Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




9 posts

Wannabe Geek


Topic # 175280 23-Jun-2015 18:07
Send private message

Since when did Spark refuse to unblock port 25? Can somebody recommend another isp so i can send email again.




Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
549 posts

Ultimate Geek
+1 received by user: 62


  Reply # 1330131 23-Jun-2015 18:15
Send private message

It's to stop spammers.



9 posts

Wannabe Geek


  Reply # 1330133 23-Jun-2015 18:22
Send private message

And emailers apparantly

 
 
 
 


549 posts

Ultimate Geek
+1 received by user: 62


  Reply # 1330135 23-Jun-2015 18:29
Send private message

The majority of email is spam,  so yeah.

3024 posts

Uber Geek
+1 received by user: 475

Trusted

  Reply # 1330143 23-Jun-2015 18:43
2 people support this post
Send private message

There appears to be a technical reason behind this

Their port 25 unblock service must be based upon the ip address of the source connection within their network.
Therefore you first need to have a static ip address assigned to you.

But it seems that the plan you have chosen doesnt qualify for a static ip address - probably for a future transition to CGNAT - though when i last looked a few years ago, telecom had an excessive pool of IPv4 address space. 
But also it could be to prevent users running servers on home broadband connections.

The solution
You obviously have a domain if you are sending email directly, and probably have a web hosting company that provides an smtp relay service - so just use that on a port other than 25.




Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here




3167 posts

Uber Geek
+1 received by user: 1661

Trusted
Spark NZ

  Reply # 1330163 23-Jun-2015 19:29
Send private message

raytaylor: There appears to be a technical reason behind this

Their port 25 unblock service must be based upon the ip address of the source connection within their network.
Therefore you first need to have a static ip address assigned to you.

But it seems that the plan you have chosen doesnt qualify for a static ip address - probably for a future transition to CGNAT - though when i last looked a few years ago, telecom had an excessive pool of IPv4 address space. 
But also it could be to prevent users running servers on home broadband connections.

The solution
You obviously have a domain if you are sending email directly, and probably have a web hosting company that provides an smtp relay service - so just use that on a port other than 25.


You're wrong on the conjecture about a transition to CGNAT. There are no current plans for that.

You're right about the underlying reason for the refusal to unblock port 25 though. It's clearly due to the unlimited plan not allowing static IP addresses. Now I THINK that has changed recently (don't quote me on that yet - I don't do product stuff) and if that's the case, then this will probably be an out of date rule somewhere that hasn't been updated. (I can't guarantee that it's not an actual product limitation sorry, but it seems odd on the surface)

I do know that the Static IP (even if available on unlimited) won't be free.

We don't have the technical capability built to enable unblocking of port 25 for customers that are on dynamic IP addresses, and we won't be looking at building it in the short term (or probably ever).

The reasons for the blanket block are probably reasonably well understood - but if not, can be summed up as "For security" :-)

I'm honestly pretty darn busy at the moment, but if you are able to secure a static IP, then the port 25 unblock should be available.

Cheers - N


12577 posts

Uber Geek
+1 received by user: 2025

Trusted
Subscriber

  Reply # 1330168 23-Jun-2015 19:33
2 people support this post
Send private message

This is pretty standard and a fairly responsible thing for them to do, but unblocking for individual customers should be possible. Use SSL/TLS, which is on port 465. Or I guess change ISPs.

What email server are you trying to use?




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer




9 posts

Wannabe Geek


  Reply # 1330173 23-Jun-2015 19:40
Send private message

Thanks for the replies, I changed the port and it is working. Strange thing is that port 25 used to work just fine for me, and I wasn't on a static IP. I guess Spark has made some changes.

Cheers

3167 posts

Uber Geek
+1 received by user: 1661

Trusted
Spark NZ

  Reply # 1330176 23-Jun-2015 19:43
Send private message

Are you running mail server software or just using an SMTP server setting in an email client to send your emails?

Just in case anyone else is wondering, the Port 25 block stops you running a basic unencrypted MAIL SERVER on your connection, it shouldn't stop you sending email from an email client.

Cheers - N




9 posts

Wannabe Geek


  Reply # 1330191 23-Jun-2015 19:54
Send private message

If port 25 is blocked by spark and i'm not using their mail relay, then how could i send email from my mail client using port 25 smtp?

