That solution assumes you are using Comcast server for your email.
I am using corporate mail servers which are used by many people, so can't really change the SMTP port.
Comcast is blocking port 25 to prevent spambots from connecting to recipient servers out on the Internet. Blocking outgoing port 25 is *very* common with "consumer" ISPs, so the ideal solution would be for you to also allow connections on port 587, the standard port for email submission.
I just got off the phone with them and still no luck - i.e. still cannot Telent to my email server's port 25. Here is an interesting post from another thread, which I totally subscribe to:
I am an email administrator for a large company. You are completely mistaken about what is good and bad practice. Blocking port 25 is bad practice as some global rule without some kind of opt-out process, which should not involve yelling at 2 customer support staff before I finally get the right phone number to call.
Having comcast say that my traffic over port 25 is insecure because it is on port 25 is completely false. My traffic would be insecure if it was not TLS encrypted...but it is TLS encrypted, so it's secure even though it is over port 25.
Comcast, If you would like to stop the world from receiving spam from your home subscriber IP's, add your IP segments to blacklists and look into other ways of informing the email systems of the world to not to accept SMTP traffic from your IP ranges (You're involved in the DMARC specification right? Why not look for a method to add into that specification, while it's still as new as it is, to serve exactly the purpose you're trying to accomplish by blocking port 25??). The technology exists...I know by default any decent internet facing MTA will view a comcast home subscriber IP as having low reputation and reject the SMTP connection for that reason alone.
While I do agree on some levels with what you've done, you have not provided a clear and simple opt-out process.
To opt out, I've been on the phone with the Comcast Customer Security Assurance team at 1-888-565-4329
Call that number to get an exception to port 25.
I was also informed that if Comcast sends a signal to the cable modem that they will likely blow away the exception, and I will again need to call that number, wait on hold and then have them re-apply the exception.
Telling me that I could upgrade to business class (pay more money), to ensure that port 25 stays open seems like some strange new form of ISP blackmail to me. You have closed a port that I can prove had been open and serving my legitimate needs, and then I am told that if I paid more money that I can keep it open. While I don't think I have a case, don't you see how your actions are wrong? http://legal-dictionary.thefreedictionary.com/Blackmail
Do yourselves a favor Comcast, notify your users of how to opt out of your security offerings (and make sure those opt-out's stick with a cable modem replacement/repair!). Keep offering your security options, it's generally a good thing, but you MUST get away from the one size fits all security concept. You have plenty of subscribers who can handle their own technology without your assistance/insistence and all they need from you is that beautiful bandwidth you usually provide.
I just got off the phone with them and still no luck - i.e. still cannot Telent to my email server's port 25.
But what did they say? They must have said something that gave you the idea that they were lifting the block, otherwise why try port 25 again?
The block is done via a modem config file. You won't get a new config file unless your lease is renewed or you reboot the modem... or they do something at their end to force the issue. Did they say they were going to "force the issue"?
Here is an interesting post from another thread, which I totally subscribe to:
He's mostly full of it. I agree that Comcast's talk about port 25 being "insecure" is BS. But one of the reasons that port 587 was reserved for email submission was so that ISPs *could* block outgoing port 25 and there'd be a standard port where affected users could still send email via third party servers. Comcast *do* submit their "dynamic" addresses to several blocklists so that MX servers can easily block those addresses, but relying on others to block spam from their spambots isn't the way a good 'net neighbor does things. And Comcast is "behind the times" in terms of blocking outgoing port 25. Most "consumer" ISPs blocked outgoing port 25 a *long* time ago, like 5-10 years ago.
In these posts, you'll see that the FCC has come out against port 25 usage and industry bodies support that position.
Port 25 has been obsolete for email submission to servers for at least 5 years. The world-wide movement to make it obsolete began a little more than 10 years ago. In fact, there are entire countries that do not permit port 25.
Finally, DMARC, which Comcast has been very active in the development of this standard, does not address port usage or spam for that matter. If you're interested, feel free to read more about what DMARC is and isn't at http://dmarc.org.
I am an Official Comcast Employee. Official Employees are from multiple teams within Comcast: Product, Support, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!
I am an Offical Comcast Employee. Official Employees are from multiple teams within Comcast. We ask that you post publicly so people with similar questions may benefit. Was your question answered? Mark it as an accepted solution!
