Internet Solutions clears up port 25 ADSL blocking concerns

I still get time-outs now and then (one day it was off all day while another day it was off for a hour or two) when using port 25 so I've changed all my email accounts to use alternative ports and no longer have any issues. Emails to Axxess and Afrihost regarding this have simply been ignored. Strange as I send 20 - 40 emails daily to clients and I don't see how this can be considered spam.
 
I really feel for their abuse dept, they must get countless blacklistings on their IP addresses because of this. Not sure what else to add.
 
IS clears up port 25 ADSL blocking concerns

Internet Solutions says it has no plans to block port 25 on its network – it is merely used in a few cases to stop spam

I think I got caught by that last night. I've been trying to clean a friends computer (16 different trojans all installed at the same time!), and one of them was sending spam too. My wife couldn't send her email for an hour or so.

I disconnected the PC from the LAN pretty sharpish when I realised what it was doing, but obviously not fast enough.

As an aside, if there are any Linux/OpenWRT experts here, how do I prevent a single computer from sending email?
 
It really ought to be blocked. Port 25 shouldn't be used for mail submission!
 
And then ports 26 through xxxxx gets used for spamming and we all get to go back to snail mail, wonderful.:wtf:
You idiots need to stop the spam at its source - the users responsible,not block or change ports that affect everyday internet users.
 
And then ports 26 through xxxxx gets used for spamming and we all get to go back to snail mail, wonderful.:wtf:
You idiots need to stop the spam at its source - the users responsible,not block or change ports that affect everyday internet users.

Amen!
 
What a daft article. "custom port for their email needs." ??

By "custom port" the author means the standard port 587 as defined in http://www.ietf.org/rfc/rfc2476.txt dated 1998?

Different hosts may use different ports: some use 26, some use 587 and some use 2500. RFCs are hardly set in stone: local parts of an email address should, according to RFC 2821, be case-sensitive (even though they discourage it in the same document :wtf:). Most service providers, however, do not impose this case sensitivity on their mail servers.
 
It really ought to be blocked. Port 25 shouldn't be used for mail submission!

And then ports 26 through xxxxx gets used for spamming and we all get to go back to snail mail, wonderful.:wtf:
You idiots need to stop the spam at its source - the users responsible,not block or change ports that affect everyday internet users.

The thing is that not many people need the ability to connect directly to port 25 from a residential ADSL line. VERY few people actually run their own SMTP server at their home, and arguably, they shouldn't anyway, with the cost of hosting being so low.

The big difference between access to port 25/26 and 587(LMTP) is AUTHENTICATION.

To submit an email to your ISP (or your personal hosted email server) for relaying to its final destination should only require access to port 587(LMTP), and should be authenticated.

To deliver an email to a final destination requires access to port 25/SMTP, and is NOT authenticated. This is what the spammers are counting on.

If more and more ISP's block outbound SMTP from the residential customers, who, let's face it, make up the vast majority of machines on the internet, and are also the most difficult to track down (dynamic IP) and ask to stop spamming, the less spam there will be on the Interwebs.

The next evolution in spamming will be to use the user's credentials to connect to their own LMTP server. At which point it becomes the ISP's problem to detect customers sending spam through their mail servers (because they will end up with their primary mail server being blacklisted), and they can either contact their own customer, for whom they should have contact details, or simply bounce all and any mails from those customers until they contact them to find out why.

Then we are just left with spammers using non-residential connections, which are also typically fixed addresses, and can simply be blacklisted.

I'm struggling to see a downside here. Can someone enlighten me?

Note: I'm not advocating that ISP's should only allow LMTP to their own mail servers. It should be sufficient to allow LMTP to any server, so long as those servers are requiring authentication. And I can't really imagine anyone in this day and age who would set up an LMTP server without requiring authentication. And if they do, that fixed IP server would get itself blacklisted pretty quickly anyway.

What am I missing?

Added:

I suppose that ISP's are wary of blocking customers who are connecting to existing SMTP servers on port 25, and forcing them to fix their configurations. I don't suppose it would be that difficult to route all SMTP traffic through a transparent proxy (much like HTTP is now), and verify that all outbound mail is first authenticated.
 
Last edited:
The thing is that not many people need the ability to connect directly to port 25 from a residential ADSL line. VERY few people actually run their own SMTP server at their home, and arguably, they shouldn't anyway, with the cost of hosting being so low.

The big difference between access to port 25/26 and 587(LMTP) is AUTHENTICATION.

