Mailing List CGatePro@mail.stalker.com Message #98621
From: Uwe Baemayr <cgate@baemayr.com>
Subject: Re: Verizon port 25 block!
Date: Tue, 29 Sep 2009 22:39:15 -0500
To: communiGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Pegasus Mail for Windows (4.51)
Howdy!

On 28 Sep 2009 at 23:38, Michael Wise wrote:

> You can define CGP to listen for SMTP on any ports you like. (although you
> should use a common one) 587 is the RFC-defined submission port, but you
> don't have to use it. Try using something like 2525. My guess is Verizon is
> blocking 587.

Yep, it looks like that, even though they told us on the phone that they are
not and their verizon.net/port25 says to use 587.

On 29 Sep 2009 at 9:07, Fred Zwarts wrote:

> Port 587 is the submission port. For submission, authentication is required.
> (Authenticated SMTP is required.) Port 25 usually does not require
> authentication. Authentication is an additional problem for a spammer to
> solve, so it makes a difference, in particular when a good password strategy
> is in use. Is your client able to send mail using authenticated SMTP? Some
> mail clients have a setting to enable authentication during SMTP.

All the domains we host require authentication, even on 25.  Been that way
for years.  However, I didn't enable SSL for SMTP/POP3/IMAP until recently -
- didn't know how easy it was, and thought I had to buy a special
certificate (like for the website).  But our client can't connect to 587
even when I require SSL on that port so I think Verizon is full of air.

We've fortunately never had a spamming incident that originated on our
server.  Always requiring authentication probably helped.

On 29 Sep 2009 at 7:11, Richard Davis wrote:

> Sounds like your client has a configuration problem using Verizons
> outgoing smtp.
>
> Today most ISPs are blocking outgoing port 25 and forcing users to send
> via the ISP mail servers for outgoing mail.
>
> I have had great success setting a listener on Communigate on port 2525
> (this was originally another smtp port).
>
> Then configure email clients the same as regular only on stmp set it to
> send on smtp port 2525.
>
> I have not had any clients that could not send email from any ISPs this
> way. In fact, I have all my clients configure for port 2525 then no
> worries if they attempt to set up another email client on their home
> computers.

I tried some ports, but nothing over 1000.  Thanks for the tip -- I just
enabled SMTP listeners on 2525, 8025, and 8080 and asked her to give those
ports a shot.  

> When using an ISPs mail server for outgoing mail, the mail shouldn't be
> going to your server at all unless she is sending to herself or other
> users on your server. You just set up the smtp server in the client
> exactly as the ISP says with the only exception being the return address.
> You may need to whitelist the verison service to keep emails to herself
> from being blocked.

She set it up exactly as you described, and used her address on our server
as the return address.  That's what caused our server to reject her message
when she sent a message to herself or CC'd herself.  

I considered whitelisting the Verizon server, but I'm not sure about how
many servers have or their IPs.  That could be an ongoing process -- she may
never get the same one twice.  Plus I hate to open holes that spammers might
be able to take advantage of.

On 29 Sep 2009 at 10:14, Mitchell Kahn wrote:

> You can use any arbitrary port number. Try enabling a port in the 8000  
> range, and use authentication. All telcos around here have blocked  
> port 25 for several years. We have our server set up for port 25 and  
> 8025 and no client has a problem.
>
> I know this is obvious, but many people forget that the mail client  
> also needs to specify the port number (that is the biggest problem we  
> have, especially for people setting up smart phones). This is usually  
> found in the "advanced" settings for SMTP in their mail client.

Yep -- I worried that she wasn't setting up the ports correctly, especially
since I never saw any attempts to access the SMTP ports (25 and 587) in the
Communigate logs.  But she couldn't TELNET to them either, but could telnet
to the POP3 port so I think she was launching that correctly.  I had her
read me the contents of the configuration dialog and she did configure 587
correctly.  

And finally, On 29 Sep 2009 at 16:20, Fred Zwarts wrote:

> Some time ago one of our users tried to use a mail client at home.
> He could not submit his mail to our server. It turned out that his
> provider did not only block port 25, but also port 587.
> I don't understand why, because the submission port is invented
> as an alternative for port 25 to prevent spam by requiring authentication.
> Anyhow, I used iptables on our Linux mail server to redirect port 8080 to
> port 587. It is very unlikely that providers block port 8080, because it is
> often used as an alternative port for http. For this user it was an
> effective work-around.

Hopefully, adding an SMTP TCP listener om 8080 is equivalent.  I'll
hopefully know tomorrow when she gives it another shot.

So far, Road Runner doesn't seem to be blocking any of these ports (I have
no trouble sending on 25 or 587 although maybe they're sniffing the traffic
to make sure it's authenticated), but I'm sure that day is coming.  We are
looking at the static IP idea but that just looks like an attempt by Verizon
to extract more money in exchange to allowing port 25/587 access.  Hopefully
2525 or 8080 will solve the problem.

Thanks to all for your replies.

--- Uwe








Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster