[ale] OT: bellsouth cuts off port 25 (inbound and outbound)

Mike Murphy mike at tyderia.net
Mon Aug 16 13:22:35 EDT 2004


That was quite the rant. Thanks, I've already faxed my form into 
speedfactory. Its an extra 5 bucks.

The issue here certainly isn't cutting off port 25 outbound (thank the 
maker they finally did, IMHO -- I and many other ALErs have been ready 
for that for months), the issue is that they have cut off basically 
everything else! If you cut off port 25, who cares if the spammers can 
control their zombies on other ports? For that matter, turn off all the 
unencrypted SMTP/IMAP/POP3 ports and let those of us who know how to use 
stuff like IMAPS alone. Its innane and insane that I can't read my mail 
over 993 (IMAPS) from home anymore, but I can over 143 (IMAP without 
SSL). Never mind static versus dynamic addresses and firewall rules: I'm 
paying them extra for the static ip (so that I can get past the firewall 
at the office over IPSEC). They perfectly well could use different rules 
for static customers than they use for dynamic customers, if they cared. 
If this is an "intelligence test" I'm not sure who's failing it...

Have I not done enough by securing my home network, by taking the time 
to set up sendmail so its not an open relay, by using only encrypted and 
authenticated communication methods in and out of my home network? If 
they want to stop their network sending out spam, they need not throw 
the proverbial baby out with the bath water.

At any rate, it matters not. Complaining won't help. You can't even get 
anyone on the phone who understands what you are talking about.

But what takes the cake here is that they are incapable of sending out a 
notice that they are changing this before they do it. And I particularly 
love how they call port 25 blocking "Port 25 management": 
http://help.bellsouth.net/sdcuser/asp/dial/default.asp

I'm perfectly happy that they finally gave me the business justification 
to switch my home service without giving up the partial reimbursement my 
employer gives me.

Mike


Michael H. Warfield wrote:
> On Mon, Aug 16, 2004 at 11:26:40AM -0400, Mike Murphy wrote:
> 
>>I suppose this could be on-topic, but its not specifically about linux. 
>>Imagine my surprise today when I found that bellsouth has cut off port 
>>25 both inbound and outbound. They were very thorough too, as they have 
>>also cut off 587 and 465. Is this just me, or or is this all Bellsouth 
>>subscribers? (in other words, did they decide I was a spammer, or is 
>>this a global measure)? Has anyone else noticed?
> 
> 
> 	<Rant>
> 
> 	A LOT of cable and DSL providers are cutting off outbound port 25
> (amongst others) for very good reason.  The spammers (ESPECIALLY the
> phishers) and the worm writers have ganged up.  A hugh portion of recent
> worms have carried spam engines.  The worm writers then sell (for real
> money  - this is big business now) the IP addresses of compromised systems
> to criminals engaged in Phishing (mostly eastern block organized
> crime gangs) who then use these high bandwidth DSL and broadband systems
> to send out buckets of the loathsome filth and scams.  The compromised
> systems would never normally be running an SMTP server, but they become
> the source of a lot of the spam for illegal purposes.  The inbound
> connections are NOT ON PORT 25!  They've already figured that out and
> are bypassing DSL / Broadband restrictions and connecting to other ports
> for their backdoors.  But the outbound spew has to be on port 25 to connect
> to legitimate SMTP servers.
> 
> 	You can't expect the providers to selectively impliment an address
> by address rule of who the "good guys" are that can send E-Mail and who
> the "bad guys" are who can.  In this case, the bad guys are not the
> "evil doers" in the worm / spam / Russian Mafia bunch but the technotards
> who shouldn't be sending smtp directly but are too stupid to keep their
> systems free from infestations.  Since you are also subject to dynamic
> addresses, static rules would also be insufficient and ineffective.
> 
> 	IMNSHO...  Blocking those ports is a VERY GOOD THING.  If you are
> competent you can deliberately set up VPN's and other mechanisms to
> get your E-Mail out.  They are not blocking protocol 50 (ESP) or protocol
> 51 (AH) or protocol 41 (IPv6) or protocol 47 (GRE) or UDP 3544 (Teredo)
> or UDP 4500 (IPSec NAT-T).  You got a corporated E-Mail account, you should
> be VPNed back to their servers (SPF is going to force this before long -
> get use to it and get it fixed now).  You got a domain you control, heck,
> set up the SPF records and get an account with Hurricane Electric or
> FreeNet6 and send it out over IPv6 (none of that is blocked, inbound
> or outbound but not of it is being exploited by the spammers).  None
> of the above, why aren't you using the SMTP relay perscribed in the
> DHCP or PPPOE response?  Is it that difficult to use their servers
> on outbound?  The bar needs to be raised to a level that people who know
> what they are doing can deliberately get their jobs done while worms and
> technotards are blocked.  If it's true (which is dubious, unfortunately)
> I would applaud the direction.
> 
> 	It's not impossible.  It's just tougher, as it should be.  Consider
> it an "intelligence test".
> 
> 	You want someone to blame - blame your technotard neighbors who are
> using the same service but getting abused by worm writers and criminals.
> 
> 	You want to keep doing what you're doing....  Fine, get a static,
> unfiltered, account with these people (it's available), but expect to
> pay for it.  It's not much.  Speedfactory is something like an extra
> 10 bucks.  Consider it another bar (too low a bar personally) to entry.
> You have to DO something DELIBERATE to accomplish this.  This is how it
> should be.
> 
> 	</Rant>
> 
>>Mike
> 
> 
>>-- 
>>
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://www.ale.org/mailman/listinfo/ale
> 
> 
> 	Mike
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list