Need help with your equipment?
alt_phil's profile

Teacher

 • 

13 Messages

Tuesday, November 9th, 2010 12:07 AM

SMTP outbound blocked

Got U-Verse + Internet.  Specifically asked if it was ok to run my own e-mail server (sendmail: personal use, personal domain, no hosted, no relay).  Was assured it was fine to do so, and that AT&T would setup my DNS PTR record for my static IPs.

 

Had to call in to remove the block on outbound SMTP (tcp 25).  They removed it, no problems for months.

 

Recently lost connectivity all day, think nov 2nd.  Outbound SMTP has been blocked again since.  Obviously an AT&T network problem.  "telnet 25" times out.  tcptraceroute dies at the AT&T 2wire router.  Remote mailservers never see any traffic from me when doing a packet capture on them.  My own equipment has been testing without any firewall at all beyond the at&t provided 2wire modem/router.

 

Uverse tech support level 2 tells me that outbound SMTP is not blocked, and that I should call Connect Tech.

Connect Tech tells me that it's an obvious network problem and I should call DSL tech support.

They refer me back to connect tech, who refers me back to tech support.  Over and over... all darn day.

 

What can I do?  I can't get anyone to escalate this issue to anyone that even knows what "SMTP" is.  I've had people try to walk me through setting up 'the outlook' (*sigh*... I don't even use windows let alone 'the outlook').  I had one tech insist that I *HAD* to use Yahoo webmail and that makes port 25 work.  (Really?)

 

So frustrated.

 

I know my stuff, I'm a high-end Linux and Network guy by trade.

I know AT&T is still blocking SMTP out.  I can't seem to convince anyone of this and just get the constant ping-pong between dsl tech and connectech.

 

There's just GOT to be some way to get this escalated beyond all these low-end call center reps.  Suggestions?  Anyone have a magic phrase that gets you past the connect-tech <--> dsl support loop?

 

Teacher

 • 

13 Messages

13 years ago

Some examples...

 

[phil@elkabong ~]$ host -t MX att.net
att.net mail is handled by 5 aln-mailrelay.att.net.
att.net mail is handled by 5 frf-mailrelay.att.net.
att.net mail is handled by 5 scc-mailrelay.att.net.

 

[phil@elkabong ~]$ telnet aln-mailrelay.att.net 25
Trying 12.102.252.75...
telnet: connect to address 12.102.252.75: Connection timed out

 

[phil@elkabong ~]$ telnet frf-mailrelay.att.net 25
Trying 204.127.217.21...
Connected to frf-mailrelay.att.net.
Escape character is '^]'.
220 att.net - Maillennium ESMTP/MULTIBOX frfwmxc15 #488
quit
221 att.net
Connection closed by foreign host.

 

[phil@elkabong ~]$ telnet scc-mailrelay.att.net 25
Trying 204.127.208.75...
telnet: connect to address 204.127.208.75: Connection timed out

 

[phil@elkabong ~]$ telnet smtp.gmail.com 25

Trying 74.125.65.109...
telnet: connect to address 74.125.65.109: Connection timed out

 

[phil@elkabong ~]$ telnet smtp.gmail.com 465
Trying 74.125.65.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

 

[phil@elkabong ~]$ telnet smtp.gmail.com 587
Trying 74.125.65.109...
Connected to smtp.gmail.com.
Escape character is '^]'.
220 mx.google.com ESMTP z30sm361820yhc.9
quit
221 2.0.0 closing connection z30sm361820yhc.9
Connection closed by foreign host.

 

 

Meanwhile... on another server I have at work...

[phil@abchoth ~]$ telnet smtp.gmail.com 25
Trying 74.125.47.109...
Connected to smtp.gmail.com (74.125.47.109).
Escape character is '^]'.
220 *************************************
quit
221 2.0.0 closing connection v12sm359454ybk.11
Connection closed by foreign host.

 

 

Finally, back on my box behind AT&T again...

[phil@elkabong ~]$ sudo tcptraceroute smtp.gmail.com 25
Selected device wlan0, address 192.168.69.227, port 59322 for outgoing packets
Tracing the path to smtp.gmail.com (74.125.65.109) on TCP port 25 (smtp), 30 hops max
 1  192.168.69.1  4.454 ms  2.284 ms  3.893 ms
 2  192.168.1.254  5.282 ms  3.369 ms  3.212 ms
 3  * * *
 4  * * ..... (and so forth)

 

 

So pretty obvious.  Nothing works on port 25 except that one MX for att.net, frf-mailrelay.att.net.

