mojoman

Expert Member
Joined
May 15, 2007
Messages
1,430
All of sudden my emails (being sent using Vodacom smtp) are now being quarantined with the message as below, anyone else having this issue?

I love the line about 'collateral damage', the only damage being done is to my business as I cannot send out enquiries now and wasting time means losing possible sales. :mad:



A message from ************
to: **************

was classified as SPAM or BULK and placed in quarantine.

Our internal reference code for your message is *********************

The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification.

We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on either side.
 

grim

Expert Member
Joined
Jan 6, 2006
Messages
3,733
Because they intercept your SMTP traffic and force it through their server?

Um no they don't, just tested it now. If I try to connect to a SMTP server I hit the one I'm looking for and not the Vodacom SMTP
 

ambo

Expert Member
Joined
Jun 9, 2005
Messages
2,683
Um no they don't, just tested it now. If I try to connect to a SMTP server I hit the one I'm looking for and not the Vodacom SMTP
Could you explain this then:
Code:
telnet smtp.mweb.co.za 25
Trying 196.11.146.149...
Connected to [B]smtp.mweb.co.za[/B].
Escape character is '^]'.
220 Welcome to [B]smtp1.vodamail.co.za[/B] ESMTP
 

morkhans

A MyBroadband
Super Moderator
Joined
Jun 22, 2007
Messages
10,865
I agreed with the principal that anyone with a dynamic IP should:
1) Connect to their SMTP server of choice using authentication or
2) Relay mail via their ISP or
3) Be prevented from making direct port 25 connections
Lots of spam comes from cannons on dynamic IPs that come and go. ISPs taking charge of this inside their networks goes a long way to reduce spam.
 

ambo

Expert Member
Joined
Jun 9, 2005
Messages
2,683
3) Be prevented from making direct port 25 connections
Blocking port 25 I don't have so much of a problem with. I actually think its a pretty reasonable solution in some cases.

Intercepting traffic through spoofing tricks is a completely different kettle of fish however.
 

morkhans

A MyBroadband
Super Moderator
Joined
Jun 22, 2007
Messages
10,865
It's the unfortunate compromise you have to make when dealing with end users who won't understand that it's for their own good.

You understand what a monumental task it will be to block port 25 completely and then educate people on how to send mail correctly, so I'm not sure what the alternative is.
 

ginggs

༼ つ ◕_◕ ༽つ
Super Moderator
Joined
Jun 26, 2006
Messages
12,117
You understand what a monumental task it will be to block port 25 completely and then educate people on how to send mail correctly, so I'm not sure what the alternative is.
iBurst seem to block port 25 to any server other than their own. Chances are the mail server you were trying to connect to would block you anyway because your IP address is from a foreign network.
 

morkhans

A MyBroadband
Super Moderator
Joined
Jun 22, 2007
Messages
10,865
iBurst seem to block port 25 to any server other than their own. Chances are the mail server you were trying to connect to would block you anyway because your IP address is from a foreign network.

For relay most likely, but not delivery.
 

grim

Expert Member
Joined
Jan 6, 2006
Messages
3,733
Could you explain this then:
Code:
telnet smtp.mweb.co.za 25
Trying 196.11.146.149...
Connected to [B]smtp.mweb.co.za[/B].
Escape character is '^]'.
220 Welcome to [B]smtp1.vodamail.co.za[/B] ESMTP

Did some more testing, I see that only happens when you use the Vodacom DNS servers. I always use the Google DNS servers so I can connect to them instead of the Vodacom SMTP.

Default Server: google-public-dns-b.google.com
Address: 8.8.4.4

> smtp.mweb.co.za
Server: google-public-dns-b.google.com
Address: 8.8.4.4

Non-authoritative answer:
Name: smtp.mweb.co.za
Address: 196.28.80.20

> server 196.207.40.165
Default Server: dns1-cte.3g.vodacom.co.za
Address: 196.207.40.165

> smtp.mweb.co.za
Server: dns1-cte.3g.vodacom.co.za
Address: 196.207.40.165

Non-authoritative answer:
Name: smtp.mweb.co.za
Address: 196.11.146.149

That's just plain f'dup form Vodacom to do that.
 

ginggs

༼ つ ◕_◕ ༽つ
Super Moderator
Joined
Jun 26, 2006
Messages
12,117
i.e. block port 25 completely? What do you think the [non-technical] public response is going to be to that?
They have to fill in a username and password to fetch mail anyway, so what's the difference?
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,197
If you block port 25, email will stop flowing.

