Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,667,898

members

49

online now

1,839,145

discussions

Back to Top

Port 25 no longer works - not using Comcast mail server - have my own mail server

SOLVED
Posted by
Visitor
Message 1 of 20
19,742 Views

Up until about 12:00 noon today 3/7/2013 my email has worked fine. I am a Comcast user for many, many years. I have my own mail servers (2)  which service mail (SMTP Server) on port 25.

 

This has worked fine for years.

 

Cannot Telnet to port 25 - screen just goes blank.

 

Can recerive email without a problem (Port 110).

 

Can Telnet to port 25 on both my mail servers when not using Comcast internet.

 

Why can I no longer use port 25?  This is a major PIA since I have to go into editing my registry on servers to change the port. My servers DO not have SSL.

 

My client is Outlook 2010.

 

 

19 REPLIES
Posted by
Visitor
Message 2 of 20
19,740 Views

I've just had this happen to me too.  for the whole day I can receive email, but my Outbox still had messages from the morning and the client can't connect.

 

I'm using Windows Live Mail.  Anyone have a good solution?

Posted by
Visitor
Message 3 of 20
19,730 Views

Well, I got mine figured out in a few minutes after looking at other postings and came across this link for different clients.  Not sure if it will help you.

 

http://forums.comcast.com/t5/E-Mail-and-Xfinity-Connect-Help/Port-Change-Notification/m-p/1470331#U1...

Posted by
Visitor
Message 4 of 20
19,725 Views

That solution assumes you are using Comcast server for your email.

 

I am using corporate mail servers which are used by many people, so can't really change the SMTP port.

Posted by
Bronze Problem Solver

Message 5 of 20
19,705 Views

hhemstreet2 wrote:

That solution assumes you are using Comcast server for your email.

 

I am using corporate mail servers which are used by many people, so can't really change the SMTP port.


Comcast is blocking port 25 to prevent spambots from connecting to recipient servers out on the Internet. Blocking outgoing port 25 is *very* common with "consumer" ISPs, so the ideal solution would be for you to also allow connections on port 587, the standard port for email submission.

 

At http://corporate.comcast.com/comcast-voices/updated-management-of-smtp-port-25 Comcast say:

 

"Upon request to our Customer Security Assurance team this block can be removed, enabling access to use port 25 for other email domains..."

 

Here's the number:

 

Customer Security Assurance at 888-565-4329. Normal business hours are 6:00 AM to 2:00 AM EST, 7 days a week.

 

It would be interesting to hear how you make out with them if you go that route.

Posted by
Visitor
Message 6 of 20
19,686 Views

I just got off the phone with them and still no luck - i.e. still cannot Telent to my email server's port 25. Here is an interesting post from another thread, which I totally subscribe to:

 

Dear Comcast,

I am an email administrator for a large company.  You are completely mistaken about what is good and bad practice.  Blocking port 25 is bad practice as some global rule without some kind of opt-out process, which should not involve yelling at 2 customer support staff before I finally get the right phone number to call.

Here is the latest RFC for SMTP http://tools.ietf.org/html/rfc5321, there are no references to any port other than the port assigned by IANA which is port 25.  While the IANA port assignment page includes 25, 465 (which is assigned to Cisco URD, not to SMTPS), and 587 no where do either org specify security implications from using any of those ports (RFC http://www.ietf.org/rfc/rfc3207.txt does cover TLS submission over SMTP, which refers to port assignments defined in http://www.ietf.org/rfc/rfc2476.txt, which refers to port 25 and port 587...no port 465 for smtps). http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml

Having comcast say that my traffic over port 25 is insecure because it is on port 25 is completely false.  My traffic would be insecure if it was not TLS encrypted...but it is TLS encrypted, so it's secure even though it is over port 25.

Comcast, If you would like to stop the world from receiving spam from your home subscriber IP's, add your IP segments to blacklists and look into other ways of informing the email systems of the world to not to accept SMTP traffic from your IP ranges (You're involved in the DMARC specification right?  Why not look for a method to add into that specification, while it's still as new as it is, to serve exactly the purpose you're trying to accomplish by blocking port 25??).  The technology exists...I know by default any decent internet facing MTA will view a comcast home subscriber IP as having low reputation and reject the SMTP connection for that reason alone.

While I do agree on some levels with what you've done, you have not provided a clear and simple opt-out process.

To opt out, I've been on the phone with the Comcast Customer Security Assurance team at 1-888-565-4329

Call that number to get an exception to port 25.

I was also informed that if Comcast sends a signal to the cable modem that they will likely blow away the exception, and I will again need to call that number, wait on hold and then have them re-apply the exception.

