Helpful Links

SMTP outbound blocked

Teacher

SMTP outbound blocked

Got U-Verse + Internet.  Specifically asked if it was ok to run my own e-mail server (sendmail: personal use, personal domain, no hosted, no relay).  Was assured it was fine to do so, and that AT&T would setup my DNS PTR record for my static IPs.

 

Had to call in to remove the block on outbound SMTP (tcp 25).  They removed it, no problems for months.

 

Recently lost connectivity all day, think nov 2nd.  Outbound SMTP has been blocked again since.  Obviously an AT&T network problem.  "telnet <remote MX> 25" times out.  tcptraceroute dies at the AT&T 2wire router.  Remote mailservers never see any traffic from me when doing a packet capture on them.  My own equipment has been testing without any firewall at all beyond the at&t provided 2wire modem/router.

 

Uverse tech support level 2 tells me that outbound SMTP is not blocked, and that I should call Connect Tech.

Connect Tech tells me that it's an obvious network problem and I should call DSL tech support.

They refer me back to connect tech, who refers me back to tech support.  Over and over... all darn day.

 

What can I do?  I can't get anyone to escalate this issue to anyone that even knows what "SMTP" is.  I've had people try to walk me through setting up 'the outlook' (*sigh*... I don't even use windows let alone 'the outlook').  I had one tech insist that I *HAD* to use Yahoo webmail and that makes port 25 work.  (Really?)

 

So frustrated.

 

I know my stuff, I'm a high-end Linux and Network guy by trade.

I know AT&T is still blocking SMTP out.  I can't seem to convince anyone of this and just get the constant ping-pong between dsl tech and connectech.

 

There's just GOT to be some way to get this escalated beyond all these low-end call center reps.  Suggestions?  Anyone have a magic phrase that gets you past the connect-tech <--> dsl support loop?

 

40,849 Views
Message 1 of 67
Teacher

Re: SMTP outbound blocked

Some examples...

 

[phil@elkabong ~]$ host -t MX att.net
att.net mail is handled by 5 aln-mailrelay.att.net.
att.net mail is handled by 5 frf-mailrelay.att.net.
att.net mail is handled by 5 scc-mailrelay.att.net.

 

[phil@elkabong ~]$ telnet aln-mailrelay.att.net 25
Trying 12.102.252.75...
telnet: connect to address 12.102.252.75: Connection timed out

 

[phil@elkabong ~]$ telnet frf-mailrelay.att.net 25
Trying 204.127.217.21...
Connected to frf-mailrelay.att.net.
Escape character is '^]'.
220 att.net - Maillennium ESMTP/MULTIBOX frfwmxc15 #488
quit
221 att.net
Connection closed by foreign host.

 

[phil@elkabong ~]$ telnet scc-mailrelay.att.net 25
Trying 204.127.208.75...
telnet: connect to address 204.127.208.75: Connection timed out

 

[phil@elkabong ~]$ telnet smtp.gmail.com 25

Trying 74.125.65.109...
telnet: connect to address 74.125.65.109: Connection timed out

 

[phil@elkabong ~]$ telnet smtp.gmail.com 465
Trying 74.125.65.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

 

[phil@elkabong ~]$ telnet smtp.gmail.com 587
Trying 74.125.65.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 mx.google.com ESMTP z30sm361820yhc.9
quit
221 2.0.0 closing connection z30sm361820yhc.9
Connection closed by foreign host.

 

 

Meanwhile... on another server I have at work...

[phil@abchoth ~]$ telnet smtp.gmail.com 25
Trying 74.125.47.109...
Connected to smtp.gmail.com (74.125.47.109).
Escape character is '^]'.
220 *************************************
quit
221 2.0.0 closing connection v12sm359454ybk.11
Connection closed by foreign host.

 

 

Finally, back on my box behind AT&T again...

[phil@elkabong ~]$ sudo tcptraceroute smtp.gmail.com 25
Selected device wlan0, address 192.168.69.227, port 59322 for outgoing packets
Tracing the path to smtp.gmail.com (74.125.65.109) on TCP port 25 (smtp), 30 hops max
 1  192.168.69.1  4.454 ms  2.284 ms  3.893 ms
 2  192.168.1.254  5.282 ms  3.369 ms  3.212 ms
 3  * * *
 4  * * ..... (and so forth)

 

 

So pretty obvious.  Nothing works on port 25 except that one MX for att.net, frf-mailrelay.att.net.

465 (smtps) and 587 (submission) works just fine on any MX I try.

 

25/SMTP *is* being blocked, and not by me, not by the remote host.  AT&T all the way.

 

 

Message 2 of 67
Expert

Re: SMTP outbound blocked

Click the tab in my signature below that says AT&T Links, and on that signature panel there is a link that says AT&T Social Media Support Team.  This will take you to a page with contact information for David and Matt, who are tier 2 specialists.  Follow the directions there to e-mail them, they will get to the bottom of the problem.

 

Message 3 of 67
Tutor

Re: SMTP outbound blocked

I did had setup exchange mail server in my home for testing and at the time yahoo/att dsl block port 25 so all smtp to send out was block.  also in that time, I had a godaddy DNS account and as part of the services, they gave me SMTP with their ports.  They have couple of ports that it is not 25.  so I re-route the traffic to use the other ports but of course I have to made those change in my exchange server to use those port that goDaddy gave me.

 

Because I also have Yahhoo/att/DSL, now u-verse/yahoo, I did test it under yahoo other smtp port non-25, and that work but didn't like it as much as godaddy.

 

Message 4 of 67
Teacher

Re: SMTP outbound blocked

Thanks, wish me luck.

