Prodigy Infinitum, SMTP through port 25, botnets and such

dsl.jpgAfter pulling my hair for a couple of days I just realized that my DSL provider is blocking all outgoing connections to port 25 with an ICMP Unreachable packet, which translates as a totally bogus “no route to host” message (An ICMP RST would be more kosher, BTW). The only explanation that comes to my mind is that Telmex has finally realized that it has become one of the largest botnet hosts in the world and decided to do something about it. This is a terrible inconvenience for me, because I run a backup MX at my home office and all the email I write while I’m at home is relayed through it. And now it believes that it has been cut out from the Internet, and is suffering from Internet withdrawal syndrome. Oh, and all attempts to use an external relay -like my primary MTA or the office’s- through port 25 fail as well, so I have had to set up an elaborate workaround *just to send email*.
*Argh!* I hate to pay up for those ignorant Windows home users.
Add to that the fact that i get 800KBps tops in a 2GBps line, and recurrent reports of arbitrary bandwidth capping and Infinitum stops looking like a good alternative for home broadband. I’ll have to look for a cost-effective alternative, but after experiencing 20MBps/20EUR in Europe I’m afraid that I’ve been spoiled for life.
In the meantime, if you were expecting a mail from me in the last five days or so, I’m sorry to say that it is either on its way or lost forever.
Anyway… Merry Christmas!
Update 20080104: AJ Gibson points out in a comment that Telmex is willing to remove the block from your account if you are willing to jump through a few hoops. Just go to http://www.telmex.com/mx/asistencia/correoelectronico/faq_puerto_25.html and follow the instructions there. I registered yesterday and today I can connect back to external SMTP servers again. As mentioned in the comments, YMMV.

28 thoughts on “Prodigy Infinitum, SMTP through port 25, botnets and such”

  1. I tried port 26 with my Email provider and it worked, f*** Telmex & Prodigy

  2. I have tried 26 and several others. Is there a location in which the available ports are posted?
    Absolutely amazing!!!

  3. And I thought it was only me going mad! I run my own mail server too and many of my customers send mail through it with SMTP…. all of a sudden it stopped working!

    I spoke to Telmex support today and they told me that hackers had attacked Banamex’s network (!?!?!) using port 25 so from Dec 22 they started blocking all Infinitum connections from using port 25. I’m no expert on networks, but I don’t get this, surely that would be an issue for Banamex’s own security and the rest of Telmex’s customers shouldn’t suffer…?

    I do understand however that Telmex’s systems have been way too insecure for a long time and that my ISP in Europe blocked access via third party SMTP servers long ago, so I agree with Javier there.

    If I understand correctly (I’m a web marketeer not really a techie) I need to reconfigure my mail server to accept connections on another port and then reconfigure everyone’s Outlook to use that port instead of 25… does that sound right? If anyone can point me in the direction of advice how to do this I’d much appreciate it. I have a Godaddy virtual dedicated Linux server with root access…

    Thank goodness webmail still works…!

    Ian

  4. They fucked me also. Well you mai go out using other server i.e. gmail (In my case i was using my ITESM Tec MOnterrey Account)

  5. Hi Gerardo

    I think if I use another SMTP server I still have the same problem, it won’t accept a port 25 connection. I need to use a server that accepts an SMTP connection on other ports, Godaddy (smtpout.secureserver.net) is my favourite at the moment. It’s still going to mean a change in MX records though which causes a nasty migration black-hole of anywhere up to 48 hrs. Great.

    Or I risk reconfiguring my own server to accept SMTP on another port but I’m not sure I have the huevos to try that.

    I think using a trustable third party server is the best option as in the future it may help prevent my users email being picked up as spam for other reasons too…

    What fun, thanks Telmex for making my holidays so special.

    Ian

  6. I’ve had the same trouble – I’m in Playa del Carmen, Mexico. After no longer being able to use my own SMTP server, Telmex told me to use prodigy.net.mx as the SMTP server (NOT smtp.prodigy.net.mx)and use 587 as the port. That still didn’t work, because they said there’s a “problem” in my area that would be fixed by the end of the day. That was 2 days ago, and the problem is still not fixed. Arghhh!!!

