1
ISP blocking port 25 what can I do?
Question asked by Chad Landry - November 20, 2015 at 12:46 PM
Unanswered
ISP blocks port 25. Can I change the port to 26 or something like that?

7 Replies

Reply to Thread
0
Heimir Eidskrem Replied
November 20, 2015 at 1:07 PM
If this is for server to server traffic then you can't change it.
It would probably be a violation with your ISP TOS anyway.
 
Pay for a business connection and it shouldnt be a problem.

 
0
Paul Blank Replied
November 20, 2015 at 2:10 PM
I thought of this as soon as I saw your post:
 
You can go to noip.com and purchase Mail Reflector (for incoming) and Alternate Port SMTP (for outgoing), and set up SM to work with this.  The cost seems to be about $ 60/year for both.  They will "reflect" incoming mail to an alternate port, and you can send through their "smarthost"  on a different port than 25 (you relay your mail through noip.com).  AFAIK, pretty easy to set this up in SM.
 
It's pretty reasonable IMO.  I haven't used this particular service, but they've been doing it for a few years, so I'll bet they've got it down.  
 
Note that I couldn't find Alternate Port SMTP on their Web site, but it was available as an option after selecting Mail Reflector.
 
Please double-check with them before jumping into this.  For instance, is your public IP dynamic or static, and/or do you have a domain with DNS pointing to your public IP?  Noip also offers dynamic IP services (these I HAVE used).  As I said, I haven't used the email services, but I'm familiar with other noip.com offerings. 
 
Hope this is helpful!
 
0
Bruce Barnes Replied
November 20, 2015 at 2:36 PM
First, make certain you have your SmarterMail SERVER ports properly configured and mapped within the SmarterMail server.
 
Second: make certain your SmarterMail server is running a TRUE, STATIC, IP address.  DHCP is never allowed on mail servers.
 
Third:  setup your client to use port 587 - it's the ALT SMTP SERVER PORT and all ISPs MUST now make this port available.  For more information, see my posts at:
 
If you require further assistance, please either open a ticket with SmarterTools, check out my portal at https://portal.chicagonettech.com, or contact me directly, 
 
 
EDIT:  Looks like a LINK BUG in the new version of SmarterTrack.

Here are those links, again, but you will have to COPY and PASTE into a browser to open:
 
https://portal.chicagonettech.com/kb/a165/xfinity-comcast-blocks-all-traffic-on-port-25-alternate-port-465-and-port-587.aspx'>https://portal.chicagonettech.com/kb/a165/xfinity-comcast-blocks-all-traffic-on-port-25-alternate-port-465-and-port-587.aspx


https://portal.chicagonettech.com/kb/a167/why-is-port-25-for-email-submission-no-longer-supported-by-chicagonettech.aspx'>https://portal.chicagonettech.com/kb/a167/why-is-port-25-for-email-submission-no-longer-supported-by-chicagonettech.aspx


https://portal.chicagonettech.com/kb/a55/configuring-ports-to-use-ssl-tls-to-secure-smartermail-version-8-and-beyond.aspx'>https://portal.chicagonettech.com/kb/a55/configuring-ports-to-use-ssl-tls-to-secure-smartermail-version-8-and-beyond.aspx
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Paul Blank Replied
November 20, 2015 at 2:51 PM
If your server is behind a dynamic public address, it can still have a static LAN (private) IP address behind your router and work just fine using a service such as noip's - combination of alternate port inbound, alternate port outbound (smarthost/gateway host) and dynamic IP (in conjunction with YOUR domain name OR one provided by someone like noip.com).  There are also others that provide this service.  I know it sounds like a kludge, but it can work very well, once set up.
 
If you have a static public IP, you should try Bruce's suggestions regarding port 587 (are all SMTP servers required to have 587 available?  I wasn't aware that they were.. seems to be that port 25 is still needed though).  Just might work for you.
 
0
Bruce Barnes Replied
November 20, 2015 at 2:53 PM
Paul, et al;
 
Here is the citation, per RFC 5605, Section 3.1:
 

This mandate is spelled out in RFC 5068, Section 3.1, which states:

3.1. Best Practices for Submission Operation

   Submission Port Availability:

      If external submissions are supported -- that is, from outside a site's administrative domain -- then the domain's MSAs MUST support the SUBMISSION port 587 [RFC4409].   Operators MAY standardize on the SUBMISSION port for both external AND LOCAL users; this can significantly simplify submission operations.

Even if the IETF had not standardized the use or port 587 as the ALTERNATE SMTP port, it would still be in the best interest of MX server operators to allow access to port 587 because SMTP port 25 is frequently blocked by hotels, hospitals, offices which provide free WiFi services (with Starbucks being a prime example of someone who blocks port 25 on their free WiFi service) , and others.

 

Comcast, along with many other larger providers, no filter port 25 and unceremoniously BLOCK all traffic which is not MX to MX traffic on that port.

If a client attempts to use port 25 to connect to the server, the connection is dropped, with no notice, or reason, given.

Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Paul Blank Replied
November 20, 2015 at 2:58 PM
That is understood. But I think port 25 is still needed - mail servers on the 'net are not required to use 587, but I don't think you can shut down port 25 just because you have 587 open (unless your mail server is strictly private - then you can use any ports you like).  As Bruce said, 587 is a good idea to use for corporate access ("submission") to company servers because it's required to be left open, and many providers actually comply with this.
0
Bruce Barnes Replied
November 20, 2015 at 2:59 PM
ABSOLUTELY:  Port 25 MUST be open and available, but port 587 MUST also be open and available.
 
Port 587 is also essential for CLIENT to MX SERVER TLS connectivity and submissions.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread