Prodigy Infinitum, SMTP through port 25, botnets and such
20071226 13:15 by javier
After pulling my hair for a couple of days I just realized that my DSL provider is blocking all outgoing connections to port 25 with an ICMP Unreachable packet, which translates as a totally bogus “no route to host” message (An ICMP RST would be more kosher, BTW). The only explanation that comes to my mind is that Telmex has finally realized that it has become one of the largest botnet hosts in the world and decided to do something about it. This is a terrible inconvenience for me, because I run a backup MX at my home office and all the email I write while I’m at home is relayed through it. And now it believes that it has been cut out from the Internet, and is suffering from Internet withdrawal syndrome. Oh, and all attempts to use an external relay -like my primary MTA or the office’s- through port 25 fail as well, so I have had to set up an elaborate workaround *just to send email*.
*Argh!* I hate to pay up for those ignorant Windows home users.
Add to that the fact that i get 800KBps tops in a 2GBps line, and recurrent reports of arbitrary bandwidth capping and Infinitum stops looking like a good alternative for home broadband. I’ll have to look for a cost-effective alternative, but after experiencing 20MBps/20EUR in Europe I’m afraid that I’ve been spoiled for life.
In the meantime, if you were expecting a mail from me in the last five days or so, I’m sorry to say that it is either on its way or lost forever.
Anyway… Merry Christmas!
Update 20080104: AJ Gibson points out in a comment that Telmex is willing to remove the block from your account if you are willing to jump through a few hoops. Just go to http://www.telmex.com/mx/asistencia/correoelectronico/faq_puerto_25.html and follow the instructions there. I registered yesterday and today I can connect back to external SMTP servers again. As mentioned in the comments, YMMV.
December 26th, 2007 at 15:10
I tried port 26 with my Email provider and it worked, f*** Telmex & Prodigy
December 28th, 2007 at 11:40
I have tried 26 and several others. Is there a location in which the available ports are posted?
Absolutely amazing!!!
December 28th, 2007 at 17:07
And I thought it was only me going mad! I run my own mail server too and many of my customers send mail through it with SMTP…. all of a sudden it stopped working!
I spoke to Telmex support today and they told me that hackers had attacked Banamex’s network (!?!?!) using port 25 so from Dec 22 they started blocking all Infinitum connections from using port 25. I’m no expert on networks, but I don’t get this, surely that would be an issue for Banamex’s own security and the rest of Telmex’s customers shouldn’t suffer…?
I do understand however that Telmex’s systems have been way too insecure for a long time and that my ISP in Europe blocked access via third party SMTP servers long ago, so I agree with Javier there.
If I understand correctly (I’m a web marketeer not really a techie) I need to reconfigure my mail server to accept connections on another port and then reconfigure everyone’s Outlook to use that port instead of 25… does that sound right? If anyone can point me in the direction of advice how to do this I’d much appreciate it. I have a Godaddy virtual dedicated Linux server with root access…
Thank goodness webmail still works…!
Ian
December 28th, 2007 at 21:06
They fucked me also. Well you mai go out using other server i.e. gmail (In my case i was using my ITESM Tec MOnterrey Account)
December 29th, 2007 at 13:52
Hi Gerardo
I think if I use another SMTP server I still have the same problem, it won’t accept a port 25 connection. I need to use a server that accepts an SMTP connection on other ports, Godaddy (smtpout.secureserver.net) is my favourite at the moment. It’s still going to mean a change in MX records though which causes a nasty migration black-hole of anywhere up to 48 hrs. Great.
Or I risk reconfiguring my own server to accept SMTP on another port but I’m not sure I have the huevos to try that.
I think using a trustable third party server is the best option as in the future it may help prevent my users email being picked up as spam for other reasons too…
What fun, thanks Telmex for making my holidays so special.
