Slashdot Mirror
They Blocked My SMTP, Now What?
mindsuck asks: "As of this Wednesday, my ISP blocked my port 25, leaving my mailserver useless to the outside world as a consequence of spammers and their nasty worms. So I decided to ask the nice people of Slashdot. What can I do now to restore my smtp service, besides changing ISPs, is there a obscure way to run a mailserver off a non-standard port? What about services similar to those provided by dyndns.org for this kind of situations? Pros and Cons of using this services? Should I move my MX to a more 'stable' server than my homegrown one?" This topic was last touched upon in this article, from 2002. It's been over a year since SMTP blocks have become commonplace. Have you noticed a slowdown in your SPAM? Are ISP SMTP blocks really helping the problem? Updated: It looks like Charter is also blocking SMTP. Might there be a way to work with your ISP to get them to unblock port 25 for you, if you can sufficiently satisfy them that you are not a spammer?
Krondor wrote in with a similar query: "Charter Communications (in my area) has blocked outbound SMTP connections. I need to be able to send Email to other SMTP servers, besides theirs, for a number of legitamate reasons. My question is this; How can I either still send SMTP to the places I need to, or how can I convince Charter to unblock outbound SMTP (I can understand blocking inbound SMTP without ACK bit set)? They do provide a relay, but won't my messages get labelled as SPAM if I use that? I am also concerned because, this relay is not encrypted with SSL and I don't necessarily trust Charter with that."
them spammers have bots spider all available IP addresses probing for open relays, so there will never be a world free of open relays. as long as there's one out there, it'll get found.
only when the world realizes that most spamming can be taken care of through laws meant to prevent deceptive or false marketing (which most spammers who resort to open relays partake in) will things really improve.
If you want a practical service it MUST be port 25. If you can't offer port 25, either you need to use someone else's smtp server or to change ISP.
1000s Warcraft Gold while you sleep
Okay, the person asking the question is clearly talking about incoming traffic, as he mentions MX records and the like. The editor, on the other hand, seems to be talking about outgoing traffic, which is a completely different kettle of fish.
I wish more ISP's would block email. I get so much spam through my company mail server that originates off of DSL/Cable internet services. Combine that with the recent worms that turns infected computers into spam relays. I think it should common practice to push all outbound mail through the ISP's mail server.
And yes you can run it on non-standard ports. 26 is fairly common.
/* oops I accidentally made a comment, sorry */
... and then use a smarthost (another box that sends mail on your behalf) to send the mail for you. I haven't heard of anyone blocking SMTP-SSL.
.... but if you got a few buddies with your own mailservers you can chip in on one on a host somewhere, or find a trustworthy friend that will let you relay.
This sucks because you need a box outside your network to do this
Not the perfect solution but you at least get _some_ semblance of control.
and be sure to let them know exactly why you are leaving when you cancel your account.
First set your smtp server on a different port.
Second find a machine with net access outside of your isp.
Third make an ssh tunnel from that machine to your machine.
That should work perfectly. But nothing is guaranteed.
The GeekNights podcast is going strong. Listen!
The ISP is trying to prevent your host from being an open SMTP relay, by shutting down inbound port 25.
Although this helps a little bit in the fight against spam, the effect is not as large as your ISP thinks. Spammer/cracker gangs nowadays use viruses to infect zombie hosts (virii typically use ports 80 to infect IIS, or ports 135-139 to infect the CIFS filesharing). Once on your machine, these virii can easily send out spam on outbound port 25, no matter if your ISP blocks the inbound port or not.
Explain this to them, maybe they'll reconsider...
(Yeah,right).
I used to use noip.com for DNS stuff. They have a mail reflector service that'll accept mail on their mailserver at port 25 and forward to your mailserver on a non-standard port. It worked okay for me, but the problem arose that cable/dsl residential IPs are listed in many of the spam blacklists. So I ended up with some ISPs I could not send mail to. Ended up upgrading to a small office commercial connection. My servers don't violate the acceptable use policy anymore, I can host anything I want (within reason) and I don't have problems with blacklists.
