Keep Port 25 Open For Incomming Connections When Switching Plans

You're likely going to have to do that week long request when your IP address changes too.  They're also phasing it out.  Business accounts don't have the block.  For cheap, around $10/year you can get a port redirect service and have your mail server listen on an additional port that isn't blocked.  Your domain register might offer it too.

That way, when you have a local issue or your IP address changes, mail queues up at the redirect service until you change it there or fix a problem and you won't lose mail.  It's up to the sender's mail server how long it will queue undelivered mail or how many times it will retry, but most people don't like stuff stuck in their mailq and try to rid themselves of it. 

why you wouldn't just utilize an external mail server?   Indeed.  Maybe you don't see the issue with your contacts, but most everyone I know running a mail server blocks public DHCP pools on ISPs, and it's part of a lot of company mail servers I've dealt with.  In fact, I don't believe there is any machine on wandoo.fr (an ISP there), that isn't a compromised windows 7 granny machine.

Port 25 block on comcast originated some time ago.  People were blocking literally all of comcast, business accounts with static IP addresses included.  It was the #1 spam source in the USA in fact at one point.  Reputation blocking is still an issue for them on business IP blocks.  It is for other hosting companies too (looking at you funny Colorado Crossing), so pick your hosting wisely.  

If it works for you, it doesn't bother me a bit.  It was just a suggestion. 

I dont use my server for outbound SMTP, since Comcast will not submit requests to blocklists such as DNSBL to get individual IPs removed.  This is another attribute fairly unique to Comcast in my experience. 

ISPs also have abilities to manage spam that is more granular than blanket blocks.  Blocking it for everyone is just the laziest way, and yet the entire IP range is still blocklisted. But I don't even have an issue with the port being blocked by default.  My issue is the dance required to get it unblocked, and the fragility of the configs once in place.

Since most home router firewalls will block port 25 by default, I expect these compromised machines are doing something slightly more intelligent than just listening on 25.  I also wasn't aware that every machine on that ISP was running 4 year EOL operating systems without Windows Defender.  They have larger issues than port 25 being open.  Also, lets give some well earned credit to the botnets of IoT toasters. 

I just want to play with my mail server in peace.

Hi there @user_vj1302!  Thanks so much for taking the time to reach out to Xfinity Support here on our Community Forum.  We are so glad to hear from you and happy to help in any way that we can to get things taken care of for you.  So that we can work to get things squared away, please feel free to shoot us a private message and we van get started.  

To send a "direct message" / "private message" message to Xfinity Support:

 • Click "Sign In" if necessary

 • Click the "Direct Message" icon or https://forums.xfinity.com/direct-messaging 

 • Click the "New message" (pencil and paper) icon

 • The "To:" line prompts you to "Type the name of a person". Instead, type "Xfinity Support" there

 •  - As you are typing a drop-down list appears. Select "Xfinity Support" from that list

 •  - An "Xfinity Support" graphic replaces the "To:" line

 • Type your message in the text area near the bottom of the window

 • Press Enter to send it