Port 25

Simon

18 Apr 2006 18 Apr '06

7:14 a.m.

Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail. Many of my customers are XTRA customers, but are also vodafone etc etc, so an external autheticated mail server is a huge bonus for them. Use secure port? Regards, Simon

Show replies by date

Jamie Riden

18 Apr 18 Apr

7:27 a.m.

On 19/04/06, Simon wrote:

...

Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

Many of my customers are XTRA customers, but are also vodafone etc etc, so an external autheticated mail server is a huge bonus for them. Use secure port?

Regards,

Simon

For example, Gmail supports mail submission on 465/tcp or 587/tcp using SMTP AUTH / STARTTLS - then you can think about publishing a (stricter) SPF record for the domain as well. http://gmail.google.com/support/bin/answer.py?answer=12103 (I know it says POP, but it also covers SMTP) http://mail.google.com/support/bin/answer.py?answer=13287 cheers, Jamie -- Jamie Riden / jamesr(a)europe.com / jamie.riden(a)computer.org "Microsoft: Bringing the world to your desktop - and your desktop to the world." -- Peter Gutmann

jfp

7:31 a.m.

...

Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

The solution we use is that our customers use the smtp server of the service provider (xtra etc) they use to connect but our imap(s)/pop3(s) to get their mail. Is that what you meant? jfp. ------------------------------------------------------------------------ Jean-Francois Pirus Senior Software Engineer Phone (+64-9) 358 2081 Clearfield Software Ltd Fax (+64-9) 358 2083 4th Floor 8-10 Whitaker Place Mob (+64-21) 640 779 P O Box 3901 Auckland, New Zealand ------------------------------------------------------------------------

Simon

7:44 a.m.

On 4/19/06, jfp wrote:

...

...
Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

The solution we use is that our customers use the smtp server of the service provider (xtra etc) they use to connect but our imap(s)/pop3(s) to get their mail.

Is that what you meant?

Yea.. We have 2 points here: 1). Many of our business customers have a laptop and use jetstream at work and a vodaphone connection for roaming, making our authenticated SMTP servers very handy for these (noramlly) non-tech type people. 2). I find it better for solving issues for ouur customers if they are using our mail servers. or i find myself saying "It must be XTRA's mail servers if you are having problems sending mail", which is not a solution for a customer with a problem. Simon

Joe Abley

7:57 a.m.

On 18-Apr-2006, at 20:44, Simon wrote:

...

1). Many of our business customers have a laptop and use jetstream at work and a vodaphone connection for roaming, making our authenticated SMTP servers very handy for these (noramlly) non-tech type people.

Many hotspots and other places of drop-in connectivity either block port 25 connections outbound altogether, or redirect them to a local MTA. Setting up roaming business customers to use port 25 to send mail seems like a recipe for helpdesk fun. I submit mail using SSL-wrapped SMTP on port 465, and the server I connects to relays based on successful SMTP AUTH. I travel a bit, and it works for me. Joe

Alastair Johnson

8:01 a.m.

Joe Abley wrote:

...

Many hotspots and other places of drop-in connectivity either block port 25 connections outbound altogether, or redirect them to a local MTA. Setting up roaming business customers to use port 25 to send mail seems like a recipe for helpdesk fun.

I submit mail using SSL-wrapped SMTP on port 465, and the server I connects to relays based on successful SMTP AUTH. I travel a bit, and it works for me.

Until you get stuck at a hotel or hotspot which ONLY allows 25/tcp 80/tcp 443/tcp out. I seem to be forever reconfiguring my email client between 25/tcp, 587/tcp, and 10025/tcp in order to get my email out. Sometimes it becomes too hard. :(

Joe Abley

9:51 a.m.

On 18-Apr-2006, at 21:01, Alastair Johnson wrote:

...

Until you get stuck at a hotel or hotspot which ONLY allows 25/tcp 80/tcp 443/tcp out.

That's when you call Jonny and start crawling out of seventh floor windows with omni antennas pointed at the Novatel lobby. Joe

Nicholas Lee

19 Apr 19 Apr

3:32 a.m.

On 4/19/06, Alastair Johnson wrote:

...