Something like this.
Works well as a backup in case your isp goes down too.
RMX, a new DNS record type which lists authorized senders for a particular domain, would have a huge impact in blocking mail with a spoofed sender address. Of course, then spammers could still register their own domains to send from, but those could also be easily blocked, and it would be easier to find the spammers who registered the domain.
I think this has a lot of potential, unlike the other bazillion idiotic non-solutions that have been proposed, like X-mulct headers, for example.
include $sig;
1;
I work for a major cable ISP here and we are also having problems with spamming trojens. I have blocked all known proxy ports from outside, and things were bit quite for some time, but for past 2 - 3 months lots of spam is going out of our network. To solve it we do not want to block the customer's out going smtp completly, but now we are thinking of putting temp blocks on customers who's outgoing smtp traffic exceeds a certain limit.
:(
These spammer bastards are making our life hell
raj
Sarovar.org Hosting for open source projects in Indi
They block tcp ports for their benefit. Normally ISP would offer business plans which have not much difference from domestic plan except for fix ip(s), guarantee uptime and fewer restrictions on use.
E.g. My ISP is so flexible that it has incremental business plans for opening each smtp, http, ftp, etc. ports for a fee. The most expensive of all is unrestricted tcp services, which are normally needed by medium-to-large companies.
You might find the strategy being unfair to domestic users, but they've to differentiate their services from business plans which earn them huge profit.
May be your ISP would offer seperate plans for opening tcp ports. Granted you might have to pay premium, but that might be better than trying to circumvent their network against the TOC.
My ISP is pretty friendly to people running their own servers. Maybe you should just send them a friendly letter explaining your problem. Then they can keep track of you so that they know you aren't sending spam. If they can't open the port just for you, maybe they could set up some port forwarding, or even the SSH tunneling that other people have suggested.
Keep in mind that if you want to pay commodity prices for a service, you are going to get a service that has been sanitized and developed for the masses. What you're asking is essentially the same as "How can I get WinXP-home to work as a good server?".
If you want to connect to outside SMTP servers, you'll either have to go with a smaller ISP that doesn't have paranoid, 'we're not going to be the front for spam' policies in place (and make a sacrfice, be it limited dialing area, higher prices, or whatever) or tunnel out to a server that will allow you to connect to foreign SMTP servers.
Besides, if you have dynamic IP on your box, you probably shouldn't be running an SMTP server to begin with.
This sig no verb.
I have a colocated server. When my ISP (Cox) did this, I couldn't connect to port 25, but I didn't want to set my laptop to go to Cox's server (which won't work when I'm not at Cox.) What I finally did was setup my mail server to run on port 1025 as well as port 25, and pointed my mail program to that. It would be fairly trivial to do a similar setup in sendmail.
"He who would learn astronomy, and other recondite arts, let him go elsewhere. " -- John Calvin, commenting on Genesis 1
For recieving mail, I understand the need to have a dedicated server, but I have always wondered why it is considered standard and okay to send outgoing mail through a seperate server. It doesnt make sense to me at all- why do e-mail programs not just connect directly to the servers they are trying to send mail to?
(this is just ignorance, I'm actually wondering why)
-- 'The' Lord and Master Bitman On High, Master Of All
It's unclear to me what exactly you're trying to do. I run Mydomain, and forward my accounts from there to a pop server. My computer then goes to the pop server and downloads the mail. A perl script then looks at the "for" in the first "Received" header, and forwards the message to sendmail. This is good enough for me, because I don't use the incoming IP address information. If you do, you might have to adjust your scripts accordingly.
Once a month or so, I get a message from the mail server "Delivery unsuccessful: Unknown recipient 'relaytest%security.rr.com'". If they find an open relay, then they'll do something about it; otherwise, I'm free to run my mail server.
Then I ran into the problem where my email address, short and begins with 'a', was a popular choice for the last round of viruses. I eventualy had to block about 40 DSL and cable modems at my firewall.
Then my trafic was over 99% dropped packes, effectively denying service.
