comcast blocking smtp25
Don Levey
lug at the-leveys.us
Fri Jul 15 10:55:27 EDT 2005
discuss-bounces at blu.org wrote:
> On Thu, Jul 14, 2005 at 11:48:09PM -0400, David Hummel wrote:
>>> I don't see any reason not to use the smart host, which solves
>>> both problems.
>
>
> I can see a whole *lot* of reasons to avoid using the smart-host
> supplied by an ISP whose primary business is to sell you
> connectivity. Comcast and its ilk do not earn a penny providing you
> with a reliable, secure email service; in fact it costs them a lot of
> money, manpower and aggravation to keep the "smart" host running at
> all. If you send all your mail out through a poorly-maintained
> server (aka single point of failure), you can expect occasional
> reliability problems; periodic acceptable-use policy updates that
> force you to change something; and security holes a mile wide that
> could enable unauthorized users or government officials to snoop on
> your email.
>
The model they use is for the "average" home user who sets up their Outlook
Express to connect directly to the Comcast SMTP server to send (and receive)
email. They base their decision on this model. Secure, safe email? Most
likely not. Frequent downtime? Less likely - else all their users would
whine.
I use RCN, so I don't work with Comcast. In my situation, RCN blocks
outbound port 25; I smarthost my outgoing mail. This means that my server
is as secure as I can make it and simply uses the RCN server as a relay -
any difficulty with security would be limited to the times I am connecting
to send mail out. I am able to receive email directly on my server; my MX
record points there. I'm running anti-spam software, virus software, and a
whole bunch of custom-maintained blocking/filtering lists.
I've not ever run across an AUP that affected me - yet. Snooping on email?
What makes you think that you're not still vulnerable? They still own the
hardware, up to the point it connects to your house. They could, if they
want, capture all the packets that enter/leave your home. Sending encrypted
email might help - with both situations. I've not had reliability problems
that weren't system-wide.
> I just plain won't do it.
>
Fair enough. Out of curiosity, does the Comcast terms of service permit a
user to operate a server within their network?
> So when SORBS picked up my network address for selective spam
> enforcement, what I did was search around for a reliable SMTP relay
> provider. I also reconfigured my system to use exim (most use
> Postfix) instead of sendmail. The results are very pleasing.
>
> The one I chose is operated by dyndns.com, at a cost of $15/year for
> the volume of mail that I send. I configured my outbound rules to
> make direct SMTP connections to certain sites to which I send a lot
> of mail and which don't try to screen out my IP address, and the rest
> of my mail via the relay service.
>
> -rich
>
This is very good to know - thank you.
-Don
More information about the Discuss
mailing list