UT server behind UVerse

**YeOldeStonecat** · 11-29-2010, 01:12 PM

I'm not sure what the port 25 is thing that the techs are talking about. Your Untangle box is attempting to send an outbound e-mail, so that has nothing to do with inbound ports on your account. The ISPs isolate outbound SMTP at the edge of their bandwidth...they monitor limit outbound SMTP to their own bandwidth.

Most ISPs (including SBC/ATT) have been moving all of their accounts over to new port 587 authentication required outbound servers, having less and less on their legacy servers like smtp.snet.net on port 25 (as those old legacy SMTP servers were easy targets for spammers).

Moving away from port 25 has been going on for quite some time now, anything that is current and important regarding e-mail should support 587....as port 25 is going the way of ISA cards and floppy drives....extinct!

**Zexston** · 11-29-2010, 01:46 PM

This is the first I've heard of about port 587 possibly working, but I will give it a try now that things are working and I have a good baseline to compare to. I just know that ATT Uverse blocks outgoing port 25 which is what I thought UT is hard codded to send email directly.

**sky-knight** · 11-29-2010, 03:36 PM

Port 25 is going nowhere... you can't send mail between mail servers without it. Now proper authentication of the client... that is required. But you still can't enforce authentication on an unsolicited connection... which is the nature of server to server communications using SMTP.

Where this impacts Untangle, is the ability for it to send messages. On residential internet connections, the outgoing access to anything on TCP 25 is usually limited to the ISP's mail servers. This process is also moving into 587, and often carries with it SSL as an option.

If you leave Untangle set to send mail directly, it's trying to connect directly to the target mail server according to the e-mail address it's sending to. This configuration will never work on a residential connection. It will almost always work on a commercial connection.

**YeOldeStonecat** · 11-29-2010, 05:58 PM

Originally Posted by sky-knight

Port 25 is going nowhere... you can't send mail between mail servers without it. Now proper authentication of the client... that is required. But you still can't enforce authentication on an unsolicited connection... which is the nature of server to server communications using SMTP..

We're talking about outbound SMTP here, not the ultimate demise of port 25 overall. Unfortunately, the majority of us rely on connecting to the internet using an ISP. And the ISPs, like it or not, agree with it or not, they are tightening their rules on outbound SMTP. You can thank the spammers for that, it was a reactive, defensive change in tactics on the ISPs part. Many ISPs already do not allow residential accounts to send outbound on port 25 to SMTP servers outside of the ISPs bandwidth. I've seen several players on the east coast play this game since back when SNET was still SNET. One month it may work, but a few months later, you'll find you're blocked. They occasionally slide this "lock down" over to business grade accounts. This here is one of the reasons that many smart hosts and other "mail bastion" and other custom SMTP services run their services on oddball ports, like 2525, or 28, or <pick some port that you've seen before>...to allow people to send to them via ports that can escape the lockdown of their ISP.
The only e-mail related service you might still find using port 25 for outbound SMTP is probably some hole in the wall mom and pop small ISP in a hicktown that runs a 10 year old mail server on Ipswitch iMail.

**sky-knight** · 11-29-2010, 06:15 PM

There aren't any ISP's out here that control commercial lines. They all control residential lines...

Heck my COX service actually advertises NO PORT / PROTOCOL filters on the service fliers.

To get Untangle to send mail on a residential connection you have to connect to the ISP's servers, and use authentication. So take one of the10 mailboxes they give you and dedicate it to Untangle... problem solved.

**hescominsoon** · 11-29-2010, 06:18 PM

HUH?

Comcast has dedicated commercial Ethernet and fiber. Verizon is one of the largest backbone providers in the world. Level 3 is heavily into commercial Internet access. The list goes on and on. Guess what they provide access to? The internet. by definition that makes them an ISP.

**sky-knight** · 11-29-2010, 07:41 PM

Yes and? I do work with every company mentioned, I haven't seen a single one of them filter access to anything, including TCP 25 on commercial lines.

If they do it's likely a cable line in a mixed area, and the installers plugged it into the wrong box in the street. A quick call to tech support, a dispatched truck, and the issue goes away.

**Zexston** · 11-29-2010, 09:21 PM

To get Untangle to send mail on a residential connection you have to connect to the ISP's servers, and use authentication. So take one of the10 mailboxes they give you and dedicate it to Untangle... problem solved.

All the mail accounts I have access to want authenticated, SSL connections, which the UT server can't do...

So, Am I missing something? How would I setup a SSL email connection in UT?

P.S. - Wow, what a debate!

**sky-knight** · 11-30-2010, 01:56 AM

Have you tried manually changing the port?

Untangle can send via gmail, and that is SSL enabled SMTP... unless it also allows non-ssl on the non-standard port.

Either way it's a work around, or an example to get yours online.

P.S. As for the debate, welcome to the Untangle forums! Everyone in this thread involved in this discussion is an experienced IT engineer, with vast experience in very diverse areas. We're all a little set in our own ways, a bit stubborn at times, but the knowledge and talent available on these forums has always been humbling for me to witness. I'm honored to be a part of it all.

We probably should be better about splitting off debates like this into separate threads... but the frequent skull bashing usually ends up on a positive note.

**Zexston** · 11-30-2010, 07:27 AM

Even though my email WAS working, I decided to test some the things that were written (figured its due dillagence, have seen allot about this issue here and elsewhere around the web), but now I can't get emails working again.

I did, late last night, get all the test emails I tried to send over the weekend. Guess they got held up somewhere on the web in some SPAM filter, I don't know.

BUT, I searched for gmail without SSL on the web and this:
http://www.google.com/support/forum/...814d05e6&hl=en

Seems like a neat little app to go from non SSL to SSL connections (Any, not just for gmail). Thought I'd through this in.

Once I get what I had working before working again, I'll try some of the things mentioned here and report back!

Thanks all!

Thread: UT server behind UVerse

LinkBack

Thread Tools

Curios Question:

Posting Permissions