I finally gave up and hosted my email with hostforweb, which supports mailman and spam assasin. I blame microsoft, for still not realizing that computers in general, and the net in particular, is often a shared resource.
You say that "I need to be able to send Email to other SMTP servers, besides theirs, for a number of legitamate reasons."[1] If it's not too personal, would you care to mention what those reasons are? I don't mean to troll, I just really fail to understand why anyone can't use their server as a SMTP relay. Why do you think that your mail will be marked as spam if you use it? As long as the relay is not open for everyone to use, then you're safe. Please tell me you're not so stupid as to think relay==open relay.
:-P
[1]notice how nice I am not to point out your horibel speling
Here is how I run a mail server out of my home with port 25 blocked. For incoming mail: My domain will forward any number of e-mail addresses. I have different addresses forwarded to either my cox.net address, hotpop.com, or any of a number of other free POP3 services. On my server, I have an application (free) called poproute that runs every 10 minutes and queries all the pop3 accounts and then sends the mail directly to my internal SMTP server. All the mail goes to the proper internal mailboxes. This gets me around port 25 incoming being blocked. Outgoing Mail: Outgoing mail was very easy. I just set up my mail server to use a smart host and have my smtp server forward outgoing mail to the cox.net server. Cox.net will accept my mail because I am on the inside of thier network, and will then forward it on as if I sent the mail from any mail client. Hope this helps..
Get Net Code 6.1, which halves your ping times, and you'll just about break even.
I had this happen to me, too, and I use Dynu as my MX, and you can set it to auto-forward my mail from there, to a non-standard port on your host (which for me, the first stop is my firewall, so I have my 'non-standard port' port-forwarded to 25 on my mail machine).
It's not free, unfortunately, ($20 a year I think), but the nice thing is that they'll store 100 MB of email if for some reason they can't deliver it to your host - and since my mail is all done off of my cable, and I live in a weird area (My power was out for 8 hours yesterday because of the intense winds we were having (I live in Maryland)), it's a nice solution for me.
[DISCLAIMER: This post is a work of satire and should not be misconstrued as a holy text upon which to base a religion.]
I was going to write a quick reply about how ssh could be used to do this, but then I saw that it was PhysicsGenius.
So, in the PhysicsGenius vein, I'll just point out that if you had your mail program use a tachyon stream that ran backwards in time, you could sidestep the ping time problem entirely, by ensuring that the app always ran in 0 time.
Since your ISP blocked your mail gateway, ask them to smart-host you.
No sig
Enumerate these reasons. I, personally, can't think of many reasons where a residential user needs 25 outbound, when using the network mailservers as a smarthost will work fine.
Vintage computer games and RPG books available. Email me if you're interested.
I work for a major cable ISP here and we are also having problems with spamming trojens. To solve it we do not want to block the customer's out going smtp completly
I work for a small ISP. We worked around this problem a little differently..
Instead of blocking outbound SMTP, we opted to transparently proxy outbound SMTP sessions to our mail server.
The mail server does connection-rate throttling, and if the load on the server exceeds 'normal', the on-duty admin gets paged, so he can check the mail queue to see where the problem is - if it's a spam run, we shut off the ability for that customer to send SMTP, and purge the spam from the queue.
This has worked exceedingly well for us - the one time someone's machine has been used for spam (in the past 3 years), we were able to shut it off with only 2 spams making it out of our system.
I don't know how well it would scale for you, but it should be do-able.
It sounds like the original poster's ISP is blocking inbound traffic to port 25 on his own server -- that's why he raised the question of SMTP on a different port (which, by the way, is mostly useless).
The updated article, with the bit about Charter blocking direct outbound SMTP connections, should not be much of a problem for the casual home user - even those that wish to run their own inbound SMTP server. Simply set the SMTP server up to use the designated smarthost.
Moreover, many MTAs now reject incoming mails received directly from an ISP's dynamic IP address ranges. For instance, the RBL at dynablock.easynet.nl is being used by a default SpamAssassin configuration (score 2.6 or so). So even if your ISP did not block outbound SMTP, the recipient may never actually get your message if you send it directly from your IP address.