3167 posts

Uber Geek
+1 received by user: 1661

Trusted
Spark NZ

  Reply # 1330192 23-Jun-2015 19:55
Send private message

Well, time to correct myself.. Thanks to CBRpilot who works more closely with the subscriber features than I do...  There apparently have been a number of changes quite recently...

- Yes, we can unblock port 25 on dynamic IP now.  Works just fine.
- The unlimited plans do allow static IP (I think at a cost) but DO NOT allow Port 25 unblocking. (That's the odd product limitation wiggle room I gave myself before)

This is a new thing and I'm unaware of the reasoning behind it sorry.

Cheers - N



3167 posts

Uber Geek
+1 received by user: 1661

Trusted
Spark NZ

  Reply # 1330193 23-Jun-2015 19:56
Send private message

iNs3ct: If port 25 is blocked by spark and i'm not using their mail relay, then how could i send email from my mail client using port 25 smtp?


Covered here...

http://www.spark.co.nz/help/internet-email/plans-services/port-25.html

Cheers - N




9 posts

Wannabe Geek


  Reply # 1330195 23-Jun-2015 20:01
Send private message

This is directly from the spark link mentioned above:

"How does Port 25 filtering work on the Spark network when it comes to sending email?

Port 25 filtering is a type of rule that checks the source IP address, destination IP address and destination Port before allowing the traffic. So it leaves only destination IP address to be checked. If you are using smtp.xtra.co.nz as your outgoing server, the destination IP address will be the IP address of that server (email is being sent to that server from the computer first) so filtering does not take place. But if you are using different server addresses, Port 25 is filtered."


Sounds kinda like outbound filtering to me.

628 posts

Ultimate Geek
+1 received by user: 159

Trusted
Spark NZ

  Reply # 1330205 23-Jun-2015 20:21
One person supports this post
Send private message

Spark's Port 25 filtering works both ways.  Inbound and outbound port 25 is blocked.




My views are my own, and may not necessarily represent those of my employer.

2200 posts

Uber Geek
+1 received by user: 613

Trusted

  Reply # 1330207 23-Jun-2015 20:23
4 people support this post
Send private message

I'm personally surprised anyone in this day and age needs port 25 unblocked.

You should be talking to your mail server over SSL so 465 or 587 would be the ports you use to connect so having port 25 blocked wouldn't impact you at all.

Having inbound port 25 means you are leaving yourself open as a spam relay. That's just bad (TM).







9 posts

Wannabe Geek


  Reply # 1330210 23-Jun-2015 20:26
Send private message

Agreed, changing to SSL ports is a better solution than unblocking 25.

Thanks to everyone for your help 👍

 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

VMware NSX Meets Stringent Government Security Standards with Common Criteria Certification
Posted 22-Jun-2017 19:05


Brother launches next-generation colour laser printers and all-in- ones for business
Posted 22-Jun-2017 18:56


Intel and IOC announce partnership
Posted 22-Jun-2017 18:50


Samsung Galaxy Tab S3: Best Android tablet
Posted 21-Jun-2017 12:05


Wellington-based company helping secure Microsoft browsers
Posted 20-Jun-2017 20:51


Endace delivers high performance with new 1/10/40 Gbps packet capture card
Posted 20-Jun-2017 20:50


You can now integrate SMX security into Microsoft Office 365, Google and other cloud email platforms
Posted 20-Jun-2017 20:47


Ravensdown launches new decision-making tool HawkEye
Posted 19-Jun-2017 15:38


Spark planning to take on direct management of all consumer stores
Posted 19-Jun-2017 10:03


Qrious acquires Ubiquity
Posted 14-Jun-2017 12:21


Spark New Zealand prepares for 5G with Nokia
Posted 14-Jun-2017 12:16


 The future-proof  10.5-inch iPad Pro
Posted 13-Jun-2017 18:16


Mandatory data breach reporting in Australia
Posted 13-Jun-2017 11:30


Review: Sony MDR-1000X noise-cancelling headphones
Posted 12-Jun-2017 08:08


Kinetics Crowned Microsoft NZ Partner of the Year
Posted 9-Jun-2017 09:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.