[ale] "UPDATE" What is going on with Bellsouth's smtp server?

Greg Freemyer greg.freemyer at gmail.com
Tue Mar 21 11:49:14 EST 2006


We're still bitching to Bellsouth about the new SMTP restriction.

Someone finally understood what we are talking about and said they
would make an internal push to get things back to allowing businesses
to use their own reply to addresses.

Apparently they are getting lots of support calls and they did not know why!!!

On 3/18/06, H. A. Story <adrin at bellsouth.net> wrote:
> Greg Freemyer wrote:
>
> >On 3/18/06, Howard A Story <adrin at bellsouth.net> wrote:
> >
> >
> >>Greg Freemyer wrote:
> >>
> >>
> >>
> >>>My company has a business dsl with a static IP from Bellsouth.
> >>>
> >>>For years we've been able to use mail.bellsouth.net as our smtp server
> >>>in our e-mail clients even though our return addresses are
> >>>xxx at NorcrossGroup.com
> >>>
> >>>As of some point yesterday Bellsouth's outbound smtp server appears to
> >>>be checking the return address and denying access to anybody that does
> >>>not have a xxx at bellsouth.net address.
> >>>
> >>>I hope I'm wrong but that is certainly the way it is behaving?
> >>>
> >>>Can anyone confirm/deny the above or provide a simple work around?
> >>>
> >>>Unfortunately my company uses Goldmine for most of our e-mail clients
> >>>and they don't have a lot of configurability.
> >>>
> >>>I suspect I can find anouther outbound smtp server I can use, but
> >>>bellsouth is getting to be more and more of a pain.
> >>>
> >>>Greg
> >>>--
> >>>Greg Freemyer
> >>>The Norcross Group
> >>>Forensics for the 21st Century
> >>>_______________________________________________
> >>>Ale mailing list
> >>>Ale at ale.org
> >>>http://www.ale.org/mailman/listinfo/ale
> >>>
> >>>
> >>>
> >>>
> >>>
> >>Well,  I I can send email from the CLI and Mozilla again.  But any
> >>messages form root will get bounced.  Forget about trying another SMTP
> >>as bellsouth has those ports blocked.   Looks like you are stuck using
> >>their webmail client when you are away. ICK!!!  And I would assume at
> >>this point that if you are access a mail server through port 25 not on
> >>bellsouth's network.  You are not now unless you have a VPN to that
> >>server.   I think it has been this way for a little while now though.
> >>
> >>Looks like they have turned off some of the relaying.
> >>
> >>Adrin
> >>
> >>
> >
> >Not sure of total story, but it is not as dire as you have painted it.
> >
> >As of yesterday I am not using bellsouth.net for pop3/smtp servers.  I
> >am still using the business dsl w/static ip for transport.  I don't
> >have a VPN in place to anybody.
> >
> >I do appear to have full smtp/pop3 connectivity from my clients to an
> >external web hosting company.
> >
> >I have my e-mail client configured to do outbound smtp (port 25)
> >connections to the offsite webhosting company.  They host my companies
> >domain and apparently allow outbound relaying if the return address is
> >from my companies domain.
> >
> >Bellsouth did not block these outbound port 25 connections for the few
> >outbound e-mails I sent from my business account yesterday and today.
> >
> >For pop3 I also handle that thru my web hosting company and Bellsouth
> >has never blocked my pop3 requests to them.  I've been using that
> >setup for a year or more.  I found Bellsouth's pop3 service to be way
> >too unreliable to use for business.
> >
> >Greg
> >--
> >Greg Freemyer
> >The Norcross Group
> >Forensics for the 21st Century
> >
> >
> >
> Sorry,  I don't know what I was doing last night.  I have changed from
> sendmail to postfix this morning.  Didn't take long to setup.  Much
> easier to setup than sendmail also. For some reason the email would get
> blocked if sent from the CL as root user, "root at hostname.domainname".
> And since I have filters and fetchmail setup it was probably working all
> the time.
>
> What was a real killer.  I setup a user to test on the Linux box.  Sent
> email and had sendmail putting in the domain of bellsouth.net  I got the
> email as though it came form user at bellsouth.net even though I don't have
> that email account.  So in my eyes the from address could still be
> spoofed.  Someone could still go sit at a free WiFi spot and send all
> the email they wanted too. You just need to figure out who the provider
> is and a little bit of other info.
>
> I really think the end user has more control over the spam they get than
> the ISP do sometimes.
>
>
>


--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century



More information about the Ale mailing list