If you are concerned with security (cfr. the reference to SSL), you really ought to encrypt your messages (with PGP or similar).
-tor
There are a couple of justifications for this. Some are probably more realistic than others.
My cable-modem ISP (Cox) blocks outbound 25. This is a minor only a minor issue to me because Cox's outbound mail servers are generally:
I receive mail with co-lo servers that are part of my business.
The comment of not trusting outbound relaying because they might look at it is a bit misplaced. Looking at internet traffic is pretty easy for anyone with the desire and means to do so. If you send outbound SMTP on your cable modem, your ISP can look at the packets if they have the desire to do so (and I doubt that this breaks any laws). It does not really matter if they relay the traffic or not. They have physical access to the network, so they can sniff either way. On the other hand, they are pretty unlikely to do so unless they are asked by some governmental agency. Basically, sniffing such large amounts of data is uninteresting to them, so why would they bother. If you are worried about eavesdropping on email, encrypt.
In your case, I suspect that the blocks have two reasons:
Inbound blocks to 25 are just an enforcement to a no servers rule. I suspect that there are also blocks on 80 and perhpas a bunch of others. In all fairness, I would hate to run a mail server in-house on a cable modem. Mail is just too important to me, and I don't trust my in-house systems to be up 24x7. That is what co-lo is for.
Outbound blocks to 25 are an attempt to slow down spam. Specifically, they prevent hacked home systems from becoming SMTP relays. In general, this is probably a good thing and most users with hacked boxes never know the damage they are doing.
Your only real solutions that you have are:
None of these are 100% free or pretty, but the bottom line is that you are using your cable-modem line in a manner that doesn't fit your provider's pre-conceived image of the type of user they have/want.
On the other hand, the solutions above are not necessarily that expensive either. You can get email hosting with adequate access for <$10/mo, co-lo virtual servers for <$15/mo, and full dedicated co-lo servers for <$100/mo.
Ah, but it takes many single irate letters to create the loud cry you speak of.
You're right, of course. Still, I think unless you can get some guarantee from others to 'match' your letters, I think you are wasting your time. It sounds like the original questioner has already resigned himself to the fact that he has neither the time or desire to organize some kind of protest to the ISP. I can sympathize -- I'd do the same thing in his place. My original message was a response to sweetooth who seemed to suggest that writing a letter to the ISP was going to somehow improve the greater common good.
My opinion is that you should either put some effort into massing an organized response to the ISP or you should just drop it. I think the idea of sending a letter and telling yourself that you did "the right thing" because other people are going to do the same is delusional.
GMD
watch this
I don't want free as in beer. I just want free beer.
You don't get any more of a commodity than, "here's the pipe...there ya' go...you're on your own!" It's when they start adding things that it becomes less of a commodity from their end.
And that's where the problem comes in. Most of these providers define the service as the pipe and everything else is value-added, i.e. not guaranteed. You think you'll get a refund if your mail goes down for a month? Read the fine print!
Consider looking at at www.dyndns.org's Mailhop package where they are the MX server of record (with port 25 open) for all your mail and then they redirect all your email traffic to your non-standard port, say 2525.
/etc/rc.d/rc.firewall-2.4 iptables script, it creates the port redirection.
/etc/postfix/main.cf
Then use a NAT/IP-Masquerading/firewall setup on your box (iptables) to redirect port 2525 to port 25 for any incoming smtp traffic.
This method has the benefit of having two available ports for smtp. Port 25 for everyone behind the NAT/IP-Masquerading/firewall box and Port 2525 for all those on the outside. This way ALL other services and clients (behind the firewall) use the std port 25 for their smtp settings and you dont have to change any Postfix configurations.
By adding these two lines to my
echo " Creating SMTP(Mail) Port Redirect from port 2525 to port 25"
iptables -t nat -A PREROUTING -p tcp --dport 2525 -j DNAT --to 192.168.0.1:25
Also be advised that Postfix/RH9 comes with the config file locked down to receive only smtp traffic from localhost. You need to change the following settings to something a little less restrictive,but hopefully not too permissive as to become an open relay.