I seem to be forever reconfiguring my email client between 25/tcp, 587/tcp, and 10025/tcp in order to get my email out. Sometimes it becomes too hard. :(

Use thunderbird, it has a very nice interface for managing multiple smtp servers. -- Nicholas Lee http://stateless.geek.nz gpg 8072 4F86 EDCD 4FC1 18EF 5BDD 07B0 9597 6D58 D70C

Jo Booth

4:05 a.m.

On 20/04/2006, at 08:32 , Nicholas Lee wrote:

...

On 4/19/06, Alastair Johnson wrote: I seem to be forever reconfiguring my email client between 25/tcp, 587/tcp, and 10025/tcp in order to get my email out. Sometimes it becomes too hard. :(

Use thunderbird, it has a very nice interface for managing multiple smtp servers.

Yeah, Apple Mail happily cycles through a list of them too... tho it still prompts you every time it fails. It would be good to have a mail application that figured it out ;) Give it a few options in order of preference, and let it try a few. Mainly only applicable to mobile type users. Or people with 6 different ISPs ;) -Jo.

Craig Whitmore

18 Apr 18 Apr

7:59 a.m.

----- Original Message ----- From: "Simon" To: Sent: Wednesday, April 19, 2006 12:14 PM Subject: [nznog] Port 25

...

Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

We at ORCON have the submission port available to be used. We have people who have "outside ORCON" internet access who use SMTP AUTH and TLS on port 25 (Telecom Mobile/Vodafone Mobile/Xtra Hotspots etc). All Xtra connected customers will have to do is change it from SMTP port (25) to the Submission Port (587) and it will work when XTRA Block Port 25 to external mail servers to their network. Yes there is the the 465 Port (SSL before the Start of SMTP talking - as noted by other people) but I don't know many common clients which support this at all. Thanks Craig Whitmore Orcon Internet Ltd http://www.orcon.net.nz

Simon

8:18 a.m.

On 4/19/06, Craig Whitmore wrote:

...

----- Original Message ----- From: "Simon" To: Sent: Wednesday, April 19, 2006 12:14 PM Subject: [nznog] Port 25

...
Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

We at ORCON have the submission port available to be used. We have people who have "outside ORCON" internet access who use SMTP AUTH and TLS on port 25 (Telecom Mobile/Vodafone Mobile/Xtra Hotspots etc). All Xtra connected customers will have to do is change it from SMTP port (25) to the Submission Port (587) and it will work when XTRA Block Port 25 to external mail servers to their network.

Yes there is the the 465 Port (SSL before the Start of SMTP talking - as noted by other people) but I don't know many common clients which support this at all.

I had thought to allow non-secure connections on a completly different port (such as 2525)... would it be better to use port 587 you think? Is this simply a change the port from the clients point of view (just to clarify on your statment above)? Simon

Craig Whitmore

8:26 a.m.

...

I had thought to allow non-secure connections on a completly different port (such as 2525)... would it be better to use port 587 you think? Is this simply a change the port from the clients point of view (just to clarify on your statment above)?

Setting up a "non-standard port" for mail would work, but the Submission Port is already there.. so why reinent the wheel? Thanks Craig

Joe Abley

9:50 a.m.

On 18-Apr-2006, at 20:59, Craig Whitmore wrote:

...

Yes there is the the 465 Port (SSL before the Start of SMTP talking - as noted by other people) but I don't know many common clients which support this at all.

Outlook, Outlook Express, Thunderbird, Apple Mail? Joe

Juha Saarinen

9:55 a.m.

Joe Abley wrote:

...

Outlook, Outlook Express, Thunderbird, Apple Mail?

Pocket Outlook as well, and Eudora too from memory. Entourage 2004 for Macs don't do it, I see. -- Juha Saarinen www.geekzone.co.nz/juha www.computerworld.co.nz

James Clark

10:42 a.m.

Simon wrote:

...

Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25

<soapbox> It's a retarded move on Xtra's part. Head-explodingly-stupid. It's a _workaround_, not a _solution_. (Like those shitehouse ADSL modems they ship, which can't port forward, asshat move). Leave the Internet alone Xtra, you monolithic sloth. Actually, I mean, don't break it *make it go faster* - yes, you know you can, you just don't. Xtra are the idiots that partnered with Microsoft. Why doesn't Xtra attack Monkeyboy instead of disabling their customer's service. Three cheers for Teresa Gatting! The lady with a smelly head, according to the first quip on Google. http://www.google.co.nz/search?hl=en&lr=lang_en&q=telecom%20teressa%20gatting I'm sure some poor techs at Xtra read this list. You poor buggers, putting up with a technology company run by maniacal marketeers. Guess they're too busy living the American dream. America, Fuck Yeah! </soapbox> But then, the rest of us all know this already :) -- Cheers, James Clark.