Telling me that I could upgrade to business class (pay more money), to ensure that port 25 stays open seems like some strange new form of ISP blackmail to me.  You have closed a port that I can prove had been open and serving my legitimate needs, and then I am told that if I paid more money that I can keep it open.  While I don't think I have a case, don't you see how your actions are wrong?  http://legal-dictionary.thefreedictionary.com/Blackmail

Do yourselves a favor Comcast, notify your users of how to opt out of your security offerings (and make sure those opt-out's stick with a cable modem replacement/repair!).  Keep offering your security options, it's generally a good thing, but you MUST get away from the one size fits all security concept.  You have plenty of subscribers who can handle their own technology without your assistance/insistence and all they need from you is that beautiful bandwidth you usually provide.

Posted by
Visitor
Message 7 of 20
21,628 Views
Solution

About an hour after my request to unblock port 25, my access to port 25 has returned.

 

Hopefully will continue working and/or Comcast will come to their senses.

Posted by
Bronze Problem Solver

Message 8 of 20
19,663 Views

hhemstreet2 wrote:

I just got off the phone with them and still no luck - i.e. still cannot Telent to my email server's port 25.

 

But what did they say? They must have said something that gave you the idea that they were lifting the block, otherwise why try port 25 again?

 

The block is done via a modem config file. You won't get a new config file unless your lease is renewed or you reboot the modem... or they do something at their end to force the issue. Did they say they were going to "force the issue"?

 

Here is an interesting post from another thread, which I totally subscribe to:

 

He's mostly full of it. I agree that Comcast's talk about port 25 being "insecure" is BS. But one of the reasons that port 587 was reserved for email submission was so that ISPs *could* block outgoing port 25 and there'd be a standard port where affected users could still send email via third party servers. Comcast *do* submit their "dynamic" addresses to several blocklists so that MX servers can easily block those addresses, but relying on others to block spam from their spambots isn't the way a good 'net neighbor does things. And Comcast is "behind the times" in terms of blocking outgoing port 25. Most "consumer" ISPs blocked outgoing port 25 a *long* time ago, like 5-10 years ago.

Posted by
Official Employee

Message 9 of 20
19,612 Views

There are a significant number of misunderstandings in that post.  Many of them are addressed in the following FAQs/Blog posts:

http://customer.comcast.com/help-and-support/internet/email-port-25-no-longer-supported/

http://corporate.comcast.com/comcast-voices/updated-management-of-smtp-port-25

In these posts, you'll see that the FCC has come out against port 25 usage and industry bodies support that position.

 

Port 25 has been obsolete for email submission to servers for at least 5 years.  The world-wide movement to make it obsolete began a little more than 10 years ago.  In fact, there are entire countries that do not permit port 25.

 

Finally, DMARC, which Comcast has been very active in the development of this standard, does not address port usage or spam for that matter.  If you're interested, feel free to read more about what DMARC is and isn't at http://dmarc.org.

 

Thanks.




Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: Product, Support, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am a Comcast Employee.
Please post so people with similar questions may benefit.
Was your question answered?
Mark it as a solution!solution Icon
Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 10 of 20
19,521 Views

I have had this happen to me too.  After an outage on 3/7/13 around 10AM EST that lasted for an hour or so, my port 25 INCOMING traffic to my email server is being blocked.  I am using port 587 for outgoing relay host (smtp.comcast.net) and am able to successfully send email.  However, since incoming port 25 is blocked I can't receive email to my Postfix email server for my domain. I've be on hold with the Comcast Security people for the past hour or so.  Hopefully they will eventually connect and then I can get the incoming port 25 unblocked.  As previous posters mentioned, even raw telnet connections can't get through.  

 

I can understand them blocking outgoing mail to prevent spam but not incoming - especially when one is using the port 587 with authentication.  My server refused to relay external emails so it does not get used as a spambot.

Posted by
Visitor
Message 11 of 20
19,516 Views

I had the same problem with my Exchange box. I was completely blocked on 3/6 (could not send or receive). After changing my send connector to use 587 (465 would not work) and authenticate using my comcast ID I was then able to send email out. However, I still cannot receive email from the internet. My receive connector in Exchange is open to ports 25, 110, 465, 587 and 995 but still no luck. So this problem is Comcast simply blocking incoming port 25? What about the other ports I mentioned? Does comcast allow these ports back in? Thanks.

Posted by
Visitor
Message 12 of 20
19,351 Views

My email stopped sending also.   Comcast told me port 25 is no lopnger supported.

 

Here is why:   http://customer.comcast.com/help-and-support/internet/email-port-25-no-longer-supported

 

I changed to port 465 using SSL and authentication and everything is good again.

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 13 of 20
19,337 Views

You need to contact Comcast security and get them to have the block taken off for incoming port 25.  You still need to use either 465 or 587 for outgoing mail.  Note: they tell you it is a temporary fix and could reset at any time and you shouldn't be running a server on a residential account - even if not for noncommercial purposes and then pitch a business account.

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 14 of 20
18,722 Views

FWIW, had the same issue, called the number in this thread, and was also able to get it unblocked. Learned a couple of things on the call.

