Smart Broadband now blocking outbound port 25 (SMTP)

Cliph

It came to my attention over the weekend that Smart Telecom broadband are filtering outbound traffic on port 25, the SMTP port. This prevents me from sending email using my own servers.

I will be raising this as an issue with technical support later today as this behavior is not acceptable to me. I would have done so at the weekend but apparently the weekend number for support is a 1550 one :eek:

I will be asking, at the very least, that they disable this behavior for either my account or for the hosts I require access to.

Sponge Bob

they may have 'thought' you were a spam zombie

RangeR

Cliph wrote:

I will be asking, at the very least, that they disable this behavior for either my account or for the hosts I require access to.

Unlikely, but possible. If they've blocked it, they had a reason. Why not use their mailserver for outbound email?

IDMUD

This is common practice among all well managed isps around the world. Set up your server to relay smtp through smarts public server.

ntlbell

IDMUD wrote:

This is common practice among all well managed isps around the world. Set up your server to relay smtp through smarts public server.

The fact that it's common practice does not mean it's the correct practice.

Restricting a service and forcing you to use smart's outgoing smtp is not "well managed"

Cliph

ntlbell wrote:

The fact that it's common practice does not mean it's the correct practice.

Restricting a service and forcing you to use smart's outgoing smtp is not "well managed"

Finally, a rational response.

I expect my ISP to give me access to the Internet, not a selection of services that they see fit to grant me access to.

IDMUD

ntlbell wrote:

The fact that it's common practice does not mean it's the correct practice.

Restricting a service and forcing you to use smart's outgoing smtp is not "well managed"

The good of many outweighs that of the one

They do this to stop spam, we all hate spam don't we?

Snaga

The problem here is broadband users have become the fastest growing source of spam (Through mismanaged mail servers/virus infections/spyware).

Now if an ISP does nothing about this, their IP space will end up on blacklists and suddenly everyone is blocking mail from the ISP's entire range of addresses. Now guess who gets complained to when this situation arises?

Examples of such lists are www.spews.org, www.spamhaus.org - which a large percentage of sysadmins will use to block mail from those who find themselves on these blacklists.

This is a crazy situation for an ISP to get into, and one of the few ways of being able to control spam is to block outbound port 25.

Now if you run your own mail server - run it on another port - problem solved.

If your joe soap average customer - use the ISP's own mail server.

This way when you are spamming the world thanks to the latest virus, they will be able to identify you and inform you that your infected, while blocking your mail/spam until you are fixed - thus saving their own IP space from being blacklisted.

This is standard practice for many ISP's in the industry (Pretty sure my home IOL Broadband connection only allows port 25 to the BT mail servers too).

Jumpy

Cliph wrote:

Finally, a rational response.

I expect my ISP to give me access to the Internet, not a selection of services that they see fit to grant me access to.

Are you on a business connection?

Cr8or

I put a post up on my blog today about it:

http://jason-roe.com/blog/2006/01/30/smart-telecom-blocking-smtp-mail-port-25/

Its a pain in the arse really.

irishpal25

when you ring the smart 1550 support they take your name and number and ring you back so your on for under a minute. anyway i think smart are unblocking it if you ask them too.

Baud

Check out smart forums

They announced it on that ages ago. I use port 587, the standard SSL/TLS port
for SMTP anyway.

If you're on a static IP you can request your port 25 be unblocked (at a guess, because it's in a different subnet so that if you spam, you're the one who's going to get in the RBLs, not everyone else).

L.

ntlbell

Baud wrote:

Check out smart forums

They announced it on that ages ago. I use port 587, the standard SSL/TLS port
for SMTP anyway.

If you're on a static IP you can request your port 25 be unblocked (at a guess, because it's in a different subnet so that if you spam, you're the one who's going to get in the RBLs, not everyone else).

L.

Announcing it on a forum that less than 1% of smart users actually read is hardly what I would consider good communication, the way they have dealt with this is nothing short of a complete farce.

Just when you thought they were smart, they were just magic....an illusion of a half decent ISP well done smart, congrats, your now just like every other ISP

incompetent.

Xterminator

ntlbell wrote:

Announcing it on a forum that less than 1% of smart users actually read is hardly what I would consider good communication, the way they have dealt with this is nothing short of a complete farce.

Just when you thought they were smart, they were just magic....an illusion of a half decent ISP well done smart, congrats, your now just like every other ISP

incompetent.