Config File:
inet_interfaces = all
mynetworks_style = subnet
----
After I set the redirect up, I ordered DynDNS.org's mailhop package. Well a half-hour later after requesting/paying for it, I was receiving email on port 2525.
To be fair, I already started pointing my purchased-elsewhere-domain at their DNS servers a few days previously, and DNS properly propagated in that time frame. So perhaps its much simpler if you let them manage both domain and mailer-relay.
Total Cost = $60 (25/Custom DNS + 40/Mailhop Package - 5/Discount for both packages)
Money well-spent in my opinion! Its been about two-three months with NO hiccups or lost mail that I have known about.
Wouldn't it be easier to just have the MTA listen on the other port?
Pick up the latest 2600 (Fall 2003) from Barnes & Noble or online. There's an entire article on how to get around your ISP's port-blocking stupidity.
--
You just made my day, that was great...
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
I'm a sysadmin for a large ISP, and let me tell you, the benifits of blocking inbound & outbound SMTP for residential customers is a god send. We implemented outbound SMTP restrictions more than a year ago, and more recently also added inbound SMTP. Since a great number of the viruses/worms out that spam (either regular spam or to replicate itself) use their own SMTP engines, this stops them dead in their tracks, since they can't mail out (unless they go out another port). I really wish other ISPs would do this as a standard for their residential users. I do run my own mail server at home (I'm not on a residential account), and 99% of the spam I do get is from residential customers/dynamic IP space (of which, probably 75% of the spam I've received in the last couple of months has been from Comcast. I'm seriously thinking of blocking all their IP space and only allow their known MTAs. When I put in blocks to block all of APNIC, my spam reduced more than 50%)
It's better to burn out than to fade away
You know, rather than blocking all IP's owned by ComCast, you could filter your mails via the RBL at dynablock.easynet.dl. This lists dynamic IP ranges given out by the likes of Comcast for residential customers. Indeed, ComCast & other ISPs are the ones contributing these address ranges to the maintainers of that RBL.
-tor
I still run my own server, I can set up whatever filtering I want, other machines on my network never have to be reconfigured, but now all my mail is immediately forwarded through my ISP's mail server instead of being delivered directly.
BTW; My ISP doesn't block port 25 but many other ISP's won't accept mail from dialup and ADSL connections. I got sick of the bounces.
455fe10422ca29c4933f95052b792ab2
but check out: MailHop from DynDns. They'll "proxy" your domain at port 25 and forward it to your real IP at a non-standard port.
Yes, it's a pain to pay more money, for less bandwidth, just so you can have an Internet connection that allows you to host your own servers.
Pay for it. I am. And all of my friends have cablemodems that have twice the download speed than my DSL line.
o/~ Join us now and share the software
For sending mail you can use IPv6, most ISP's have no idea what IPv6 is and ignore it (and pass it through). If you use IPv6 address mapped IPv4 addresses (ie: ::FFFF:1.2.3.4) to send mail, then it will be routed out via IPv6, then someone running a IPv6 to IPv4 relay host will convert it for you back to IPv4 to talk to the remote host.
Alternatively, use IPv6 to a host you control outside your ISP that can use SMTP AUTH to let you realy. Or use IPsec to a host you control outside your ISP. Or better yet, use IPv6 AND IPsec to outside your provider.
NO-IP.COM has a service that looks like it does what you're looking for: reroute messages traveling on port 25 to the desired port.
http://www.no-ip.com/services.php/mail/smtp
Oh, I forgot, you may have to use a no-ip.com domain, although you can probably use an existing domain.
Port State Service
21/tcp filtered ftp
22/tcp open ssh
23/tcp open telnet
25/tcp filtered smtp
53/tcp filtered domain
80/tcp filtered http
135/tcp filtered loc-srv
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
515/tcp filtered printer
1433/tcp filtered ms-sql-s
12345/tcp filtered NetBus
17300/tcp filtered kuang2
27374/tcp filtered subseven
31337/tcp filtered Elite
Looks like they need a laxative. Badly.