465 (smtps) and 587 (submission) works just fine on any MX I try.

 

25/SMTP *is* being blocked, and not by me, not by the remote host.  AT&T all the way.

 

 

Expert

 • 

9.4K Messages

13 years ago

Click the tab in my signature below that says AT&T Links, and on that signature panel there is a link that says AT&T Social Media Support Team.  This will take you to a page with contact information for David and Matt, who are tier 2 specialists.  Follow the directions there to e-mail them, they will get to the bottom of the problem.

 

Tutor

 • 

6 Messages

13 years ago

I did had setup exchange mail server in my home for testing and at the time yahoo/att dsl block port 25 so all smtp to send out was block.  also in that time, I had a godaddy DNS account and as part of the services, they gave me SMTP with their ports.  They have couple of ports that it is not 25.  so I re-route the traffic to use the other ports but of course I have to made those change in my exchange server to use those port that goDaddy gave me.

 

Because I also have Yahhoo/att/DSL, now u-verse/yahoo, I did test it under yahoo other smtp port non-25, and that work but didn't like it as much as godaddy.

 

Teacher

 • 

13 Messages

13 years ago

Thanks, wish me luck.

 

Teacher

 • 

13 Messages

13 years ago

Matt hooked me up.  Sharp guy.

 

Ended up being a provisioning issue.  He unprovisioned and re-provisioned my account, which fixed it.

 

Thanks a bunch for pointing me at the higher-end guys.  No way I was going to find that info going through the call center.

Tutor

 • 

10 Messages

13 years ago

Hey, glad you got it sorted for you personally.  However, I think it's common practice for ISP's to block outbound connections on port 25.   They use it to prevent spammers from using their network to send spam via mail relays outside their network.  Can you blame them, really?  Nobody in the Internet biz wants spammers using their bandwidth and jeopardizing the global reputation of their IP blocks.

 

If you're a networking guy you should easily be able to have your MTA listen on another port (say, 26) that isn't commonly known/used by spammers and likely won't be blocked by your ISP. 

 

 

Expert

 • 

9.4K Messages

13 years ago

 


@fcsnc wrote:

 

If you're a networking guy you should easily be able to have your MTA listen on another port (say, 26) that isn't commonly known/used by spammers and likely won't be blocked by your ISP. 


 

How is your MTA that is listening on port 26 going to receive any mail when all the other MTAs on the Internet are attempting to deliver mail on port 25?

 

How is your MTA going to deliver any outbound mail on port 26 when all the other MTAs on the Internet are listening on port 25?

 

Sorry, doesn't work.

 

Teacher

 • 

13 Messages

13 years ago

Ya, that's the thing about protocols.  They're... well.. protocol.

 

Tutor

 • 

10 Messages

13 years ago


@SomeJoe7777 wrote:

 

How is your MTA that is listening on port 26 going to receive any mail when all the other MTAs on the Internet are attempting to deliver mail on port 25?

 

How is your MTA going to deliver any outbound mail on port 26 when all the other MTAs on the Internet are listening on port 25?

 

Sorry, doesn't work.

 


Oh, it works just fine.  I have configured my mail servers to listen on port 25 too, and they do local deliveries 24x7x365-1/4 on port 25.  They also listen on port 26 and (due to the fact that you need to support IMAP, TLS, and other protocols) several other ports as well. 

 

Sorry to disabuse you of your impression ... but yes, it works.  And I've been using port 26 from within an AT&T network (as well as from within other firewalls / ISPs) for years.

 

Tutor

 • 

10 Messages

13 years ago

I might add that, due to the way they use port 25, my mail servers are not open relays.  In other words, they won't send email originating from an IP outside the range of local domains (my networks) and addressed to the same or other domains also outside my networks.   To do otherwise is just to invite and facilitate the spread of unsolicited email.  I guess that's probably why 85% or more of all email is spam.

 

My mail servers do what they are supposed to do ... accept delivery of messages addressed to domains they host, and relay only messages that are outgoing from the domains they host.

 

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.