Er hello, thats the smart forum for smart customers ?
Ring a bell there ?
Smart customers with questions can check out the smart forum?
You dont think thats good communication eh? Perhaps they should write it on a loo door in town somewhere?

Jeeezze.

X

dub45

ntlbell wrote:

Announcing it on a forum that less than 1% of smart users actually read is hardly what I would consider good communication, the way they have dealt with this is nothing short of a complete farce.

Just when you thought they were smart, they were just magic....an illusion of a half decent ISP well done smart, congrats, your now just like every other ISP

incompetent.

and you have analysed the numbers who use/read it?

How many other isps have a forum where you can get your issues dealt with usually within a day sometimes even quicker?

eth0_

I can see exactly why Smart blocked port 25, and they made a post about it on their forums last week. They're already ending up on blacklists and want to put a stop to it. They don't want to blacklist ports but if customers can't protect their computers, Smart can't force them, this is there only option.

Either:

Run your SMTP on another port (what's the big deal?)

Pay a few euro extra to get a static IP - they will enable port 25 if you have a static IP.

ntlbell

eth0_ wrote:

Either:

Run your SMTP on another port (what's the big deal?)

Pay a few euro extra to get a static IP - they will enable port 25 if you have a static IP.

There's no big deal , it's just large isp's don't like breaking RFC's and changing the port numbers that smtp should be listening on to suit the minority, nor should they have to

Yes lets give them more money to access a service people are all ready paying to access.

Bright spark all right.

ntlbell

dub45 wrote:

and you have analysed the numbers who use/read it?

How many other isps have a forum where you can get your issues dealt with usually within a day sometimes even quicker?

No I haven't analysed the numbers, I'm making a guess, but if someone from smart what's to clarifiy it?

20,000 smart users, most users ever online the smart forum 26, hmm.

I have no idea how many other isp's have forums or how quick they deal with requests, i'm not sure what that has to do with issue tho?

RangeR

ntlbell wrote:

20,000 smart users, most users ever online the smart forum 26, hmm.

Ok, little off topic but I read the smart forums regularly and I haven't created an forum account. I won't until I need to post something or feel the need to reply to someone else. So saying 26 out of 20,000 use it is just wrong. Was that 26, the most ever online at any one time? If so, that doesn't mean anything. It could be 26 different users every 5 minutes.

But I'm not a Smart customer at the moment. Not in my area yet.

eth0_

eth0_ wrote:

Run your SMTP on another port (what's the big deal?)

They block it outbound so how is that going to make any difference...

99.9% of smtp servrs listen only on 25 so how does that help?

ntlbell

IrishTLR wrote:

Ok, little off topic but I read the smart forums regularly and I haven't created an forum account. I won't until I need to post something or feel the need to reply to someone else. So saying 26 out of 20,000 use it is just wrong. Was that 26, the most ever online at any one time? If so, that doesn't mean anything. It could be 26 different users every 5 minutes.

But I'm not a Smart customer at the moment. Not in my area yet.

I never said only 26 users use it, I was stating the most users on at anyone time, of course it could be 26 users every 5 minutes, but i was been slightly realistic, it doesn't seem to be a very active forum.

Lets not try and pretend that a vast majority of joe soap BB users have all suddenly become tech savvy, these are the same users that can't install basic av software or anti-spyware to keep their machines locked down that's causing this problem in the first place.

please.

ntlbell

ronoc wrote:

They block it outbound so how is that going to make any difference...

99.9% of smtp servrs listen only on 25 so how does that help?

I think what the poster was trying to say for the people who run their own smtp server (like it's common practice for average joe soap :rolleyes: )to have that listen on another port.

again rediclous statment.

ntlbell

ntlbell wrote:

I think what the poster was trying to say for the people who run their own smtp server (like it's common practice for average joe soap :rolleyes: )to have that listen on another port.

again rediclous statment.

The OP said it was blocking outbound traffic on 25. You can only use their smtp server to send mail.

You cannot connect to port 25 on any address except smart's server.

Make sense?

ntlbell

ronoc wrote:

The OP said it was blocking outbound traffic on 25. You can only use their smtp server to send mail.

You cannot connect to port 25 on any address except smart's server.

Make sense?

Yes, 7 years of working for ISP's and sense is failing me.

If i have my own SMTP server I can have that listen on a non standard port so smart blocking port 25 makes no difference make sense?

the point i'm making is that average joe BB user does NOT run their own SMTP server so this work around is pointless.

