[svlug] Comcast is now blocking inbound port 25 - any suggestions?

Steve Litt slitt at troubleshooters.com
Wed Mar 20 08:31:36 PST 2013

Previous message: [svlug] Comcast is now blocking inbound port 25 - any suggestions?
Next message: [svlug] Comcast is now blocking inbound port 25 - any suggestions?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 19 Mar 2013 14:37:31 -0700
Florin Andrei <florin.andrei at gmail.com> wrote:

> I live in South Bay. My little Linux server at home is connected to
> the Internet via Comcast. I've a little dynamic DNS domain associated
> with its public IP which I use for email, a blog, etc.
> 
> Two days ago, inbound email stopped. I did a few tests - iptables is
> fine, Postfix is listening on all interfaces, etc. However, when I
> tried to initiate a connection from the outside to my server on port
> 25, tcpdump did not register anything, not even the SYN packet. Other
> ports work fine, including 80. This is consistent with something
> upstream blocking incoming port 25/tcp.
> 
> I had a long and unenlightening chat with Comcast support today,
> during which I was given such "advice" as "switch to port 465" or
> "contact IT Support of your DNS server to change the allowable port
> to 25".
> 
> I was eventually told that port 25 inbound is now blocked for all
> Comcast customers "to keep your computer and emails secure". I was
> also informed that "this will also happen soon to other internet and
> email providers to secure all customers' internet and
> emails". I replied I think blocking malware-infected computers and
> open relays is a good thing, but I don't see why I should be punished
> with a crippled Internet link for someone else's bad behavior. No
> avail.
> 
> Anyway. Any suggestions? I'd really like to get my port 25 unblocked,
> that's by far the preferred solution.

Why are you running Postfix? Is it to distribute local mail on your
LAN? Your email didn't say anything about your needing or wanting to
relay email to the greater Internet. I'm not saying they can't be
overcome, but there are security concerns with running (presumably)
nonencrypted SMTP servers on machines connected to the Internet.

The way I do it is have fetchmail grab my email from the ISP, push it
through procmail, which distributes it into a Dovecot tree. Once in
Dovecot, I can read/write my email from any box on my LAN, or, because
I do dynamic dns, anywhere in the world (I encrypt my dovecot).

I'm thinking you could have your local dovecot server for email from
the Internet, and for LAN email continue running your postfix on
whatever port you want. Email clients would then be configured to hit
your dovecot for Internet based email, and mail client folders for local
stuff. Or, you could even configure your procmail so the local stuff
just goes in one more Dovecot folder.

The Dovecot solution has the following advantages:

* Your own IMAP, without relying on gmail
* Trivially easy backup
* Easy access to your email when you're on the road
* Your filters are in procmail, not in the (myriad of) client
* Probably lots of other advantages I can't think of right now

Thanks,

SteveT

Steve Litt                *  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance

Previous message: [svlug] Comcast is now blocking inbound port 25 - any suggestions?
Next message: [svlug] Comcast is now blocking inbound port 25 - any suggestions?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list