This isn't about Comcast blocking port 25 to prevent you from running a server..
Recently my parents (that use Comcast) can no longer connect to port 25 of my server.. one that is legit, has correct reverse and MX records.
Has anybody else seen this?
Can anybody suggest a workaround.
I ran into this when plugging my notebook computer into my parents' home network in Florida. They have cable modem service from Cox, I believe. Anyway, Cox was blocking outbound connections to port 25 on anything other than Cox's SMTP servers. Well, this being a notebook, I didn't want to have to require my wife (it's actually her notebook) to change the SMTP server whenever she traveled. The mail server we were trying to access is a dedicated server that I run, and it uses SMTP authentication in order to allow access from any IP address. Therefore, I was not concerned about security, but rather about generically working around outbound port 25 restrictions.
My initial reaction was to use a one-line iptables command to redirect port 2525 to port 25 on my mail server, and then to point my wife's notebook to port 2525. This worked fine. The command I used was:
/sbin/iptables --table nat --append PREROUTING --jump REDIRECT --proto tcp --dport 2525 --to-ports 25
However, recently I was reading about SPF and discovered MSA. Although MSA may optionally do more sophisticated things, in a limited format you can run a "normal" SMTP server implementing authentication on the MSA port (TCP port 587), and non-MSA aware programs like Outlook can use it as long as they implement SMTP authentication and can be redirected to a different port. ISPs typically don't block port 587 because (1) MSA is new and they probably may not be aware of it, and (2) MSA requires authentication, which probably eliminates the reasons they may have for blocking outbound port 25. To turn on MSA in sendmail, I simply commented out the "no_default_msa" in my sendmail.mc file. (Actually, for reasons unnecessary to get into here, I added the equivalent line "O DaemonPortOptions=Port=587, Name=MSA, M=E" to sendmail.cf directly).
-- Bob Bell _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