To submit an email to your ISP (or your personal hosted email server) for relaying to its final destination should only require access to port 587(LMTP), and should be authenticated.

To deliver an email to a final destination requires access to port 25/SMTP, and is NOT authenticated. This is what the spammers are counting on.

If more and more ISP's block outbound SMTP from the residential customers, who, let's face it, make up the vast majority of machines on the internet, and are also the most difficult to track down (dynamic IP) and ask to stop spamming, the less spam there will be on the Interwebs.

The next evolution in spamming will be to use the user's credentials to connect to their own LMTP server. At which point it becomes the ISP's problem to detect customers sending spam through their mail servers (because they will end up with their primary mail server being blacklisted), and they can either contact their own customer, for whom they should have contact details, or simply bounce all and any mails from those customers until they contact them to find out why.

Then we are just left with spammers using non-residential connections, which are also typically fixed addresses, and can simply be blacklisted.

I'm struggling to see a downside here. Can someone enlighten me?

Note: I'm not advocating that ISP's should only allow LMTP to their own mail servers. It should be sufficient to allow LMTP to any server, so long as those servers are requiring authentication. And I can't really imagine anyone in this day and age who would set up an LMTP server without requiring authentication. And if they do, that fixed IP server would get itself blacklisted pretty quickly anyway.

What am I missing?

Added:

I suppose that ISP's are wary of blocking customers who are connecting to existing SMTP servers on port 25, and forcing them to fix their configurations. I don't suppose it would be that difficult to route all SMTP traffic through a transparent proxy (much like HTTP is now), and verify that all outbound mail is first authenticated.

Agreed, though the majority of those who relay mail out from dynamic public IP ranges get denied by the mail server they are connecting to using RBLs... spam that successfully gets through these days uses smarter means. Open Proxies are detected and blocked quickly, as are mail servers relaying from dynamic ranges.
 
Agreed, though the majority of those who relay mail out from dynamic public IP ranges get denied by the mail server they are connecting to using RBLs... spam that successfully gets through these days uses smarter means. Open Proxies are detected and blocked quickly, as are mail servers relaying from dynamic ranges.

Do you have a reference for that claim? Not calling you out, just I find it interesting, and would like to find out more.
 
RFCs are hardly set in stone
If they weren't the internet would be a very dysfunctional network. They might be imperfect in some isolated instances (curious to see the references to the claims you make), but that's not an excuse to forgo common sense, and even less of an excuse to ignore otherwise correct RFCs.
 
Last edited:
And then ports 26 through xxxxx gets used for spamming and we all get to go back to snail mail, wonderful.:wtf:
You idiots need to stop the spam at its source - the users responsible,not block or change ports that affect everyday internet users.
Forcing mail submission through a dedicated port means that it can be given the special treatment that it needs and it prevents the mass of internet hosts (users) from bypassing a central relay that is able to account and limit their individual submission volumes. You really should read up on how mail servers work.

Obviously first prize is to stop spam at the source. You don't need to get up on your derogatory high horse and preach the obvious to anyone, and to do so without the slightest consideration of how to achieve that is simply laughable. Come up with a viable means of eliminating spam at the source and you'll have an attentive audience.
 
The thing is that not many people need the ability to connect directly to port 25 from a residential ADSL line. VERY few people actually run their own SMTP server at their home, and arguably, they shouldn't anyway, with the cost of hosting being so low.

Your theory is sound, but in pratice is means everyone needs to have the very latest emial clients installed and some might need to have new programs written to replace older custom programs. Not all mail clients can use authenticated smtp. There are also a whole wad of users that use a local relay agent on their own network that does store & foreward of the mail for them ( so that by the time you get home your mail is already waiting for you ( ala fetchmail ), and when you hit send, you dont have to wait for your it to hit your provider, becasue your local agent is handling it for you ( ala exim ) )

These all act as proper smtp relays and all operate on port 25....
 
Your theory is sound, but in pratice is means everyone needs to have the very latest emial clients installed and some might need to have new programs written to replace older custom programs.
Untrue. Are you able to cite real examples to support your ludicrous theory?


There are also a whole wad of users that use a local relay agent on their own network that does store & foreward of the mail for them ( so that by the time you get home your mail is already waiting for you ( ala fetchmail ), and when you hit send, you dont have to wait for your it to hit your provider, becasue your local agent is handling it for you ( ala exim ) )
Fetchmail supports SMTP authentication since v5.0 released in 1999.
Exim supports delivery with SMTP authentication since v3.10 released in 1999.
 
Top
Sign up to the MyBroadband newsletter
X