(Not sure why they left 443 open, but I'm happy they did! Hopefully, it must be open both ways to establish the connection or something, or they're too dumb/lazy to get around to it.)
There are really two seperate cases being discussed here, so let's be clear:
* ISP is blocking outbound port 25 traffic, except to their mail server ("smarthost" as it's known.) In this case, you cannot send mail directly. THe solution is to relay through your ISP's smarthost. If you can configure one of the various forms of authentication then usually you can send as any email address, so you don't have to worry about your domain name not being the same as your ISP's. You can also use a third party's smarthost, such as if you're paying for webhosting space for your website. It's best to do SMTP over SSL, but if your smarthost does not support this then many hosts will allow incoming traffic on port 26, so that your ISP's block does not stop you. You'll still have to setup authentication of some sort.
* ISP is blocking inbound port 25 traffic. This is harder to work around, and affects running your own mail server to receive incoming mails, as opposed to just sending mails directly as above. I'd say if you're running a mailserver on a cable modem you're probably doing yourself a disservice, and most likely breaking your TOS/AUP. It's a disservice in that I certainly wouldn't want to have to worry about losing emails when I take my computer down or want to play a game. You may disagree, or you may have a dedicated machine for receiving mail.
You can achieve the same effect, however, by having your mail delivered to some other host or dropbox, and then using a tool such as fetchmail to poll that dropbox regularly and deliver the messages to your local spool. This will have all the same effects as running your own mail server in that you can still have mail delivered to users or aliases, and procmail recipies (etc.) all work as expected. The only thing you can't really do is message rejection at delivery-time, which is a shame as this is the only really effective way of making your point to spammers. But that's another topic...
Most of these responces are something like "I can't for the life of me figuer out why you want to do this therefor you shouldn't do it" Or "It's just a bad idea to run a mail server on a cable modem" The person asking the question is obviously some kind of geek (or he wouldn't be asking questions of /.) and has his own reasons for wanting to do this. Either answer the question do don't waste your time replying.
My only solution to this problem is to use smartforwarding with the company that hosts my webserver. I'm looking for another company that will provide me with full internet access insted of the crap that ATT/Mediaone/whateveritscallnow is providing me.
I posted a nearly identical question a while ago, when AOL (and others) started to reject SMTP connections from what they determined were dynamically assigned IP addresses. Take a look at the thread:
/ 23 27248&mode=nested&tid=126
http://ask.slashdot.org/article.pl?sid=03/04/19
I was hoping to find a "virtual" mail ISP which would allow me to relay my outgoing mail (preferably in a encrypted tunnel, but I'm not holding my breath). Instead, I ended up configuring postfix to relay only mail destined to problem addresses (mostly aol properties) through my ISP's SMTP relay. I know this isn't the same problem you're having, but some of the solutions are the same.
Tried sending through the school's SMTP host with From & Reply-To set to her "hosted" address. Refused to relay.
Our host set up an additional port, in the hopes that they just blocked the standard port. I can telnet from her machine to the host on that port, but MozMail can't make the connection.
Then my VNC connection got cut off, so I had to stop testing things. Seems like they blocked those ports too. She's down to only being able to use HTTP, FTP, and IM protocols as far as I can tell.
So my ISP start blocking all *inbound* traffic on port 25 to avoid the exploit of poorly configured servers. I ran a mailserver for quite some time and without notice I was cut off early August 2002.
My first 'solution' was using Eric S. Raymond's fetchmail. My domain name registrar let me choose to define a MX host for my mail, or to have all mail forwarded to an existing pop account. So I changed it to the latter and let fetchmail empty that pop box on a 15 minute interval from my mailserver. Fetchmail examines the headers of every individual e-mail, rewrites the headers and submit it to localhost which was cut off in the first place.
