why Comcast blocks my Home router ports 465 & 587?
I can not send mail.
If i use free wifi outside my mail works both ways.
If i am at home only incomming mail works.
if i use command at home:
openssl s_client -showcerts -connect smtp.comcast.net:465
it shows message:
421 resomta-ch2-07v.sys.comcast.net resomta-ch2-07v.sys.comcast.net CSI IP xxx.xxx.xxx.xxx is not permitted to send messages. Please contact support if you feel this is in error.
The same command from outside gives "220-smtp.comcast.net" message.
@d.l wrote: ... CSI IP xxx.xxx.xxx.xxx is not permitted to send messages. ...
CSI in the error message means the listed IP has been flagged by Cloudmark Sender Intelligence, an IP reputation service, as not trustworthy, typically because the IP has been associated with spam or some other form of abuse. Please see https://forums.xfinity.com/t5/Email-Web-Browsing/Can-t-Send-Emails-from-PC-or-Phone-App/m-p/3355422#... for a discussion by employee @ComcastCSAEmail of how Comcast uses CSI.
Are you using a VPN?
@d.l wrote: i am not using VPN. But my router configure as VPN.
Using a VPN to send mail will always be chancey. The best of them are sometimes used to distribute spam and other forms of abuse, which results in the VPN's IPs being blocked for sending mail.
What happens if you turn off the VPN feature?
i am not using VPN. But my router configure as VPN.
You'll have to turn off your VPN in your router in order to send email.
i turned off VPN option on the router yesterday but it did not help.
i went to
and submitted form to reset email traffic statistic. here is the answer:
Warning: The submitted IP (xxx.xxx.xxx.xxx) appears to be dynamic
The DNS pointer record for this IP (xxxxxxx.xxxxxxx.fios.verizon.net.) appears to be dynamic. Cloudmark will not remediate dynamic IP addresses.
If you have a static IP address with generic rDNS, you may wish to talk to your service provider to see if they will assign you rDNS that more clearly identifies you as responsible for the IP address.
If you're sending mail from a dynamic IP address (as will usually be the case with consumer-level broadband and dialup), you may want to investigate 'smart-hosting' or sending your outbound mail through your ISPs primary outbound mail servers.
Never trusted to free staff. Solution is to buy email service and move from Comcast mail. Setup Comcast smtp outgoing to use new mail smtp service. Then slowly switch all bank accounts to new mail. Upgrade Apple ID, Amazon, Facebook etc. accounts. I am more than 20 yeas Comcust customer and it took all day to switch accounts to new mail. Stil getting junk mail on Comcast account but in couple of month i will cut up Comcast mail forever.