Mark Foster

11:23 a.m.

...

Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

Many of my customers are XTRA customers, but are also vodafone etc etc, so an external autheticated mail server is a huge bonus for them. Use secure port?

Xtra offer a product called 'Secure Remote Email' which is an alternative for roaming customers. SSL, and works regardless of the ISP you're on. Note that if your Usually-via-Xtra customer was on Vodafone and sending to a destination other than xtra, using smtp.xtra.co.nz would never have worked in the first place as Xtra don't provide Authenticated SMTP except for their SRE product, IIRC. Likewise your Usually-via-someone-else customer attempting to send their mail back to someone-elses-smtp-server over a service with Port 25 Blocked will have similar relay issues unless theyre authenticating somehow - however, 'thems the breaks' if theyre on Xtra's network, and their network provider (whoever it is that is Xtra's customer on their behalf) hasn't gotten an exception to the rule. Solution, as already suggested: Use another port, or use smtp.xtra.co.nz. Noted that Xtra have stated that people who want to be excluded from the block need only ask. I say good on Xtra for finally implementing something which should have been done years ago! The doomsayers need to start thinking pragmatically about this; there are plenty of ways around this. (Heck, when i'm travelling, I am either using SSH or Webmail..) Mark.

Simon

11:42 a.m.

On 4/19/06, Mark Foster wrote:

...

...
Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

Many of my customers are XTRA customers, but are also vodafone etc etc, so an external autheticated mail server is a huge bonus for them. Use secure port?

Xtra offer a product called 'Secure Remote Email' which is an alternative for roaming customers. SSL, and works regardless of the ISP you're on.

Is good to know for customer reference. Telstra Clear offers this already and i didnt know that Xtra do. Cool.

...

Note that if your Usually-via-Xtra customer was on Vodafone and sending to a destination other than xtra, using smtp.xtra.co.nz would never have worked in the first place as Xtra don't provide Authenticated SMTP except for their SRE product, IIRC.

Yea - our customers all use our servers which require authenticated access, so my issue was more with what todo with XTRA customers...

...

Likewise your Usually-via-someone-else customer attempting to send their mail back to someone-elses-smtp-server over a service with Port 25 Blocked will have similar relay issues unless theyre authenticating somehow - however, 'thems the breaks' if theyre on Xtra's network, and their network provider (whoever it is that is Xtra's customer on their behalf) hasn't gotten an exception to the rule. Solution, as already suggested: Use another port, or use smtp.xtra.co.nz.

Yep - was going to use port 2525, but have decided to use 587 which is an industry standard port for mail.

...

...
Noted that Xtra have stated that people who want to be excluded from the block need only ask.

Yep :) - have you seen what they want you to agree to for this? Tell them your AV software Tell them your firewall software State the reason for doing it Tell them your mail server software Agree to terms and conditions including that you will keep your AV and firewall software up to date at all times.

...

I say good on Xtra for finally implementing something which should have been done years ago! The doomsayers need to start thinking pragmatically about this; there are plenty of ways around this. (Heck, when i'm travelling, I am either using SSH or Webmail..)

Agreed, i think. I had a thought that it would be quite a good idea for service providers to be able to apply to XTRA to get there servers excluded from the list. Haven't thought about the practically or legal issues here - of which there are many! Side: I remember doing some work with Vodafone and Telecom a number of years ago regarding SMS gateways and having to sign some documents that basically said: "If you stuff our network, or dont, for any reason, or not, to do with anything, or nothing: You will pay" - was a laugh at the time! Simon

Mark Foster

1:43 p.m.

...

...
Xtra offer a product called 'Secure Remote Email' which is an alternative for roaming customers. SSL, and works regardless of the ISP you're on.

Is good to know for customer reference. Telstra Clear offers this already and i didnt know that Xtra do. Cool.

They have done for ~2 years or longer.

...

...
...
Noted that Xtra have stated that people who want to be excluded from the block need only ask.

Yep :) - have you seen what they want you to agree to for this?

