Can I get port 25 unblocked again?

You didn't say what the end goal was, but if it was just having a functional local mail server that can receive mail for a domain, queue external mail as a backup MX, then send it when the primary is down, or maybe even send/queue local mail from old devices without TLS/SSL capability, there's another option rather than dealing with a port 25 block every time your IP address changes, or when Xfinity works on the local infrastructure.  

For around $10/year, you can find an email relay service that will receive mail for a domain on port 25, then redirect mail to you on the external port of your choice.  You don't even need that if the goal was just a local mail queue/send server.  You can configure it to authenticate and send mail to Xfinity's smtp server on port 587 if you don't have your own server hosted somewhere. 

Check out postfix.  You'll need the SASL library for authentication.  You can run it on a single board machine like a raspberry pi nano if you have to. It's well documented and super active.  You'll also avoid issues with external servers spam blocking mail originating from consumer DHCP pools.  Just a suggestion.

I have postfix running on my server.  It does nothing about the port 25 requirement.  I dont want to have another server acting as a relay.  

The port 25 issue is not because I am talking to the server on port 25.  It is because all external email servers purely communicate on port 25.  So if I ever want to be able to receive mail from anyone else, I need port 25 open.   When it was unblocked, the block remained down even when my ip changed, so that was not an issue.  I think this came back only because I made a change to my account.

As you point out,   I can not use the server for out going mail (except to gmail interestingly) because all comcast IPs are blocked by atleast 1 blocklist.  But this is something I have easily worked around.  It is the incoming mail issue that I can not.

Really then?

Perhaps look at Postfix options for specifying an upstream mail server.  That's your relay host [mail.upstream.com]:587 

relay_domains =

relay_host =

smtpd_use_tls =

smtp_sasl_auth_enable =

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

Good luck.  Sounds like you may need it.  I was telling you how to avoid port 25 blocks, and down mail every time this happens.

I dont know what to tell you.  Inter server smtp communication is exclusively port 25.  Port 587 is for mail submission from client to server, which is then sent to destination servers on port 25.

The fact that auth and sasl is brought up proves my point that you are confused.  Auth is purely for client to server.  Think about it, how would a clients auth work once the message had left the first server?  The destination server will not know your password for auth to succeed.  

Or a cursory check to anywhere will consistently, without contradiction say the following.  In this case its from wikipedia

Communication between mail servers generally uses the standard TCP port 25 designated for SMTP.

Mail clients however generally don't use this, instead using specific "submission" ports. Mail services generally accept email submission from clients on one of:

    587 (Submission), as formalized in RFC 6409 (previously RFC 2476)

In the case of a relay, the submitting server would be the client.  But again, for the 3rd or 4th time, outgoing mail is not my issue.  It is inbound traffic that is my issue.

Any input from Xfinity would be appreciated.

So just nothing from anyone?    Terrific.

I had thought this was the one part of XFinity's customer service that wasn't absolute garbage, but I see it is just the same.  After factoring in the countless hours I have to waste to get anywhere, I think its cheaper to break my contract and go with another ISP that doesnt require this.  I didnt have a single one of these issues when I was with Wave, and their customer service was actually fairly decent the few times I did need it.

TBH, @user_vj1302, I haven't seen @XfinityCSAEmail or @XfinityGabrielS posting in the last few weeks.  @XfinityAlex has been around, but I see he hasn't hit your thread so far.  Sorry.  😕

Any help from anyone would be tremendously appreciated.  This server listening on port 25 is the top priority for this internet connection right now.  And it is something that really can not continue to wait.

Well I'm sorry, but if it cannot wait then you really don't have much of a choice, do you?

That is true.  Life is too short to deal with terrible customer service, bad products, bush league 'experts' and inept 'problem solvers'.

Consider this issue closed as I am terminating service.

"bush league 'experts' and inept 'problem solvers'?"

Yeah?  Everyone that runs an actual mail server will drop mail from their queues after 3-5 days.  You're losing mail trying to run your little "home brew" spam service from a DHCP pool on a consumer account, that everyone's blocking in the first place, and seem bent out of shape about solutions for it that work. 

Like I say, good look.  Sounds like you need it.