[SLUG] Port blocking on Verizon

• Next message: Steven Siesel: "RE: [SLUG] Port blocking on Verizon"
• Previous message: Paul M Foster: "[SLUG] Port blocking on Verizon"
• In reply to: Paul M Foster: "[SLUG] Port blocking on Verizon"
• Next in thread: Steven Siesel: "FW: [SLUG] Port blocking on Verizon"
• Maybe reply: Steven Siesel: "FW: [SLUG] Port blocking on Verizon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Tue, 4 May 2010, Paul M Foster wrote:

> Verizon FiOS (which I have) is, starting 8 June, going to block port 25

> Verizon's port blocking. But my internet mailhost still wants to see a
> connection on port 25. So does Verizon, when it sees a connection via
> port 587 to an internet mailhost, then change the port to port 25 (which
> is what my internet mailhost wants)?

Verizon will simply block all connections not within its IP
space, to external port 25 hosts. No port 're-writing' is
done -- to do so would just encourage spammers to use port 587
as well. Port 587 outgoing mail transfers require
authentication of the sender to an agreed credential, which
optionally can be done only after a TLS encrypted connection
is esablished

You do not mention MTA, but for sendmail, it can listen on
several ports, and in this case 25 AND 587, with 587 reserved
for 'authenticated' connections only [several types if
authentication, such as SASL supports, are supported in
sendmail]

[herrold@centos-5 ~]$ grep 587 /etc/services | head -2
submission 587/tcp msa # mail message submission
submission 587/udp msa # mail message submission

The patches to do so for 'sendmail.mc' are not completely
obvious, but doable, As you do not mention MTA, I do not
elaborate here. Ask if you need help

After authentication, and exchange of addressing
information, the 'DATA' message body transfer occurs. When
conplete, the remote MTA applies ITS view of what it can
reach (reachible MX servers for the destination domain), and
routes the message again along to the next hop.

--------------

It is perfectly doable to set up a VPN tunnel, say across a
RFC-1918 private network, and transfer email across 25 alone,
and here (as Verizon cannot SEE inside the encrypted tunnel)
not need to make changes other than adding the VPN link in
tandem to the publicly routable one. I do this from some
sites back to a central mailserver, in once case to help get
email from home 'out' for the missus, without exposing our
residence IP address

-- Russ herrold
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Steven Siesel: "RE: [SLUG] Port blocking on Verizon"
• Previous message: Paul M Foster: "[SLUG] Port blocking on Verizon"
• In reply to: Paul M Foster: "[SLUG] Port blocking on Verizon"
• Next in thread: Steven Siesel: "FW: [SLUG] Port blocking on Verizon"
• Maybe reply: Steven Siesel: "FW: [SLUG] Port blocking on Verizon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:20:25 EDT