Rob Stampfli wrote:
>> >>> Comcast has been blocking port 80 (HTTP) for a while now, and they've
>>> recently started blocking port 25 (SMTP) as well. IMNSHO, it's only a
>>> matter of time before they start blocking all syn packets and charging
>>> extra for ANY incoming connection, but for now you can do it with some
>>> workarounds.
>> With cable's relatively limited upload speed, I can readily understand
>> blocking inbound port 80, where the traffic distribution is highly
>> skewed towards outbound packets. But why inbound port 25? It can't
>> be to prevent spam from infected PCs since they don't use it. Inbound
>> port 25 can only be used to receive mail and one could argue that
>> whether you receive your mail via SMTP (port 25), or POP or IMAP or
>> otherwise, the bits have to eventually flow in one way or another.
>> So, why block port 25? The only answer I can come up with is "just >> for spite".
> I suspect it's *outbound* port 25 that is blocked, to prevent zombie
> machines and active spammers from using their own SMTP servers to send
> email directly to their victims' ISPs' MTAs. Many ISPs block outbound
> port 25, requiring most users to go through the ISP's SMTP server to
> send email, which can have limits imposed in an effort to deter spam.
> It could also be a block of inbound port 25, to prevent zombie
> machines from acting as open relay SMTP servers, but if outbound port
> 25 is blocked, those zombies couldn't send the mail that is sent to
> them for relaying, so there is no need to block inbound port 25.
Unfortunately, that is *NOT* true.
Spammer use of "asymmetric routing" has shown there _is_ a need for blocking inbound port 25, as well.
> For that matter, the whole concept of "no servers" has always seemed
>> flawed to me: Technically, sshd and telnetd are servers. Does Comcast
>> really desire to have a policy of preventing one from contacting a
>> home machine when they are travelling?
I can't speak for Comcast specifically, but (at least some) other providers with a 'no servers rule' *do* intend that, as well as prohibiting the 'bandwidth hogging' uses like a music download service..