This works quite nice, but has some side effects like BCC's which couldn't be resolved anymore and ended up in the 'main' account. Still, it works out fine, provided that you have an e-mail account you can use. I had one which came with my ISP.
So I stumbled upon no-ip.com. They provide a mail-reflector which reroutes e-mail to a port of my choosing. So I made them the primary MX host for my domain and let my mailserver listen on a high-port. Works like a charms for over a year no without any problems. I'm sure there are others who provide similar services.
Martijn
31.69 nHz = once a year
But couldn't we use the deflector dish ?
We had an identical situation with BT Openworld a couple of years ago.
The user community was pretty damn organised though and a mass boycott was threatened. True, BT Openwound (they've earned that name)had performed a number of spectacular cock-ups recently, so a compromise was reached. They twice daily scanned all IPs they owned for open mail relays, any found had inbound SMTP blocked.
If you're too dumb to secure your mail server, you're too dumb to run one was their attitude and the user community agreed.
Charter was mentioned as one of the SMTP blockers. I happen to blacklist Charter already, due to earlier spam incidents that I consider unresolved, and protect my private mailbox that way. Learning about them beating up their own customers isn't going to change that.
On the contrary, I'd be happy to blacklist any ISP known to give their customers a hard time, even if I haven't seen a single piece of spam from them! I don't need inbound SMTP myself right now, but I may need it in the future, and it would be good if my future ISP has had some incentive to keep port 25 open from the beginning and learned how to manage that situation.
I offer access to my mailbox free of charge, but not indiscriminately to everybody on the planet. Sending me junk mail is one way of opting out from a business relationship with me. Beating up your own customers (my friends and fellow netizens) for no good reason at all is another.
Access to my personal mailbox in particular is not important to any ISP (except perhaps my own). However, access to millions of unimportant mailboxes just like mine should be important to any ISP offering "e-mail access" to its customers. There is no point in me spending all my time maintaining a private blacklist used by me only. However, by using a public blacklist maintained according to criteria accepted by me, I make a minor sacrifice in terms of accessibility for the benefit of helping to put an uncooperative ISP out of business sooner rather than later. In the long term, the wellbeing of an individual ISP (or their particular customers) is not important. Standard practice of operating an ISP is.
So, who wants to set up this particular blacklist?
The idea that you need to not use your ISP's SMTP server because "it's not encrypted" is almost laughable.
Almost nobody supports SSL on their SMTP servers anyway, so you'll be sending unencrypted mail anyway. With the few people to whom you are sending encrypted mail, you'd be better served by encrypting the emails than the servers, because you'll be better able to control that (what if they break their setup and are no longer accepting encrypted SMTP? Will you even notice?)
Don't give me the "they can snoop my mail" rap, either; it's all going over their network. If it ain't encrypted, it can (and probably occasionally does) get snooped.
On the other hand, preventing random users from sending out email directly is a big help in enforcing anti-spam AUPs. As I'm sure you've noticed, a growing number of systems on the other end are refusing inbound email from dynamic IP ranges. Large ISPs are starting to cooperate with the anti-spam blacklists by providing those IP ranges, too. You're fighting to preserve a decreasingly relevant preference. Give up.
About the only legitimate reason to send your own mail is troubleshooting, and it doesn't outweigh the anti-spam issues. Get over it, you're not going to get your ISP to change.
Except that your customers pay for _connectivity_, you fucking asshole.
I want to delete my account but Slashdot doesn't allow it.
Yeah, and your point? For 99.9% of RESIDENTIAL customers, this doesn't affect them in the least.
Viruses/worms cause networks and servers to slow down to a crawl, affecting everybody. Without such blocks in place, everyone gets affected. With the blocks in place, only a handful of users are affected. So we are assuring connectivity FOR EVERYONE. And I'm not even mentioning the "no server" clause of the AUP. The only reason a port 25 block would affect you is if you are running a mail server, which is against the contract that you agreed upon when signing up.
If you want to run servers, then you would need to upgrade to business class, where there are no such blocks.
It's better to burn out than to fade away