[ale] Bellsouth to Speakeasy?

Geoffrey esoteric at 3times25.net
Sat Jan 25 17:28:03 EST 2003


Okay, I am definitely confused here.  When I check out my firewall 
rules, both the outgoing mail and incoming mail for my local smtp server 
reference port 25.  I've not done a lot with this, so excuse the ignorance.

John Wells wrote:
> I agree there seems to be some confusion here.
> 
> Here's what I understand:
> 
> You will not have packets outbound from your mail server with source port
> 25 *unless* those outbound packets are in response to a connection from
> the outside.  Port 25 when regarded with SMTP is a *listening* port, not a
> sending port, unless the packets are reponding to a connection initiated
> when the smtp daemon *hears* some incoming packets with destination port
> of 25 that ask for a session to be created.
> 
> So, it makes no sense to say they will block your source port from going
> anywhere except to their smtp server, because I would never have a packet
> with source port of 25 going to their smtp server (unless their smtp had
> requested the connection).  I would have packets with *destination* ports
> of 25 going to their smtp server, but the source port a higher, randomly
> chosen port number.
> 
> As an example, let's take a look at tcpdump from my mail server.
> 
> First, an outgoing mail:
> 
> 13:43:29.636433 192.168.2.4.49829 > 205.152.58.136.25: S
> 4206921088:4206921088(0) win 5840 <mss 1460,sackOK,timestamp 566909243
> 0,nop,wscale 0> (DF)
> 13:43:29.658558 205.152.58.136.25 > 192.168.2.4.49829: S
> 365776066:365776066(0) ack 4206921089 win 9800 <nop,nop,timestamp 55789175
> 566909243,nop,wscale 0,mss 1412> (DF)
> 13:43:29.658642 192.168.2.4.49829 > 205.152.58.136.25: . ack 1 win 5840
> <nop,nop,timestamp 566909254 55789175> (DF)
> 13:43:29.685673 205.152.58.136.25 > 192.168.2.4.49829: P 1:131(130) ack 1
> win 9800 <nop,nop,timestamp 55789178 566909254> (DF)
> 13:43:29.685742 192.168.2.4.49829 > 205.152.58.136.25: . ack 131 win 5840
> <nop,nop,timestamp 566909268 55789178> (DF)
> 13:43:29.700934 192.168.2.4.49829 > 205.152.58.136.25: P 1:29(28) ack 131
> win 5840 <nop,nop,timestamp 566909276 55789178> (DF)
> 13:43:29.721231 205.152.58.136.25 > 192.168.2.4.49829: . ack 29 win 9800
> <nop,nop,timestamp 55789182 566909276> (DF)
> 13:43:29.726234 205.152.58.136.25 > 192.168.2.4.49829: P 131:227(96) ack
> 29 win 9800 <nop,nop,timestamp 55789182 566909276> (DF)
> 13:43:29.726535 192.168.2.4.49829 > 205.152.58.136.25: P 29:113(84) ack
> 227 win 5840 <nop,nop,timestamp 566909289 55789182> (DF)
> 13:43:29.767298 205.152.58.136.25 > 192.168.2.4.49829: P 227:379(152) ack
> 113 win 9800 <nop,nop,timestamp 55789186 566909289> (DF)
> 13:43:29.767651 192.168.2.4.49829 > 205.152.58.136.25: P 113:861(748) ack
> 379 win 5840 <nop,nop,timestamp 566909310 55789186> (DF)
> 13:43:29.913175 205.152.58.136.25 > 192.168.2.4.49829: . ack 861 win 9800
> <nop,nop,timestamp 55789201 566909310> (DF)
> 
> Note, my smtp process uses a randomly chosen port, with destination port
> set to 25 on bellsouth's smtp server.
> 
> Now, an incoming mail:
> 
> 13:45:24.352872 66.33.1.213.3183 > 192.168.2.4.25: S
> 4193317797:4193317797(0) win 32120 <mss 1412,sackOK,timestamp 1743960275
> 0,nop,wscale 0> (DF)
> 13:45:24.352979 192.168.2.4.25 > 66.33.1.213.3183: S 39359671:39359671(0)
> ack 4193317798 win 5792 <mss 1460,sackOK,timestamp 566967982
> 1743960275,nop,wscale 0> (DF)
> 13:45:27.368294 66.33.1.213.3183 > 192.168.2.4.25: S
> 4193317797:4193317797(0) win 32120 <mss 1412,sackOK,timestamp 1743960575
> 0,nop,wscale 0> (DF)
> 13:45:27.368390 192.168.2.4.25 > 66.33.1.213.3183: S 39359671:39359671(0)
> ack 4193317798 win 5792 <mss 1460,sackOK,timestamp 566969526
> 1743960275,nop,wscale 0> (DF)
> 13:45:27.519191 66.33.1.213.3183 > 192.168.2.4.25: . ack 1 win 32120
> <nop,nop,timestamp 1743960592 566969526> (DF)
> 13:45:27.642502 192.168.2.4.25 > 66.33.1.213.3183: P 1:42(41) ack 1 win
> 5792 <nop,nop,timestamp 566969666 1743960592> (DF)
> 13:45:27.745828 66.33.1.213.3183 > 192.168.2.4.25: . ack 42 win 32120
> <nop,nop,timestamp 1743960609 566969666> (DF)
> 13:45:27.746517 66.33.1.213.3183 > 192.168.2.4.25: P 1:31(30) ack 42 win
> 32120 <nop,nop,timestamp 1743960609 566969666> (DF)
> 13:45:27.746547 192.168.2.4.25 > 66.33.1.213.3183: . ack 31 win 5792
> <nop,nop,timestamp 566969719 1743960609> (DF)
> 13:45:27.746761 192.168.2.4.25 > 66.33.1.213.3183: P 42:69(27) ack 31 win
> 5792 <nop,nop,timestamp 566969719 1743960609> (DF)
> <snip>
> 
> 
> So, there are indeed packets going outbound from my server with source
> port 25, but these are *only* in response to an outside connection.
> 
> As I understand it, this should always be the case.  Never will my mail
> server send mail out with a source port of 25.
> 
> Of course, clarifications and opinions are welcome ;-).
> 
> John
> 
> 
> James P. Kinney III said:
> 
>>If you try and send email directly from your DSL account, that is viewed
>>as spam.
>>
>>The will block your source port 25 from going anywhere EXCEPT their smtp
>>servers.
>>
>>If you want to run your own mail server, you _must_ set up the Smart
>>Host relay to point to the smtp server for your ISP.
>>
>>This is used to allow traffic monitoring of smtp data. If a user account
>>begins spewing 3000 emails a day, they pretty much know it is crap and
>>can block that account quickly and automatically.
>>
>>This above discussion is only relevant to non-commercial accounts. Most
>>commercial accounts have few, if any, filters applied.
>>
>>According to BellSouth docs back when I used them, they block port 25 as
>>discussed above and don't for commercial accounts. I also know that
>>Earthlink does the same. Most of my other ISP encounters are with
>>commercial systems so I can't comment on places like Speakeasy and
>>others.
> 
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> 

-- 
Until later: Geoffrey		esoteric at 3times25.net

The latest, most widespread virus?  Microsoft end user agreement.
Think about it...

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list