Comcast blocking inbound and outbound port 25

[dgalbraith100]

I am posting this here because I suspect there are alot of computer people that read this board.

I run a server on my comcast connection, have done so for the last 3 years. Two days ago, comcast started blocking all outgoing port 25 emails. No big deal, they provide a workaround to talk to port 587 with authentication. So I configure my server to do that.

Turns out, instead of just outbound port 25 blocked (which makes sense to cut down on spam)... They also block inbound port 25 as well. (which has no value other than annoying customers).

So now I can no longer receive any email to my server. Here is a snippet of my chat session with their rep:

---------------------
Trish(Mon Aug 11 10:58:26 MDT 2008)>I understand what you're saying David, but if you're not needing assistance regarding the Comcast email address and possible issues with receiving or sending email. We cannot assist you.

Trish(Mon Aug 11 10:58:38 MDT 2008)> Comcast must limit its support to the Comcast High-Speed Internet service. This means we will support your connection to the Comcast High-Speed Internet network and the software included on your Comcast High-Speed Internet CD-ROM.

David_(Mon Aug 11 08:58:50 MDT 2008)>you have blocked port 25

David_(Mon Aug 11 08:58:56 MDT 2008)>this is your issue.

David_(Mon Aug 11 08:59:01 MDT 2008)>you have broken my internet connection.

Trish(Mon Aug 11 10:59:03 MDT 2008)>That is correct.

Trish(Mon Aug 11 10:59:10 MDT 2008)>I do apologize for any inconvenience this may have caused you.

David_(Mon Aug 11 08:59:47 MDT 2008)>and how are you going to fix it?

David_(Mon Aug 11 08:59:54 MDT 2008)>I need port 25 unblocked.

Trish(Mon Aug 11 11:00:04 MDT 2008)>We are not going to fix it David.


So basically they broke my connection and are not going to fix it. So I am canceling my comcast connection and moving to Qwest.

What a crock of ....

Laters,
-d.

​

 

[Marquette]

Do you have their business class or residential class service?

 

[dgalbraith100]

I have residential class, but the server I am running is my family server... so it isn't exactly a business server.

laters,
-d.

 

[Marquette]

You're violating their terms of service and acceptable use policy if you're running a server on their residential class. Look at it this way, they're not singling you out, they're blocking everyone that's violating their TOS without regard to how bad the violation or how good the reason for the violation.

You are doing the right thing by searching for a company with terms of service that better match your needs. Their business class service may have a TOS that better matches what you need as well.

 

[dgalbraith100]

Then they should have said something about it to me. Like, having a server isn't allowed in the terms of use... I wouldnt have been happy, but at least they would have given me a "legitimate reason"... but instead, they simply say, "we broke it on you, and we aren't going to fix it" and "this is to help stop spam". I agree they didn't single me out. (Easy to see all the complaints on the Internet about them doing this).

Instead of offering anything to resolve the problem, they simply say, we aren't going to fix it. Also, of note... when I signed up in the first place, there was not the server restiriction. This appears to be new text:

- use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network ("Premises LAN"), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers


These pretty much say you can't share any content to the outside world, except for sending email from your PC.

What I remember it saying when I signed up, which is still in there, right beneath the bullet above.

- use or run programs from the Premises that provide network content or any other services to anyone outside of your Premises LAN, except for personal and non-commercial residential use

Of course given the first bullet, you pretty much can't serve anything beyond your LAN anyway.

So while they didn't single me out, they did single anybody out running a webserver, email server, any type of server with information on it of any kind. So if you are running a webserver for your family photos... to bad for you. Have a mail server running so that all your family has one "fixed" email address that doesn't change all the time... to bad for you.

While this isn't a huge number of comcast customers, I wouldn't be suprised it if is 10% or so that will eventually be impacted. (They aren't doing this all at once, they appear to be rolling out the blocks a little bit at a time, starting sometime last year). They are doing it under the "Stopping Spam" pretext.. which is totally BS since incomming port 25 has nothing to do with stopping spam... its an attempt to generate $$ by forcing people to move to business class accounts. Well I am not buying, they are losing me as a customer all together. No more cable TV, no more Internet. They were already expensive. I can get twice the speed out of DSL for the same cost, so I guess this was just the push I needed to switch.

Goodby comcast, good luck with your money grab, I hope it pays off for you.

-d.

 

[FIREd]

Unrelated, but I have to vent.

It's funny someone posted a Comcast thread this morning. I spent two weekends in a row with no cable TV and no internet (which really just adds up to a whole list of problems I have had with them in the past three years). I called the local 24/7 number on my bill. No one is ever answering the phone there. I scheduled a service call on their national 1-800 number. No one showed up. I have permanently lost half the HBO and Encore channels I am paying for and they can't fix it (the problem has been going on for 6 months now). Last tech guy who came to checkout my cable modem played on the computer for 2 hours before telling me he couldn't fix it. When I went to the local office to pick up a new modem the phones were ringing off the hook and no one seemed to care. They were all watching the big screen TV installed in front of their desks (I wish my work could that stressful!). And the cherry on the cake is that they have just increased their rates for a second time this year.

So this morning I was shopping for another cable/internet provider. I've had it with Comcast.

 

[socca]

For the first 9 months I had ComCast VoIP service, it was just about useless due to poor voice quality and randomly lost packets during the call. They finally got around to fixing it. I was going to go with Verizon's new fiber optic service, but that has had a host of problems, too (according to the local press). I'm satisfied with ComCast for the time being.