  7. I stumbled across this thread when googling the same problem you’re talking about. I’ve since fixed the problem, and thought I’d pass along my solution. On the Telmex web site I found a link to disable the new port 25 protection. It work and my problem appears to be fixed.

  8. Since some time ago I used to send mail only thru hotmail (you have to pay an about 10 US dollar yearly fee), I receive from all my different domain’s accounts on my Outlook or Incredimail, but is faster and easier send mail using hotmail.
    Some clients asked for help so I be aware of this problem, my hosting provider as temporary solution, make available port 26 instead of port 25, and outgoing of email is fine.
    I ask Telmex to activate port 25 (at the link showed by AJ Gibson) and received confirmation, but still don’t working, I reported to Telmex and says “they are doing maintenance on my area” (sounds familiar when they don’t know wath’s happening?).

  9. I was referred to this topic by a customer of ours. I’m a sysadmin for a web-hosting company.

    Most ISP’s these days, especially in the states, will block all outgoing traffic on port 25. This is usually done as an anti-spam measure. Most providers will have an alternate port setup for their customers to be able to still use the smtp server. The alternate port is usually the mail admins choice, it’s not standardized (if it were, the ISP’s would just block it as well).

    For those of you running your own mail server on your internet connection, you’re pretty much screwed. Even if you configure an alternate port to allow outside clients to send mail to your server, if your server is not the final destination (ie, you have a client sending to a gmail address through your server) then the port 25 blocking will still nail you, because when it tries to relay the mail, it has to do it on port 25 because there’s no way to determine if the final destination mail server has an alternate port open, and if so, what it is (well, ok, there is, but it would take some major hacking and it would absolutely crush a mail server with anything more than a bare minimum volume… not to mention the remote mail servers would probably view it as an attack, since you’d basically have to portscan the destination host and then determine which of the open ports, if any, accept SMTP commands).

    The only real way around it in that case is to find an outside mail server that will accept a connection from an alternate port and relay mail for you and then forward all your mail through that server. I ended up purchasing a small dedicated server with a company and then setting my email server up on that. If your ISP will disable the port 25 blocking at your request, you’re lucky, because most will simply tell you ‘no’.

  10. I think I read somewhere that you can ask for this “protection” to be disabled for your prodigy account/connection.

    I’m not sure, but I provide web hosting and mail services for clients (I don’t run them on a prodigy connection) but since most of my customers do have prodigy connections, they were being affected anyway.

    My mail servers do have an alternate port configuration, but I’m still going to find out if Telmex will really remove the port 25 block if you ask for it.

  11. Gabriel, they do (Telmex), but only for your SMTP.PRODIGY.NET o whatever PRODIGY communication, to other domains doesn’t work, the real solution for other domains is to ask to your hosting provider to change to another port, like 26, and tell your clients use that port.

  12. Javier,

    Estas instrucciones son peligrosas en manos de administradores sin experiencia. Es correcto que al cambiar el puerto del 25 al 26 sobrepasas los filtros de Telmex, pero tambien vas a impedir que tu servidor de correo reciba correos de otros dominios!! Por favor pon algo aclarando esto mismo por que ya van varios admins que caen :)

    La unica opcion que queda es utilizar SSL, en el puerto 465. Asi lo tengo y funciona de maravilla.

  13. I have the same problem, but I never receive an email about this until I have the problem, so took me a few hours to research and find this solution
    “https://www.beneficios.telmex.com/puerto25Prod/iniciaPuerto25Internet.do”

  14. no mamen hablen espanol pinches pendejos que se creen? gringos? pobres pendejos aceptence como son que es eso de andar hablando ingles si todos aqui son bien mexas

  15. What???

    Sorry, I don’t understand

    Speak English please!

    I think this post is great !

    Regards.