I am a Comcast Employee. Please post so people with similar questions may benefit.
Was your question answered? Mark it as a solution!
I have had this happen to me too. After an outage on 3/7/13 around 10AM EST that lasted for an hour or so, my port 25 INCOMING traffic to my email server is being blocked. I am using port 587 for outgoing relay host (smtp.comcast.net) and am able to successfully send email. However, since incoming port 25 is blocked I can't receive email to my Postfix email server for my domain. I've be on hold with the Comcast Security people for the past hour or so. Hopefully they will eventually connect and then I can get the incoming port 25 unblocked. As previous posters mentioned, even raw telnet connections can't get through.
I can understand them blocking outgoing mail to prevent spam but not incoming - especially when one is using the port 587 with authentication. My server refused to relay external emails so it does not get used as a spambot.
I had the same problem with my Exchange box. I was completely blocked on 3/6 (could not send or receive). After changing my send connector to use 587 (465 would not work) and authenticate using my comcast ID I was then able to send email out. However, I still cannot receive email from the internet. My receive connector in Exchange is open to ports 25, 110, 465, 587 and 995 but still no luck. So this problem is Comcast simply blocking incoming port 25? What about the other ports I mentioned? Does comcast allow these ports back in? Thanks.
You need to contact Comcast security and get them to have the block taken off for incoming port 25. You still need to use either 465 or 587 for outgoing mail. Note: they tell you it is a temporary fix and could reset at any time and you shouldn't be running a server on a residential account - even if not for noncommercial purposes and then pitch a business account.
FWIW, had the same issue, called the number in this thread, and was also able to get it unblocked. Learned a couple of things on the call.
I was told that access to port 25 is a feature of Business internet access only. I'm on a residential package, and only use port 25 to send email from a couple of applications that don't allow reconfiguring the port. I don't run a mail server. Given all that, I was granted an exception, but was told that access was being turned back on temporarily, and could dissappear again at any time.
well i can tell you it is not a smooth process. they don't even read the form they made me submit because i clearly said i needed port 25 unblocked. the form however makes you include the ip of the blocked server. they just sent me an email back saying that ip address is not on their block list. i had to re-submit a form explaining the ip is not what is blocked it's use of port 25. hopefully they will actually read the problem description not just look at the ip fields again. personally i think this is stupid and really gives no security because spambots can use any port so your only stopping the stupid ppl who are not the threat. secondly whoever said to use the regular mail port is not too bright either because port 25 is the defined well known port for smtp. i have company over who want to use their mail clients to access their isp or work mail servers from their laptops and cannot because their mailservers use smtp outgoing on port 25. i can handle my own firewall i don't need comcast stepping in to "protect" me.
I have the same issue when using a third party mail service that is rated secure by the government. My company provides residential triple play premium accounts which include email service, but we cannot use that email address when communicating with some of our customers.
The price upgrade to commercial service for all the employee's homes may be prohibitive, but they have promised a temporary unblock of port 25 (which appeared to become blocked with no notice over the weekend). In the mean time I'll see whether my third party will open 465 or 587, but it is sounding like they have invested a lot in locking down 25 and backtracking spam attempts on 25.
I don't quite grasp why opening those ports would be a big deal to the third party, but what I am really annoyed about is that I am caught in the middle and have to spend time on this for no value.
I just called the 888 security number, and they basically told me to go pound sand.
I told them I was a work from home employee and that I need to be able to recieve email on TCP/25. I told them that I did not need to SEND on 25, just receive. They told me that I *HAVE* to upgrade to business class to use TCP/25.
That's an increase of $20 a month for less bandwdith.....
Using this thread and many other's I've finally solved the problem for my Dell 3115cn MFP to "scan to email".
Issue 1: Comcast shut down port 25 for residential broadband subscribers
Issue 2: the Dell MFP does not have the facility to change to secure email ports. Only 25 and 5000-65355
Partial solution: Call comcast as stated above - they will provide an exception but do not guarantee how long the exception will last as they automate the closing of port 25 on some undefined audit basis.
Real solution: I'll be the first to admit that not everyone can do this BUT, if you've got an internal windows server or other free SMTP server software you CAN do this.
Configure your SMTP server this way. I use a windows server internally. The same configs will apply to free SMTP servers though