New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Most providers have email ports open by default
Hello,
I'm planning to build a mail server primarily for receiving mail.
So I started looking in my quite big collection for a reliable vps with the necessary ports open.
And I was quite surprised to see that in fact 90% of them have all email ports open by default.
And that's good, not a criticism. I'm all for net neutrality.
I'm just surprised that this is the case, seeing the mention that you need to make a request to open these ports in most offer threads.
So much the better if there's no abuse, but this contradicts everything I've read.
Am I lucky or are you seeing the same thing on your VPSes ?
Thanked by 1navneetkk
Comments
Open default mail ports indicate that provider either does not care or is incompetent. All big gamers has control over their network and ports. It is granular and very strict.
Sorry but it isn't about net neutrality
How would you even curb spammers even if you require ticket to open the port?
I’ve always assumed that if port 25 is open then it’s probably limited anyway, unless specified otherwise. I.e if I sent like 200 emails per hour without asking customer service or it being allowed in the t&c then I’d expect to have my account suspended pretty quickly.
Sorry but disagree
There is a connection! Today, hosting your own mail server and getting your emails accepted by major providers is just as complicated as ever. Even the most dedicated individuals often end up relying on the big email services.
By making it harder for people to run their own mail servers (by justifying the need to send mails for example... that's basic need), which goes against the principle of net neutrality and the idea of a decentralized, open internet.
But I'm not saying there's a simple solution, given the abuse and complexity of cleaning up ips blocks.
Well, maybe there is, since 90% of my servers have open ports
So 90% of the hosts here are incompetent
Edit: @tentor blocks port 25
I understand what you try to express, but net neutrality is established term and covers bandwidth pricing aspect: https://en.m.wikipedia.org/wiki/Net_neutrality
Well you're right
I'm not native english speaker so I don't know what to call it but the idea I want to express is that the Internet today is becoming more commercial and increasingly locked down.
Arguably, big ESP make it harder for you to self host your own outgoing email server due to their spam filters and such, not providers who opt to screen customers or limit exposure of 25/tcp to limit possible abuse flow (second option is actually what Skhron does - I ask the customer to make some good commitment to filter out obvious spammers while not causing legitimate customer any problem)
I’m not sure most hosting companies do much monitoring because that’s much more complicated but blocking port 25 by default is definitely much simpler.
I’m not about to try spamming myself just to see if I get blocked
Or/and does not care.
Yes but spam filters sometimes based on block ip / asn reputation
But I get your point protecting reputation is definitely a step in the right direction.
As a customer, I find it hard to justify why I would need to send emails I mean that's basic requirement. I imagine it’s less about the content of the request itself and more about triggering a manual review of the customer account to prevent fraud and abuse
Times when DNSBL were the only spam decision makers are long gone
I am pretty sure @jar can confirm my claim
This does not apply to Skhron for example, despite you attributed it to 10% of wrongdoers (incorrect term? please correct me). My intention (and I believe I am not the only one here) is to prevent obvious spammers access to cheap services and abusing them for spam (even for the shortest moment) while not asking ridiculously long questionnaires or making the service expensive for anyone. If one needs 25/tcp (few actually ask for it), if the service is cheaper than €20, Skhron asks customer to spen that amount of money (deficit from already paid sum) per unblocked IPv4. For some services it can be as long as one year prepaid.
I think it doesn't interfere with potential customer ability to self host their email server.
Well, if that’s a case, then there a few people on here looking for new stuff to make and are capable so possibly someone can get on that and make some monitoring software that anyone can use.
I remember on LES there’s a provider (I think drserver) who had some sort of beta software they were trying to test to monitor the network for their dedis. I don’t know if it monitored port 25 or if I even trust it, but to be honest I find it hard to believe there isn’t stuff already out there. I was surprised they were making it like it’s a new thing not been made before, as if there’s not already an open source project, especially considering the fines you can get for spam.
It's been my experience, if port 25 is blocked, it means outgoing port 25 is blocked. Incoming is still OK. So if you just need it for incoming mail, it will probably be fine (though you could confirm, to be sure).
I also run my own mail servers, but just use it for incoming mail these days.
Years ago, I had a flood of email to myself get transferred between slave and master MX, and apparently it triggered something, because I got an email from the provider about it. I explained what had happened, and it was OK. But still, I use an alternate port for MX transfers since then, too.