Are we learning yet?

ntlbell

ntlbell wrote:

Yes, 7 years of working for ISP's and sense is failing me.

If i have my own SMTP server I can have that listen on a non standard port so smart blocking port 25 makes no difference make sense?

the point i'm making is that average joe BB user does NOT run their own SMTP server so this work around is pointless.

Are we learning yet?

The keyword here is outbound.

His server listening on 25 is not blocked however it cannot send mail as 25 outbound is blocked.

Running an SMTP server is immaterial except that the SMTP server cannot relay mail to anything except smarts server.

Sponge Bob

ntlbell wrote:

the point i'm making is that average joe BB user does NOT run their own SMTP server so this work around is pointless.

Are we learning yet?

So if port 25 is open on average Joes box and if Joe is not running an smtp server therefore it is probably a spam zombie.

I expect that outbound relays will be forced into the smtp server provided by smart to check that the customer has not been compromised and is spewing out spam or virus email that would get Smart RBL'd , it takes bloody ages to get rid of some of these RBL entries after a cleanup, they are best avoided methinks.

Maybe Herr Flick paid for this port 25 transparent proxy server ...even .

ntlbell

ronoc wrote:

The keyword here is outbound.

His server listening on 25 is not blocked however it cannot send mail as 25 outbound is blocked.

Running an SMTP server is immaterial except that the SMTP server cannot relay mail to anything except smarts server.

Your assuming the SMTP server is on smart's network.

My SMTP server is not on smart's network I AM

So I can have my SMTP server listen on a non standard port it's not on smart's network so doesn't have to worry about what smart block.

Why should I have to do this?

ntlbell

ntlbell wrote:

Your assuming the SMTP server is on smart's network.

My SMTP server is not on smart's network I AM

So I can have my SMTP server listen on a non standard port it's not on smart's network so doesn't have to worry about what smart block.

Why should I have to do this?

I think you have totally misunderstood me.

I'm talking about someone on smarts network.

eth0_

ntlbell if you've been working for ISP's for 7 years and can't get your head around all this, it's worrying.

The fact of the matter is this affects an absolutely minute amount of Smart customers. The majority of Smart customers who are using their own SMTP servers are going to be business customers, with static IP's, who aren't affected by this at all.

If Smart don't do this, their entire IP block could end up blacklisted. Would you rather that?

ntlbell

eth0_ wrote:

ntlbell if you've been working for ISP's for 7 years and can't get your head around all this, it's worrying.

The fact of the matter is this affects an absolutely minute amount of Smart customers. The majority of Smart customers who are using their own SMTP servers are going to be business customers, with static IP's, who aren't affected by this at all.

If Smart don't do this, their entire IP block could end up blacklisted. Would you rather that?

What part do I not understand, enlighten me oh clued in one who's advice is to break RFC's to fix problems.

I pay for a service, that service is being restricted, I got no warning, no letter, no mail....nada...zip....this is terrible communication to customers.

As far as I'm aware the majority of ISP's today in Ireland do not block port 25 and I don't know of any that's had their whole ip space blocked.

Now what part am I having trouble with?

ntlbell

ntlbell wrote:

What part do I not understand, enlighten me oh clued in one who's advice is to break RFC's to fix problems.

I pay for a service, that service is being restricted, I got no warning, no letter, no mail....nada...zip....this is terrible communication to customers.

As far as I'm aware the majority of ISP's today in Ireland do not block port 25 and I don't know of any that's had their whole ip space blocked.

Now what part am I having trouble with?

Break RFCs..... you joking me? The RFC for SMTP defines the protocol, not what you should do with it.

Configure your SMTP server to relay mail to smart's SMTP server. Job done and zero difference.

If you don't want to do that buy a proper dedicated connection and stop lecturing people about things you barely understand.

ntlbell

ronoc wrote:

Break RFCs..... you joking me? The RFC for SMTP defines the protocol, not what you should do with it.

Configure your SMTP server to relay mail to smart's SMTP server. Job done and zero difference.

If you don't want to do that buy a proper dedicated connection and stop lecturing people about things you barely understand.

I was refering to the "change the port your SMTP listens on" comment, nothing to do with relaying.

So stop lecturing people if you can't follow a simple discussion you've tried twice now, slow down and read.

ntlbell

ntlbell wrote:

I was refering to the "change the port your SMTP listens on" comment, nothing to do with relaying.