Ian
December 30th, 2007 at 14:44
I’ve had the same trouble - I’m in Playa del Carmen, Mexico. After no longer being able to use my own SMTP server, Telmex told me to use prodigy.net.mx as the SMTP server (NOT smtp.prodigy.net.mx)and use 587 as the port. That still didn’t work, because they said there’s a “problem” in my area that would be fixed by the end of the day. That was 2 days ago, and the problem is still not fixed. Arghhh!!!
December 30th, 2007 at 15:29
I stumbled across this thread when googling the same problem you’re talking about. I’ve since fixed the problem, and thought I’d pass along my solution. On the Telmex web site I found a link to disable the new port 25 protection. It work and my problem appears to be fixed.
December 30th, 2007 at 15:31
Here’s the link: http://www.telmex.com/mx/asistencia/correoelectronico/faq_puerto_25.html
December 30th, 2007 at 21:29
Since some time ago I used to send mail only thru hotmail (you have to pay an about 10 US dollar yearly fee), I receive from all my different domain’s accounts on my Outlook or Incredimail, but is faster and easier send mail using hotmail.
Some clients asked for help so I be aware of this problem, my hosting provider as temporary solution, make available port 26 instead of port 25, and outgoing of email is fine.
I ask Telmex to activate port 25 (at the link showed by AJ Gibson) and received confirmation, but still don’t working, I reported to Telmex and says “they are doing maintenance on my area” (sounds familiar when they don’t know wath’s happening?).
December 31st, 2007 at 19:59
I was referred to this topic by a customer of ours. I’m a sysadmin for a web-hosting company.
Most ISP’s these days, especially in the states, will block all outgoing traffic on port 25. This is usually done as an anti-spam measure. Most providers will have an alternate port setup for their customers to be able to still use the smtp server. The alternate port is usually the mail admins choice, it’s not standardized (if it were, the ISP’s would just block it as well).
For those of you running your own mail server on your internet connection, you’re pretty much screwed. Even if you configure an alternate port to allow outside clients to send mail to your server, if your server is not the final destination (ie, you have a client sending to a gmail address through your server) then the port 25 blocking will still nail you, because when it tries to relay the mail, it has to do it on port 25 because there’s no way to determine if the final destination mail server has an alternate port open, and if so, what it is (well, ok, there is, but it would take some major hacking and it would absolutely crush a mail server with anything more than a bare minimum volume… not to mention the remote mail servers would probably view it as an attack, since you’d basically have to portscan the destination host and then determine which of the open ports, if any, accept SMTP commands).
The only real way around it in that case is to find an outside mail server that will accept a connection from an alternate port and relay mail for you and then forward all your mail through that server. I ended up purchasing a small dedicated server with a company and then setting my email server up on that. If your ISP will disable the port 25 blocking at your request, you’re lucky, because most will simply tell you ‘no’.
January 1st, 2008 at 0:21
Pinche telmex- idiots.
January 3rd, 2008 at 20:07
I think I read somewhere that you can ask for this “protection” to be disabled for your prodigy account/connection.
I’m not sure, but I provide web hosting and mail services for clients (I don’t run them on a prodigy connection) but since most of my customers do have prodigy connections, they were being affected anyway.
My mail servers do have an alternate port configuration, but I’m still going to find out if Telmex will really remove the port 25 block if you ask for it.
January 5th, 2008 at 22:11
Gabriel, they do (Telmex), but only for your SMTP.PRODIGY.NET o whatever PRODIGY communication, to other domains doesn’t work, the real solution for other domains is to ask to your hosting provider to change to another port, like 26, and tell your clients use that port.
January 31st, 2008 at 7:13
Javier,
Estas instrucciones son peligrosas en manos de administradores sin experiencia. Es correcto que al cambiar el puerto del 25 al 26 sobrepasas los filtros de Telmex, pero tambien vas a impedir que tu servidor de correo reciba correos de otros dominios!! Por favor pon algo aclarando esto mismo por que ya van varios admins que caen :)
La unica opcion que queda es utilizar SSL, en el puerto 465. Asi lo tengo y funciona de maravilla.