 

Message 5 of 67
Teacher

Re: SMTP outbound blocked

Matt hooked me up.  Sharp guy.

 

Ended up being a provisioning issue.  He unprovisioned and re-provisioned my account, which fixed it.

 

Thanks a bunch for pointing me at the higher-end guys.  No way I was going to find that info going through the call center.

Message 6 of 67
Tutor

Re: SMTP outbound blocked

Hey, glad you got it sorted for you personally.  However, I think it's common practice for ISP's to block outbound connections on port 25.   They use it to prevent spammers from using their network to send spam via mail relays outside their network.  Can you blame them, really?  Nobody in the Internet biz wants spammers using their bandwidth and jeopardizing the global reputation of their IP blocks.

 

If you're a networking guy you should easily be able to have your MTA listen on another port (say, 26) that isn't commonly known/used by spammers and likely won't be blocked by your ISP. 

 

 

Message 7 of 67
Expert

Re: SMTP outbound blocked

 


fcsnc wrote:

 

If you're a networking guy you should easily be able to have your MTA listen on another port (say, 26) that isn't commonly known/used by spammers and likely won't be blocked by your ISP. 


 

How is your MTA that is listening on port 26 going to receive any mail when all the other MTAs on the Internet are attempting to deliver mail on port 25?

 

How is your MTA going to deliver any outbound mail on port 26 when all the other MTAs on the Internet are listening on port 25?

 

Sorry, doesn't work.

 

Message 8 of 67
Teacher

Re: SMTP outbound blocked

Ya, that's the thing about protocols.  They're... well.. protocol.

 

Message 9 of 67
Tutor

Re: SMTP outbound blocked


SomeJoe7777 wrote:

 

How is your MTA that is listening on port 26 going to receive any mail when all the other MTAs on the Internet are attempting to deliver mail on port 25?

 

How is your MTA going to deliver any outbound mail on port 26 when all the other MTAs on the Internet are listening on port 25?

 

Sorry, doesn't work.

 


Oh, it works just fine.  I have configured my mail servers to listen on port 25 too, and they do local deliveries 24x7x365-1/4 on port 25.  They also listen on port 26 and (due to the fact that you need to support IMAP, TLS, and other protocols) several other ports as well. 

 

Sorry to disabuse you of your impression ... but yes, it works.  And I've been using port 26 from within an AT&T network (as well as from within other firewalls / ISPs) for years.

 

Message 10 of 67
Tutor

Re: SMTP outbound blocked

I might add that, due to the way they use port 25, my mail servers are not open relays.  In other words, they won't send email originating from an IP outside the range of local domains (my networks) and addressed to the same or other domains also outside my networks.   To do otherwise is just to invite and facilitate the spread of unsolicited email.  I guess that's probably why 85% or more of all email is spam.

 

My mail servers do what they are supposed to do ... accept delivery of messages addressed to domains they host, and relay only messages that are outgoing from the domains they host.

 

Message 11 of 67
Teacher

Re: SMTP outbound blocked

Hah...

 

Sure, you can have your mailserver bind to whatever port(s) you'd like.  But it does no good.

 

Port 25 is what all mailservers use to communicate across the 'net.  Listening on port 26 does you no good as no one else is going to send you mail by that port.  Sending mail out port 26 won't get get anywhere, because no one else listens/sends on 26.  26 isn't even assigned to a protocol per IANA.

 

So if port 25 outbound is blocked by my ISP, my mailserver (which is my MTA/MX) can not send mail to the rest of the world.  Sending or listening on port 26 does no good because no one else uses it.  Your mailserver works because... wait for it... you're using port 25.  Same as mine... and everyone else's.

 

 

Now sure, if I was using some other MX/MTA as a smart host  to relay all my mail off, and I had control of that server too, I could configure it and my mailserver to talk to each other along non-standard ports.  But I don't need to, nor would I really want to unless I didn't have control of my PTR record or something.  In THAT case, I'd use a standard SMTP TLS port like 465 or 587 and secure that communication.

Regardless, that upstream MX/MTA relay would still need to be able to send/receive on port 25 itself, so it could talk to the rest of the world's mailservers.

 

Does that "It won't work" post make more sense now?

 

See... I couldn't send mail out because of the 25 block... sending out 26 (or any other non-SMTP port) wouldn't work, and by standard MXs don't communicate to each other across the Interenet over TLS.  That's what we mean by "it won't work."

 

 

Message 12 of 67
Expert

Re: SMTP outbound blocked

alt_phil is completely correct.

 

Your mail server might be listening on port 26, but it hasn't received any mail there.  Ever.

 

IMAP uses port 143, TLS is generally paired with ports 465 or 587 like phil said.

 

Sorry, but you're not going to be able to come into this forum and flash around a few abbreviations and port numbers and be able to convince anyone that you're doing something which is not possible.  Plenty of people in here are very familiar with networks and TCP/IP and will call you on that.

 

Message 13 of 67
Contributor

Re: SMTP outbound blocked

Did you have to pay a $29 fee to unblock port 25?

Message 14 of 67
Expert

Re: SMTP outbound blocked

 


Yrautcnas wrote:

Did you have to pay a $29 fee to unblock port 25?


 

There is no fee for AT&T to unblock the port.  If you get a technician on the phone who wants to punt you to ConnectTech, hang up, call back, and get a different technician.  They will say that when they don't know what you're talking about.

 

Message 15 of 67
You must type a description before you click preview or reply.
Share this topic
Announcements

Welcome to the internet boards! Check out our troubleshooting articles below and don’t forget to search the forums - your question may have been answered already!

Service acting up? Click here to troubleshoot now!

For DSL related issues. We highly recommend chatting with our teams to address this as quickly as possible.

Additional Support