I'm using port 110 for incoming and outgoing e-mail. ComCast is messing around with their ports, because another port I was previously using suddenly stopped working a week or so ago.

 

[donheff]

I used to maintain a family web server in my basement and paid for business class DSL to make sure I wouldn't get hosed. My guess is that, if you read the user agreement Comcast made you sign, you would probably find a line advising you that you could not run any servers. You probably agreed not to access any torrents or serve as a P2P peering point and stuff like that also.

 

[popowich]

Turns out, instead of just outbound port 25 blocked (which makes sense to cut down on spam)... They also block inbound port 25 as well. (which has no value other than annoying customers).

I am a mail admin for a tier 2 provider.

An argument can be made that it protects their network from abuse since it makes vulnerable mail servers within the Comcast network harder to reach.

I'm not saying I agree with their policy.

You can get around it by finding a mail provider that will provide a port forwarding service for your e-mail.

If you find that you can not fix the problem yourself, for a small donation to my web site funds I'd be more than happy to set up such a service for you.

Yes, it would be stable and easily forward to whatever port you want to run your mail server on.

-Raymond

 

[Dudester]

I am posting this here because I suspect there are alot of computer people that read this board.

I run a server on my comcast connection, have done so for the last 3 years. Two days ago, comcast started blocking all outgoing port 25 emails. No big deal, they provide a workaround to talk to port 587 with authentication. So I configure my server to do that.

Turns out, instead of just outbound port 25 blocked (which makes sense to cut down on spam)... They also block inbound port 25 as well. (which has no value other than annoying customers).
​

They actually do some even more nasty things with people who run SMTP servers on their home computer. I run an SMTP server at home, mainly used as part of my technique for automatically downloading email from Hotmail etc (I have an app that downloads email from Hotmail and forwards to my SMTP server -- I can read Hotmail on my email client without paying extra bucks to Hotmail for POP access). I don't use my SMTP server to communicate with Comcast or anybody else except myself.

A few months ago, I accidentally send some mail through my SMTP server to a former co-worker at work (this is not too hard to do with Apple's email client). My former employer's email system bounced the email back to me and said in effect that I was a creep and a slimeball.

It took me awhile to track down what happened. It turns out Comcast has informed a database of email spammers that all of Comcast's DHCP IP addresses are used by known spammers. My former employer uses the database to screen incoming email. Since my email originated, according to the headers, at my Comcast IP address, which is that of a "spammer" according to the database, my former employer's email system bounced my email.

Thus, merely changing ISPs may not ensure that your SMTP server will be useful. There may be additional techniques in effect besides port blocking.

 

[popowich]

Were you added to a blacklist of known spammers, or added to a DUL list of known dynamic and dialup addresses? The later does not mean that you are a spammer, but is a service provided to those that chose to make part of their policy not to accept e-mail from dynamic addresses. Basically they want to force you to use your ISP's smtp relays. All of the above is optional for all, so it's not a big deal. What stinks is when those dynamic lists make mistakes and start including static and business IP addresses in their lists.

-Raymond

 

[Dudester]

Were you added to a blacklist of known spammers, or added to a DUL list of known dynamic and dialup addresses? The later does not mean that you are a spammer, but is a service provided to those that chose to make part of their policy not to accept e-mail from dynamic addresses. Basically they want to force you to use your ISP's smtp relays. All of the above is optional for all, so it's not a big deal. What stinks is when those dynamic lists make mistakes and start including static and business IP addresses in their lists.

-Raymond

I was being very general in my description to avoid excessive detail. The problem that I had was long enough ago that the specifics are a bit hazy. It may very well have been a DUL list.

However, it is a "big deal" if it prevents one from doing something that's legitimate.

Another problem with the DUL list thing is that it seems to be partly a security thing. One of the principles of security seems to be not give the bad guy any clues about what the bad guy did wrong, so it's hard for the bad guy to circumvent the security measure. This made it hard for me to figure out what I did wrong. In my case, what I did wrong was send external email via my SMTP server. However, I thought that I had used Comcast's SMTP server. It took me several days to sort out what the problem was.

The problem with calling it a dynamic IP address issue is that when I signed up for my service I was informed that even though my IP address was served by a DHCP server, the server always served the same address. In effect, I had a static dynamic IP address (which would of course be really great for running your own SMTP server). I haven't checked lately to see if my dynamic address is still static.

 

[cute fuzzy bunny]

Theres a way to get comcast to give you a new IP address, if your modem allows it. At least this USED to work. You go into the modem and change the modems MAC address to something else and let it get an address. Wait five minutes or so, although you might have to wait longer. Then change the address back to its original. You should at that point get a different IP address from their DHCP server than what you had originally.

Of course, if you randomly pick the wrong MAC address, you could cause some seriously interesting problems...

 

[dgalbraith100]

If you are a comcast customer you can "clean" your email though smtp.comcast.net 587, send the AUTH and your email becomes "blessed" from a non-spammer location. Then you can send email to/from anywhere. The email won't get rejected based on the IP of the sender. You can also pay a small fee to lots of places for this same service. (1and1 comes to mind).


This doesn't help when the ISP blocks incomming email though. The only way around it is to have a mailhop like Raymond mentioned. (It appears dynDNS can do this if I decide that is the way to go). Or... switch to an ISP that doesn't have near the restrictions that comcast has.

Laters,
-d.

 

[popowich]

Off topic: This thread inspired me to start a new forum today. Thanks!