All email servers does not authenticate with each other, it "trusts" the other email server not to be sending spam.

It is this trust that the spammers are abusing.

Mweb (and some ISP's), basically, blocks port 25 on their home ADSL lines so spambots will be unable to send their nasty payloads without authenticating. A workaround (and one which is recommended) is to use port 587 (or 465) to send your mails from your email client to the host's SMTP server (if you're NOT an Mweb mail user).

I had this headache with my own line (using Mweb uncapped) but prefer to use Gmail for my emails etc. Had to switch to port 465 instead of port 25.

See attached image for an example.

smtpport.jpg
 

The_Unbeliever

Honorary Master
Joined
Apr 19, 2005
Messages
103,197
From Wikipedia :

Ports

Server administrators choose whether clients use TCP port 25 (SMTP) or port 587 (Submission), as formalized in RFC 6409 (previously RFC 2476), for relaying outbound mail to an initial mail server. The specifications and many servers support both. Although some servers support port 465 for legacy secure SMTP in violation of the specifications, it is preferable to use standard ports and standard ESMTP commands[16] according to RFC 3207 if a secure session needs to be used between the client and the server.

Some servers are set up to reject all relaying on port 25, but valid users authenticating on port 587 are allowed to relay mail to any valid address.

Some Internet service providers intercept port 25, redirecting traffic to their own SMTP server regardless of the destination address. This means that it is not possible for their users to access an SMTP server outside the ISP's network using port 25.

Some SMTP servers support authenticated access on an additional port other than 587 or 25 to allow users to connect to them even if port 25 is blocked, but 587 is the standardized and widely-supported port for users to submit new mail.

Exchange Server 2013 has an SMTP service listening on ports 25, 587, 2525, 465 and 475 depending upon server role and function. Port 25 and 587 for server and client connectivity, and 25 or 2525 and 465 on the Mailbox role for accepting internal SMTP connections (from other Exchange Servers in the organization), where 25 is the Hub Transport service for receiving SMTP from other SMTP servers and 465 is the Hub Transport service for receiving proxied connections from clients connected to the CAS Frontend Transport service. On servers that have the Client Access role (CAS) and the Mailbox role installed on the same machine 25 and 2525 are in use - 25 for the Frontend Transport role (a CAS feature) and 2525 for the Hub Transport service rather than port 25 running for both Frontend Transport and Hub Transport services. Port 475 is the Mail Delivery service and this is an SMTP server that takes email from the Hub Transport service and places in the mailbox databases on the local server where it is running.

http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
 

ginggs

༼ つ ◕_◕ ༽つ
Super Moderator
Joined
Jun 26, 2006
Messages
12,117
If you block port 25, email will stop flowing.
No, as an ISP you simply block outgoing port 25, so no traffic can leave your network on port 25, unless it goes to your own mail server.
 

ambo

Expert Member
Joined
Jun 9, 2005
Messages
2,683
Mweb (and some ISP's), basically, blocks port 25 on their home ADSL lines so spambots will be unable to send their nasty payloads without authenticating. A workaround (and one which is recommended) is to use port 587 (or 465) to send your mails from your email client to the host's SMTP server (if you're NOT an Mweb mail user).
The problem is that Vodacom isn't blocking or redirecting port 25. They're SPOOFING the DNS.

Anyone wanting to legitimately send mail via port 587 to smtp.mweb.co.za (like the thousands of people with @mweb addresses) gets a cryptic error when using a Vodacom connection while it works perfectly from everywhere else:
Code:
telnet smtp.mweb.co.za 587
Trying 196.28.80.20...
Connected to smtp.mweb.co.za.
Escape character is '^]'.
220 relay02.smp.mweb.co.za ESMTP Exim 4.80.1 Thu, 14 Mar 2013 18:08:09 +0200
 
Top