 

I was told that access to port 25 is a feature of Business internet access only. I'm on a residential package, and only use port 25 to send email from a couple of applications that don't allow reconfiguring the port. I don't run a mail server. Given all that, I was granted an exception, but was told that access was being turned back on temporarily, and could dissappear again at any time.

 

 

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congratulations on receiving your first Kudos! Thank you for your meaningful contribution to the forum. May this be the first of many kudos.

Message 15 of 20
17,654 Views
well i can tell you it is not a smooth process. they don't even read the form they made me submit because i clearly said i needed port 25 unblocked. the form however makes you include the ip of the blocked server. they just sent me an email back saying that ip address is not on their block list. i had to re-submit a form explaining the ip is not what is blocked it's use of port 25. hopefully they will actually read the problem description not just look at the ip fields again. personally i think this is stupid and really gives no security because spambots can use any port so your only stopping the stupid ppl who are not the threat. secondly whoever said to use the regular mail port is not too bright either because port 25 is the defined well known port for smtp. i have company over who want to use their mail clients to access their isp or work mail servers from their laptops and cannot because their mailservers use smtp outgoing on port 25. i can handle my own firewall i don't need comcast stepping in to "protect" me.
Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 16 of 20
17,404 Views

I have the same issue when using a third party mail service that is rated secure by the government. My company provides residential triple play premium accounts which include email service, but we cannot use that email address when communicating with some of our customers.

 

The price upgrade to commercial service for all the employee's homes may be prohibitive, but they have promised a temporary unblock of port 25 (which appeared to become blocked with no notice over the weekend). In the mean time I'll see whether my third party will open 465 or 587, but it is sounding like they have invested a lot in locking down 25 and backtracking spam attempts on 25.

 

I don't quite grasp why opening those ports would be a big deal to the third party, but what I am really annoyed about is that I am caught in the middle and have to spend time on this for no value.

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 17 of 20
16,904 Views

Comcast should be hit with a class action lawsuit over this money making scheme.  I think their actions on the port 25 issue is fraudulent 

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 18 of 20
16,667 Views

calling security support at 1-888-565-4329 worked for me. I was told it'll take an hour or so until the port is unblocked.

The rep let me know that I might run into this problem again in the future as 25 is automatically blocked on all residential accounts. I'm assuming buisness accounts don't have the same problem.

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 19 of 20
16,456 Views

I just called the 888 security number, and they basically told me to go pound sand.

 

I told them I was a work from home employee and that I need to be able to recieve email on TCP/25.  I told them that I did not need to SEND on 25, just receive.  They told me that I *HAVE* to upgrade to business class to use TCP/25.

 

That's an increase of $20 a month for less bandwdith.....

 

 

Highlighted
Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 20 of 20
15,726 Views

Using this thread and many other's I've finally solved the problem for my Dell 3115cn MFP to "scan to email".

 

Issue 1: Comcast shut down port 25 for residential broadband subscribers

Issue 2: the Dell MFP does not have the facility to change to secure email ports.  Only 25 and 5000-65355

 

Partial solution:  Call comcast as stated above - they will provide an exception but do not guarantee how long the exception will last as they automate the closing of port 25 on some undefined audit basis.

 

Real solution:  I'll be the first to admit that not everyone can do this BUT, if you've got an internal windows server or other free SMTP server software you CAN do this.

 

  1. Configure your SMTP server this way.  I use a windows server internally.  The same configs will apply to free SMTP servers though
    1. http://fmuntean.wordpress.com/2008/10/26/how-to-configure-iis-smtp-server-to-forward-emails-using-a-...
      • Remove default relay restricton
      • Go to Outbound Security Tab and click the basic authentication radio button
        • Add your gmail or comcast account and password
      • Check the TLS encryption box
      • Go to Outbound Connections Tab and change the port to 587 (from the default 25)
      • Go to the Advanced Tab and put in your "smart host".  In my case it was smtp.gmail.com
        • Note you don't have to change the FQDN (which in Windows is the host you're configuring for SMTP)
  2. Configure your MFP to use your new internal server you just created above.
    • In my case, on the Dell 3115cn, the following fields were configured:
      • Primary SMTP Gateway:  10.10.10.200 (this is the internal SMTP server you just configured)
      • SMTP Port #:  25
      • Email Send Authentication:  *Invalid (I did not require internal authentication on the internal SMTP server so none is required here)
      • SMTP Login User:  An internal domain account (you probably don't need this, but I didn't test otherwise)
      • SMTP Password: password for SMTP login user (again, you probably don't need this)
      • Reply address:  mygmailaccount@gmail.com

I tested this and it worked FIRST SHOT!

 

This will allow you to bypass the ridiculous code restriction on the MFP Dell's that will not allow port anything other than port 25 outbound.

 

My wife is thrilled that scan to email works again!