Slashdot Mirror

← Back to Stories (view on slashdot.org)

They Blocked My SMTP, Now What?

Posted by Cliff on from the is-the-solution-worse-than-the-disease dept.

mindsuck asks: "As of this Wednesday, my ISP blocked my port 25, leaving my mailserver useless to the outside world as a consequence of spammers and their nasty worms. So I decided to ask the nice people of Slashdot. What can I do now to restore my smtp service, besides changing ISPs, is there a obscure way to run a mailserver off a non-standard port? What about services similar to those provided by dyndns.org for this kind of situations? Pros and Cons of using this services? Should I move my MX to a more 'stable' server than my homegrown one?" This topic was last touched upon in this article, from 2002. It's been over a year since SMTP blocks have become commonplace. Have you noticed a slowdown in your SPAM? Are ISP SMTP blocks really helping the problem? Updated: It looks like Charter is also blocking SMTP. Might there be a way to work with your ISP to get them to unblock port 25 for you, if you can sufficiently satisfy them that you are not a spammer?

Krondor wrote in with a similar query: "Charter Communications (in my area) has blocked outbound SMTP connections. I need to be able to send Email to other SMTP servers, besides theirs, for a number of legitamate reasons. My question is this; How can I either still send SMTP to the places I need to, or how can I convince Charter to unblock outbound SMTP (I can understand blocking inbound SMTP without ACK bit set)? They do provide a relay, but won't my messages get labelled as SPAM if I use that? I am also concerned because, this relay is not encrypted with SSL and I don't necessarily trust Charter with that."

6 of 132 comments (clear)

  1. Use your ISP for SMTP or change ISP by Captain+Kirk · · Score: 5, Informative

    If you want a practical service it MUST be port 25. If you can't offer port 25, either you need to use someone else's smtp server or to change ISP.

    --
    1000s Warcraft Gold while you sleep
    1. Re:Use your ISP for SMTP or change ISP by BrynM · · Score: 4, Funny
      It's funny. I saw your nick was "Captain Kirk" and ended up reading your post envisioning William Shatner.

      (holds out hands as if pleading) "If you... want... a practical... service... itMUSTbeport25(!). If you... can't... offer... port25... either you... need... tousesomeoneelse's... smtp server... or... to... change... ISP!"

      Shatnerizing speech is fun! I'm going to have to do that more often. Thank... you(!)...

      --
      US Democracy:The best person for the job (among These pre-selected choices...)
  2. Move to SMTP over SSL by reaper20 · · Score: 5, Insightful

    ... and then use a smarthost (another box that sends mail on your behalf) to send the mail for you. I haven't heard of anyone blocking SMTP-SSL.

    This sucks because you need a box outside your network to do this .... but if you got a few buddies with your own mailservers you can chip in on one on a host somewhere, or find a trustworthy friend that will let you relay.

    Not the perfect solution but you at least get _some_ semblance of control.

  3. Change ISPs by sweetooth · · Score: 4, Insightful

    and be sure to let them know exactly why you are leaving when you cancel your account.

  4. Re:I wish more of them would by grunthos · · Score: 5, Insightful
    my ISP blocked my port 25
    Incoming, outgoing, or both? The workarounds can be different depending on which it is.
    And yes you can run it on non-standard ports. 26 is fairly common.
    Except that the great wide world can't send mail to you if you're listening there. The sender has to be specifically configured for that.

    One thing I'm doing as a backup to my main connection is (everybody get ready to cringe) UUCP over TCP port 540. It's an easy config in the Unix/Linux world with Taylor UUCP. Sendmail handles it fine. No, no bang paths-- just plain domain names.

    This would be a workaround for a problem on incoming mail. In my case, my primary MX record points to my mail server, and my secondary MX points to my UUCP relay site (bungi.com). If a sender can't connect to me, they go to the secondary where it queues. I run an hourly UUCP poll over TCP, which picks up anything waiting. If my main connection went down or were blocked, I could retrieve incoming mail with any generic PPP dial-up account.

    I know, sounds kludgy, but it works fine.

    This would work as a workaround for outgoing blockage also, but it would be much easier to use your ISP's outgoing mail server.

    --

    My son's 5th grade teacher actually assigned them "write a limerick about a planet". I'm not kidding.
  5. ISP don't want home users to run "servers" by DDumitru · · Score: 4, Informative
    Many ISPs don't want home user to run servers or services that are not traditionally considered a part of the home internet experience. Some of the restrictions in the AUPs can get pretty ugly. Here are a couple of examples:
    • Some don't let you run tunnels to telecommute and run office applications remotely.
    • Most don't let you run public servers like web, email, ftp, etc.

    There are a couple of justifications for this. Some are probably more realistic than others.

    • They want to sell you a more expensive business account
    • They want to prune out the high-volume users that burn a lot of bandwidth
    • They want to avoid the DCMA requests for takedowns and other legal (both real and imagined) stuff.
    • They are really trying to reduce spam
    • They assume they know more about what you need than you do

    My cable-modem ISP (Cox) blocks outbound 25. This is a minor only a minor issue to me because Cox's outbound mail servers are generally:

    • Reasonably reliable
    • Don't mind my sending mail using my domain names

    I receive mail with co-lo servers that are part of my business.

    The comment of not trusting outbound relaying because they might look at it is a bit misplaced. Looking at internet traffic is pretty easy for anyone with the desire and means to do so. If you send outbound SMTP on your cable modem, your ISP can look at the packets if they have the desire to do so (and I doubt that this breaks any laws). It does not really matter if they relay the traffic or not. They have physical access to the network, so they can sniff either way. On the other hand, they are pretty unlikely to do so unless they are asked by some governmental agency. Basically, sniffing such large amounts of data is uninteresting to them, so why would they bother. If you are worried about eavesdropping on email, encrypt.

    In your case, I suspect that the blocks have two reasons:

    Inbound blocks to 25 are just an enforcement to a no servers rule. I suspect that there are also blocks on 80 and perhpas a bunch of others. In all fairness, I would hate to run a mail server in-house on a cable modem. Mail is just too important to me, and I don't trust my in-house systems to be up 24x7. That is what co-lo is for.

    Outbound blocks to 25 are an attempt to slow down spam. Specifically, they prevent hacked home systems from becoming SMTP relays. In general, this is probably a good thing and most users with hacked boxes never know the damage they are doing.

    Your only real solutions that you have are:

    • Convince your ISP to open the ports up. They probably won't do this.
    • Use your ISP's mail server and pull messages from it with POP/IMAP or similar
    • Switch ISPs, perhaps to a business-type account with static IPs and no filtering
    • Use an outside mail server that does not have these restrictions.

    None of these are 100% free or pretty, but the bottom line is that you are using your cable-modem line in a manner that doesn't fit your provider's pre-conceived image of the type of user they have/want.

    On the other hand, the solutions above are not necessarily that expensive either. You can get email hosting with adequate access for <$10/mo, co-lo virtual servers for <$15/mo, and full dedicated co-lo servers for <$100/mo.