  16. Hola a todos… Googling un rato encontré este site y sus propuestas me parecen muy interesantes. Yo tengo configurado un servidor de correo con Apache James… El servidor funciona bien, envía correos y los recibe perfecto… el problema es justamente cuando sitios como hotmail o gmail lo reciben. Ellos me regresan el mensaje debido a que uso una IP dinámica y por lógica, como no cuadra con el dominio que tengo con DynDNS me rebotan el correo al inbox de mi usuario en James. DynDNS me dice que use su serviciode MailHop pero la verdad creo que no tengo porqué pagar por algo que puedo hacer por mi cuenta configurando algunas cuantas cosas. Ya pedí la desabilitación del puerto 25 a Telmex y parece que lo hicieron; sin embargo aún no sé de qué manera puedo enviar mis correos a mi ISP Telmex para que él los envíe al resto del mundo y el resto del mundo los acepte de forma segura.

    Si alguien allá afuera tiene experiencia configurando Apache James sobre dominios con IP dinámica me gustaría conocer su opinión… Gracias y un saludo a todos.

  17. @Aaron…

    El pedo de que los e-mails reboten en hotmail, es que tu servidor falla en la prueba del reverse DNS… el mio tambien, prueba NSLOOKUP mydomino.com y te traera la IP de mydominio.com ahora prueba NSLOOKUP xxx.xxx.xxx.xxx y te debe devolver mydominio.com, pero no, de devuelve dsl-xxx-xxx-xxx-xxx.prod-infinitum.com.mx, crees tu que telmex nos assigne el dominio que tengamos a la direccion IP dinamica que nos assigna??? un IP estatica cuesta entre 1200~3000 morlacos!!! hijosdesupinkfloid!!! ni pex, creo que sale mas barato los mailhops de DYNDNS.com

  18. i’m in mexico, on a Mac, using Entourage. normally i set the outgoing mail server address so that i can send mail. i have tried so many variations of smtp.prodigy.net.mx
    without success. does anyone know the proper address of prodigy? i also changed my port to 26 but nothing seems to work.
    thanks!
    mad

  19. I have a little problem with the configuration, it just stop working, i recive the msgs on the server, but not on my computer the tech support changed the ports and try multiple configurations, they said that it was a antivirus problem, and its inactive!
    Anyone know what can i do?

    TNX!

  20. es correcto lo que dice Miguel . FUNCIONA DE MARAVILLA POR SSL 465

    # Miguel Fernandez Says:
    January 31st, 2008 at 7:13

    Javier,

    Estas instrucciones son peligrosas en manos de administradores sin experiencia. Es correcto que al cambiar el puerto del 25 al 26 sobrepasas los filtros de Telmex, pero tambien vas a impedir que tu servidor de correo reciba correos de otros dominios!! Por favor pon algo aclarando esto mismo por que ya van varios admins que caen :)

    La unica opcion que queda es utilizar SSL, en el puerto 465. Asi lo tengo y funciona de maravilla.

  21. Mmmm
    Javier, creo que esta mal lo que comentas
    Por que al cambiar el puerto vas a dejar de recibir emails?

    Primero, tu no estas cambiando nada en el servidor del email, o sea, los emails siguen llegando
    Al cambiar el puerto, de salida smtp, solo estas cambiando el puerto en tu computadora por el cual se envian los emails, recaldo, en tu computadora nada mas, en el servicio del email no estas cambiando nada

    Saludos

  22. 587 worked fine on Infinitum in Zihuatanejo. It also worked fine in Los Angeles recently. I am now in Bangkok and nothing seems to work to send mail. I receive but can not send. Any suggestions? Thank you, Logan PS- As for ro ro’s comments on September 7 go I now better understand why tourism is so far down in Mexico. An attitude like that towards “gringos” says a lot about his country’s third world status. Don’t come to Thailand ro ro. Our attitude towards foreigners who visit us would disturb your sense of envy or predjudice. We welcome foreigners as guests not pests and we certainly don’t refer to them as “pinches pendejos”. Get smart idiot. You live next to the biggest consumer market in the world yet you can’t even speak their language.

Comments are closed.