA, domainB, domainC, etc..

Sorry there is no way for a infection to get around the the fact that it can not talk outbound on 25 to send mail.. What it would have to bounce off some proxy outside the network using a different.. Kind of defeats the whole purpose of infecting machines to send your spam for you -- so you do not have to provide servers to do it, etc.

Blocking outbound on 25 from the ISPs network is COMMON, Legit an very effective way of reducing the spam flowing from their network.. If they are doing that -- then they should be allowing you to talk to their servers on different ports for sending email through them.. If not -- then you need to contact your HOME isp, or find a ISP that provides for their users to send email from their servers when not on their network, be it different ports (SSL, TLS) or some other open port -- as suggested sometimes 26 is used. But that would be bad advice since you should be encrypting any traffic to this server when not on the ISPs network - if not always.

The on the road ISP your on, is normally not going open up 25 for you.. But your home ISP should be allowing inbound to their sending smtp serves on different ports for their on the road users, etc.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.