My intention was not to throw you under the bus.
I’m pretty sure I already made a positive review of your services and I’m still a customer.
I just meant that opening the default ports works perfectly for me since I’m a well intentioned user.
I’m not a provider, so do whatever works best for you and your network.
I was just surprised by this observation because some providers who say they block ports actually don’t , that’s all.
I tested all servers for outgoing traffic.
But yes, I’m not surprised that some providers closely monitor traffic on certain ports.
However, I doubt that most small providers have such measures in place.
But i may be wrong
Yeah beyond spamhaus most of them have worn out their welcome in most places at this point.
Salut @remy & @tentor
Difficult is to find a white clean IP nowadays. It's the first thing to check !
It's a pity now blocklist/dnsbl most often sell removal & whitelisting, even for well known big spammers/phishers.
It was a time i did it, use dnsbl, filter, reject, aso, on Kerio/Exim/Postfix/... This is no more funny.
Otherwise exist diverse MX routing services, good to not assume charge on cpu.
Actually most don’t care. They’ll just ban you for abuse and keep your money. It’s like a bank giving mortgages to the poor.
Welcome to LowEndTalk. Where provides Deadpool and it’s not cool.
Sorry, but I don't see where that Wikipedia article supports your claim. I am actually seeing:
Also check out what the EU thinks what net neutrality means: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=LEGISSUM:open_internet_and_net_neutrality
I guess EU-based ISPs could argue about "network integrity" when blocking SMTP
So? And it covers a whole lot of other stuff as well (like outright blocking of services - which you seemed to argue it doesn't cover). So not sure what you were trying to say then.
Can you point where it says so? I see only content being blocked due to financial reasons, nothing about preventing an access to 25/tcp port to upload your email somewhere.
Right in the paragraph I quoted earlier (highlighting the most relevant parts):
I guess the more common example here would be providers offering telephone services trying to block VoIP traffic.
I hope you don't expect a general definition to list every specific protocol/application it might apply to.
We block port 25 upon receiving multiple abuse reports & no client action.
It's open by default.
@cmeerw, relying on someone summing up things for you will never lead you anywhere good. Being stubborn or ignorant isn't making it good for you either. Let's read the first few paragraphs of the Introduction section of this paper mentioned by Wikipedia (which you seem tk entirely disregard and pinpoint only specific words that you liked).
VERY important remark you skipped: this entire "net neutrality" thing discusses BROADBAND and CONTENT providers ONLY!!!
Not convinced? Let's deep further, see "Table 1: Network Management Practices" from the same paper. Attached below as an image:
You can clearly see here "throttling or blocking certain protocols". Examples being VOIP and P2P traffic. They are known to consume significant amounts of bandwidth and thus broadband ISPs used to (and some still do) block/throttle them to SAVE ON BANDWIDTH.
Furthermore, HOW 25/TCP port contributes to YOUR inability to send emails? If you use gmail you SEND emails using 465/tcp or 587/tcp and if you receive it you use 110/tcp or 993/tcp or you use even use webmail for that purpose.
SMTP AT 25/TCP IS NOT FOR BROADBAND IT IS FOR SERVERS HANDLING MAIL TRANSFER AGENT JOB and that is OUT OF SCOPE of net neutrality you consider as applicable to EVERY network (while in fact it is NOT)
Still not convinced? Nothing will convince you if same words are for some reason means something else than it is for others.
The ticket means that you have knowledge that they'll be sending email. You can then keep an eye on how many PPS is running OUT of their server vs PPS IN. That will give you a general idea of if they are spamming.
If you then see an abuse complaint AND you have that PPS traffic as evidence, you can ban them without a care in the world of them making issues for you - sleeping well - knowing you were in the right.
However - if you just leave it open and don't at all block 25 out, you probably don't even know who's running a mailserver and you cannot know what that outbound PPS is, could be their syncing their prn collection to their home. LOL
Not that I advocate for or against blocking - just clearing up the mentality behind the whole "submit a ticket to open it" idea. (okay okay - personally I think its pretty dumb)
And what makes that particular paper authoritative on the topic? You claimed that it is a single, well-defined term, and I pointed out that there are other views/definitions. But as you resort to personal attacks, end of discussion here.