So stop lecturing people if you can't follow a simple discussion you've tried twice now, slow down and read.

Well I will give you the benifit of the doubt seeing as the OP has not mentioned if his servers are on his home broadband line (what I assumed) or outside smarts network (you assumed). Both are possible.

Draylor

Sounds like the first sensible decision from Smart.

ntlbell

ronoc wrote:

Well I will give you the benifit of the doubt seeing as the OP has not mentioned if his servers are on his home broadband line (what I assumed) or outside smarts network (you assumed). Both are possible.

Well if you watched who I was quoting during the discussion you'll notice I'm not referring to the OP I'm referring to the advice and comments made by etho_

I also didn't assume anything about the whereabouts of anyones SMTP server I was referring to mine.

Eventually you'll get it, keep going tho, you're doing very well.

paulm17781

Draylor wrote:

Sounds like the first sensible decision from Smart.

You're dead right BB and phone for €35 was an awful idea. :rolleyes:

ntlbell

ntlbell wrote:

Well if you watched who I was quoting during the discussion you'll notice I'm not referring to the OP I'm referring to the advice and comments made by etho_

I also didn't assume anything about the whereabouts of anyones SMTP server I was referring to mine.

Eventually you'll get it, keep going tho, you're doing very well.

Well since eth0_ was talking about the original post not your server I think that makes it pretty clear to me.

Maybe you are the one that needs reading lessons eh?
Or 7 more years with a real ISP.

ntlbell

ronoc wrote:

Well since eth0_ was talking about the original post not your server I think that makes it pretty clear to me.

Maybe you are the one that needs reading lessons eh?
Or 7 more years with a real ISP.

Oh now you're all upset. :v:

eth0_ was making general comments on how she understands why they did it and offered the "change the port on your smtp" and the fork out more money options.

come on, I'll hold your hand through the rest of the discussion's so you can get at least one valid point across.

With regards working for a real ISP, I was working in sweden ronoc when I worked for an ISP, I think you'll find we were a little more real there while you still played with your phone

SeaSide

thunderdome??

eth0_

I don't think there's any point getting into a back and forth with ntlbell (I won't call it an 'argument' although ntlbell seems to think she's making people upset...?).

Yes Smart should have communicated this better. But like I said, it affects such a proportion of their users maybe there wasn't much point letting all customers know as it would have caused confusion.

And correct me if i'm wrong, but I don't think you're allowed to run a mail server on the residential DSL anyway!

Blub2k4

eth0_ wrote:

And correct me if i'm wrong, but I don't think you're allowed to run a mail server on the residential DSL anyway!

Well at the very least if you are expecting to run a mail server on a home line you can expect a few restrictions. Why should they bother with Jo soap who is a target for spammers when they know he is a home user who thinks a mail server is the bloke in the post office canteen, when they can put him on a business account with his own IP and let him do what he wants?

In short if you expect the services available to facilitate the running of a business then dont use a residential account and upgrade to a business one, I daresay they may even help you not to have an open relay etc.

ixoy

*Shrug* For what it's worth, Smart informed me via land mail several weeks ago so their communication isn't entirely at fault and they outlined their reason and what to do if it was causing problems (go static and contact them).

cgarvey

Those who are affected represent a tiny minority of customers. They too happen to more likely be the more savvy users who either pay for fixed IPs/business accounts, or (should?) have the know-how/resources to work around this. The vast majority of Smart customers are helped by this move, and Smart's costs are kept down (which can only be good for ALL customers).

So getting your knickers in a twist over some minor port redirection (which has nothing to do with any SMTP-related RFC), is a bit selfish, IMO, when you consider the obvious advantages for the majority of users.

Best practice is to introduce SMTP mail at the access point (Smart in this case), and if you run your own SMTP server you should be authenticating yourself (so that anyone from your dynamic IP can't relay). If you're doing that you should be using encryption. If you are, you'll most likely have the ability to run it on a standard encrypted higher port.

So why the fuss? The 2 minutes to change your client? The inability to run an encrypted mail service? If it's such a big deal that you use your own SMTP server you should have thought about this before now .. what when your on another ISP, or in a net cafe, etc?

The inconvenience suffered by the minority (most/all of whom should have the ability to workaround) vs. the hassle saved for the vast majority of customers. It's a no brainer in my book.

Now blocking pings or something more core, that's a different story.

My 2c

.cg