ISP blocking port 25.


Recommended Posts

Use SSL or TLS to send your email -- this will normally be open.. For example, gmails smtp is on port 587 an uses TLS.

You sure its your ISP an not some antivirus running on your machine? Mcafee for example by default blocks 25.

But yes quite a few isps block 25 outbound from their network, since you should be using their smtp servers to send email ;)

Failing that - dyndns provides a smtp on different ports

http://www.dyndns.com/services/mailhop/outbound.html

Capabilities and Features

* Alternate outgoing ports: 25, 465, 2525, 10025, and 10465

* Authenticated relaying over SSL/TLS and SMTPS

  • 1 month later...
  nonick said:
What kind of lame ISP that blocks standard port for email? lol wtf?!

Quite a few LARGE ISPs block outbound traffic from their network on 25, since NO users computers should have any use to talk to email servers directly.. They should/would be using the ISPs email servers to send email. If your machine is trying to talk to servers outside your ISPs network on 25, more than likely its infected with something trying to send spam or itself to other users.

For that matter most major email domains would not accept email from a dynamic IP anyway, etc.

Users have little use for talking on port 25 outbound from their ISPs network. If more ISPs did this, you would see a HUGE reduction in spam..

If you need to use a smtp server outside of your ISPs network, then you should be connecting to this server SECURE anyway, ie using SSL or TLS -- which would NOT be on port 25.. Connecting to your an outbound smtp server without the use of encryption sends everything in CLEARTEXT across the public net, quite possible your username an password if your smtp server requires auth -- which most of them do.. Does that sound like something any sane person would want to do??

  Shof said:
26 should always work i think

An where would you have gotten that idea from? 26 is NOT a standard smtp port, nor is it a standard the ISPs would use to allow users from outside their network to talk to their servers on. Yes some do -- but that does not in any way mean "it should always work" :rolleyes:

Unless the smtp server has been specifically set to listen on this port - it would NOT WORK! Now what is a STANDARD is for the smtp server to use SSL or TLS which are standard ports -- an normally would be open for traffic outbound from a ISPs network vs 25.

Well if you have a large infrastructure of servers protected by firewalls that block port 25 directly, and don't offer a way to send email unless you are actually on their network...there's not a ton of ways to scam your way in/out.

Public domains that allow direct connects on port 25 get their servers spammed all day long. We used to get over 25,000 per day (we have 8 people in this company) and went with Postini. We now get about 1,000, all which are legitimate. (Yes, I used the word all - no one here gets spam) We block port 25 for EVERYONE unless it comes from Postini's servers. So unless they find a way around that, our firewall will continue to block that crap all day, every day. I don't see a spammer getting around that without putting more money into a solution than what they'd stand to make out of the ROI.

I wouldn't go as far as to say that blocking ports is never a solution. It takes care of the majority of the needs out there. And if further filtering is needed, it can be done with minimal effort.

Lets also keep in mind there is a HUGE freaking difference between a SMTP server to accept inbound mail for a domain, an one that is setup to SEND email on behalf of users of that domain. Even though they both use tcp port 25, an yes this quite often can be the same server.

Blocking OUTBOUND from a ISPs network on 25 for machines other then their sending SMTP servers is very LEGIT way to curb spammers an more an more ISPs are doing it. Here lets go over the basics.

Lets say your a customer of ISP-X, they give you an email address user@isp-x.com -- to send email from this address you talk to smtp.isp-x.com.. This is on the ISPs network, an so are you -- there is no traffic outbound from their network on 25 needed for you to send email thru this server. Since their server smtp.isp-x.com is allowed to talk outbound from their network on 25, an will deliver the email to whatever domain your sending to.

If your machine gets infected with something that wants to send email directly to other domains, it can not! Since your not allowed to talk outside of the ISPs network on 25.

If you infected with something or just use want to send spam using your ISPs smtp server to relay the email, for starters the from address has to BE yours -- not some made up crap, since the ISPs smtp server will only send email from users@isp-x.com So it would be easy to track the spam sent from your legit from address -- an all the kickbacks to bad addresses would get kicked back to the sending domain. Also most likley your ISP email server limits outbound email per hour, an would notice you trying to send 1000's of emails, etc. Also their server most likely would require you to auth before sending to it.. Some infection more than likely would not be able to do that, etc.

Now lets say your on the road an want to send your email from some other network that does the same thing they block oubound from their network on 25 for anything other than their smtp servers delivering mail to other domains.

That should not be a problem if you were using SSL or TLS to talk to your isp-x smtp server to send mail, since this road network does not block those ports.. Only 25 which is used to deliver inbound email as well as outbound email, the SSL an TLS ports can not be used to deliver email, only for sending it. They accept inbound taffic from anywhere on 25, they just do not allow it out.. Since there is NO REASON for any of their customers machines to talk outbound from their network on 25 - NONE!!

Any sane person would be encrypting any traffic they are sending outbound to some other smtp server. An would not be affect by any block -- only spam coming from the client machine trying to directly talk to the mail servers for domainA, domainB, domainC, etc..

Sorry there is no way for a infection to get around the the fact that it can not talk outbound on 25 to send mail.. What it would have to bounce off some proxy outside the network using a different.. Kind of defeats the whole purpose of infecting machines to send your spam for you -- so you do not have to provide servers to do it, etc.

Blocking outbound on 25 from the ISPs network is COMMON, Legit an very effective way of reducing the spam flowing from their network.. If they are doing that -- then they should be allowing you to talk to their servers on different ports for sending email through them.. If not -- then you need to contact your HOME isp, or find a ISP that provides for their users to send email from their servers when not on their network, be it different ports (SSL, TLS) or some other open port -- as suggested sometimes 26 is used. But that would be bad advice since you should be encrypting any traffic to this server when not on the ISPs network - if not always.