Tell them your AV software Tell them your firewall software State the reason for doing it Tell them your mail server software

Agree to terms and conditions including that you will keep your AV and firewall software up to date at all times.

This sounds like typical companyspeak for "we want to opt out of being responsible for any virus traffic originating from your network, so we make it clear that you are in fact responsible". And theyre actually requiring some responsible behavior from their clients. Realising that for 99% of their customers the restriction wont cause any problems - and for a substantial proportion of the remainder (windows users) the need to actually make clear that you're taking responsibility is not really that unreasonable. At the very least, the info goes on file, so that if theres a problem later on, Xtra can very pointedly say 'you agreed to keep your system up to date and secure'. So its not necessarily the nicest situation, I admitt, but I can't say i'm hugely suprised. One just has to hope theres some cloo being used to administer this. Oh, and for the foolish person who 'CBF' finding out whether the opt-out costed anything or not - its already been stated in various press releases, etc, that the opt-out will not cost anything.

...

I had a thought that it would be quite a good idea for service providers to be able to apply to XTRA to get there servers excluded from the list. Haven't thought about the practically or legal issues here - of which there are many!

Huh? Xtra's policy affects their customers only. How does this indicate a need for other providers to be excluded - when the policy doesnt affect them? Going back to the original question, however - I am interested to hear if any other ISPs are considering implementing a similar policy; I'll likewise be interested to hear exactly what sort of volume-impacts are noted once the block is implemented. Mark.

Michael Jager

1:55 p.m.

Mark Foster wrote:

...

...
I had a thought that it would be quite a good idea for service providers to be able to apply to XTRA to get there servers excluded from the list. Haven't thought about the practically or legal issues here - of which there are many!

Huh? Xtra's policy affects their customers only. How does this indicate a need for other providers to be excluded - when the policy doesnt affect them?

By allowing outbound 25/tcp to a list of "good ISPs" SMTP servers? Michael

Jo Booth

2:09 p.m.

On 19/04/2006, at 18:43 , Mark Foster wrote:

...

...
...
Xtra offer a product called 'Secure Remote Email' which is an alternative for roaming customers. SSL, and works regardless of the ISP you're on.

Is good to know for customer reference. Telstra Clear offers this already and i didnt know that Xtra do. Cool.

They have done for ~2 years or longer.

On the, "one smtp server to rule them all" front, i've used clear.net's pay per use dial-up account (minimal setup fee and no ongoing costs) with their free authenticated smtp and mailbox so I could send mail from the laptop using "any" ISPs connection when out and about roaming/borrowing connectivity on cafenet/telecom wifi/ paradise/xtra/actrix etc. Prior it was a constant battle to figure out the local smtp server, change mail app settings etc. -- Jo - Mesh|net +64 (0)21 526684

Steve Lang

3:58 p.m.

Dare I suggest something worth talking about amongst the recent flaming.... but.... Some time ago, I was asking about ISP's that provided ODMR services. RFC 2645 (http://www.rfc-archive.org/getrfc.php?rfc=2645). Can't recall where that thread went - someone from paradise saying something about them not wanting to do it 'cause it would make them insecure or something... Didn't make sense at the time. In any case, this would appear to be to be a good solution. The RFC has been around for a long time (1999), and it appears that there may be more than just a couple of clients/servers. But, I still can't find anyone that supports it. Any clues who might? Anyone from ISP land that want's to create an ODMR service? Don't need a static IP, should work with everyone etc. etc. Cheers - Simon wrote:

...

Just a quick email to the list to find out what other service providers are doing regarding XTRA blocking port 25 when your company does not provide internet connections, so many of your customers are using xtra as a service provider but not for other services wuch as mail.

Many of my customers are XTRA customers, but are also vodafone etc etc, so an external autheticated mail server is a huge bonus for them. Use secure port?

Regards,

Simon

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

6822

Age (days ago)

6823

Last active (days ago)

List overview

Download

20 comments

13 participants

participants (13)

Alastair Johnson
Craig Whitmore
James Clark
Jamie Riden
jfp
Jo Booth
Joe Abley
Juha Saarinen
Mark Foster
Michael Jager
Nicholas Lee
Simon
Steve Lang

Port 25

Simon

Jamie Riden

Simon

Joe Abley

Joe Abley

Simon

Joe Abley

James Clark

Simon

Michael Jager

tags

participants (13)