[ale] OT: bellsouth cuts off port 25 (inbound and outbound)

Michael H. Warfield mhw at wittsend.com
Mon Aug 16 13:00:32 EDT 2004


On Mon, Aug 16, 2004 at 11:26:40AM -0400, Mike Murphy wrote:
> I suppose this could be on-topic, but its not specifically about linux. 
> Imagine my surprise today when I found that bellsouth has cut off port 
> 25 both inbound and outbound. They were very thorough too, as they have 
> also cut off 587 and 465. Is this just me, or or is this all Bellsouth 
> subscribers? (in other words, did they decide I was a spammer, or is 
> this a global measure)? Has anyone else noticed?

	<Rant>

	A LOT of cable and DSL providers are cutting off outbound port 25
(amongst others) for very good reason.  The spammers (ESPECIALLY the
phishers) and the worm writers have ganged up.  A hugh portion of recent
worms have carried spam engines.  The worm writers then sell (for real
money  - this is big business now) the IP addresses of compromised systems
to criminals engaged in Phishing (mostly eastern block organized
crime gangs) who then use these high bandwidth DSL and broadband systems
to send out buckets of the loathsome filth and scams.  The compromised
systems would never normally be running an SMTP server, but they become
the source of a lot of the spam for illegal purposes.  The inbound
connections are NOT ON PORT 25!  They've already figured that out and
are bypassing DSL / Broadband restrictions and connecting to other ports
for their backdoors.  But the outbound spew has to be on port 25 to connect
to legitimate SMTP servers.

	You can't expect the providers to selectively impliment an address
by address rule of who the "good guys" are that can send E-Mail and who
the "bad guys" are who can.  In this case, the bad guys are not the
"evil doers" in the worm / spam / Russian Mafia bunch but the technotards
who shouldn't be sending smtp directly but are too stupid to keep their
systems free from infestations.  Since you are also subject to dynamic
addresses, static rules would also be insufficient and ineffective.

	IMNSHO...  Blocking those ports is a VERY GOOD THING.  If you are
competent you can deliberately set up VPN's and other mechanisms to
get your E-Mail out.  They are not blocking protocol 50 (ESP) or protocol
51 (AH) or protocol 41 (IPv6) or protocol 47 (GRE) or UDP 3544 (Teredo)
or UDP 4500 (IPSec NAT-T).  You got a corporated E-Mail account, you should
be VPNed back to their servers (SPF is going to force this before long -
get use to it and get it fixed now).  You got a domain you control, heck,
set up the SPF records and get an account with Hurricane Electric or
FreeNet6 and send it out over IPv6 (none of that is blocked, inbound
or outbound but not of it is being exploited by the spammers).  None
of the above, why aren't you using the SMTP relay perscribed in the
DHCP or PPPOE response?  Is it that difficult to use their servers
on outbound?  The bar needs to be raised to a level that people who know
what they are doing can deliberately get their jobs done while worms and
technotards are blocked.  If it's true (which is dubious, unfortunately)
I would applaud the direction.

	It's not impossible.  It's just tougher, as it should be.  Consider
it an "intelligence test".

	You want someone to blame - blame your technotard neighbors who are
using the same service but getting abused by worm writers and criminals.

	You want to keep doing what you're doing....  Fine, get a static,
unfiltered, account with these people (it's available), but expect to
pay for it.  It's not much.  Speedfactory is something like an extra
10 bucks.  Consider it another bar (too low a bar personally) to entry.
You have to DO something DELIBERATE to accomplish this.  This is how it
should be.

	</Rant>

> Mike

> -- 
> 
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> Mike Murphy
> 781 Inman Mews Drive Atlanta GA 30307
> Landline: 404-653-1070
> Mobile: 404-545-6234
> Email: mike at tyderia.net
> AIM: mmichael453
> JDAM: 33:45:14.0584N  84:21:43.038W
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available




More information about the Ale mailing list