The on the road ISP your on, is normally not going open up 25 for you.. But your home ISP should be allowing inbound to their sending smtp serves on different ports for their on the road users, etc.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • qBittorrent 5.1.1 by Razvan Serea The qBittorrent project aims to provide a Free Software alternative to µtorrent. qBittorrent is an advanced and multi-platform BitTorrent client with a nice user interface as well as a Web UI for remote control and an integrated search engine. qBittorrent aims to meet the needs of most users while using as little CPU and memory as possible. qBittorrent is a truly Open Source project, and as such, anyone can and should contribute to it. qBittorrent features: Polished µTorrent-like User Interface Well-integrated and extensible Search Engine Simultaneous search in most famous BitTorrent search sites Per-category-specific search requests (e.g. Books, Music, Movies) All Bittorrent extensions DHT, Peer Exchange, Full encryption, Magnet/BitComet URIs, ... Remote control through a Web user interface Nearly identical to the regular UI, all in Ajax Advanced control over trackers, peers and torrents Torrents queueing and prioritizing Torrent content selection and prioritizing UPnP / NAT-PMP port forwarding support Available in ~25 languages (Unicode support) Torrent creation tool Advanced RSS support with download filters (inc. regex) Bandwidth scheduler IP Filtering (eMule and PeerGuardian compatible) IPv6 compliant Available on most platforms: Linux, Mac OS X, Windows, OS/2, FreeBSD qBittorrent 5.1.1 changelog: BUGFIX: Don't interpret wildcard pattern as filepath globbing (glassez) BUGFIX: Fix appearance of search history length spinbox (glassez) BUGFIX: Remove dubious seeding time max value (glassez) BUGFIX: Fix ratio handling (glassez) BUGFIX: Fix compilation with Qt 6.6.0 (glassez) WEBUI: Make General tab text selectable by default (dezza) WEBUI: Add versioning to local preferences (Chocobo1) WEBUI: Make multi-rename search & replace fields use a monospace font (Atk) WEBUI: Fix wrong replacement sequence in IPv6 string (Chocobo1) WEBUI: Fix memory leak (bolshoytoster) WEBUI: Fix path autofill in set location and new category (tehcneko) RSS: Mark matched article as "read" if it refers to a duplicate torrent (glassez) WINDOWS: Update command line help message (KanishkaHalder1771) WINDOWS: NSIS: Don't require agreement on the license page (Chocobo1) LINUX: Fix preview not opening on Wayland (Isak05) LINUX: Add fallback for random number generator (Chocobo1) Download: qBittorrent 5.1.1 | Portable | ~40.0 MB (Open Source) Download: qBittorrent 64-bit installer (qt6) | 41.7 MB Links: qBittorrent Home page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Linus Torvalds releases a pretty ordinary Linux 6.16-rc3 by Paul Hill Linus Torvalds, the head and founder of the Linux kernel, has announced the release of Linux 6.16-rc3. This release comes with fixes for new features that were introduced during the merge window several weeks ago, and for old features where issues have been detected or improvements need to be made. If you remember last week, Torvalds said that rc2 seemed smaller than usual, putting it down to people going on vacation. He said this week’s rc3 seems to be in the usual ballpark for this time of the cycle, so everything looks “entirely normal.” In terms of changes, this release is “dominated” by wireless networking and GPU driver updates, however, Torvalds doesn’t think that anything really huge stands out this time. While nothing stands out Torvalds urged people to carry on testing and submitting patches. This update saw improvements to the core system and architecture. There have been improvements to ARM64 KVM that improve stability and correctness of virtualizations on ARM64. There are also improvements to RISC-V KVM and Trust Domain Extensions (TDX) for Intel which expand and secure virtualization capabilities on those architectures. On the graphics front, there are fixes for the amdgpu and amdkfd drivers that fix job handling, engine resets, display corruption, and power management features. The driver used for Qualcomm’s Adreno GPUs has been updated to improve fault handling, display timing, and driver binding. The open-source Nouveau (Nvidia) driver has been updated with fixes for GSP message queue references, potential integer overflows, buffer size adjustments, and a use-after-free bug. Finally, the Intel i915 driver has been updated to address early wedge issues, memory initializations, and build errors. There are also improvements to Wi-Fi devices (ath12k and iwlwifi), sound (ALSA), power management on AMD, and file system improvements (OverlayFS, EROFS, XFS, NFS, SunRPC). Linux 6.16 is due for release at the end of July and will then be picked up by Linux distributions, which will be the first interaction most end users have with the new features in this update. The main benefit of a newer kernel is that Linux will work on newer hardware, so if you’ve had issues with Linux, be sure to try it periodically in case your hardware is now supported.
    • Technically, it should be account-bound after activating it
  • Recent Achievements

    • Week One Done
      urbanmopdubai1 earned a badge
      Week One Done
    • One Month Later
      Jim Dugan earned a badge
      One Month Later
    • First Post
      Johnny Mrkvička earned a badge
      First Post
    • Week One Done
      viraltui earned a badge
      Week One Done
    • One Month Later
      serfegyed earned a badge
      One Month Later
  • Popular Contributors

    1. 1
      +primortal
      649
    2. 2
      Michael Scrip
      226
    3. 3
      ATLien_0
      218
    4. 4
      Steven P.
      150
    5. 5
      Xenon
      145
  • Tell a friend

    Love Neowin? Tell a friend!