02-12-2013, 09:22 PM
|
#1 |
|
Major Leaguer
Join Date: Mar 2007
Posts: 410
|
Comcast directing Mac users to use a different port?
Is this a valad request? This is the e-mail i received today;
Dear Valued XFINITY® Internet Customer, We care about your email security when using our network. On August 1, Comcast announced that for security reasons we will no longer support the use of port 25 for sending email from programs like Outlook or Apple Mail. It appears that one or more computers connected to your Internet account are using port 25 to send email. A port is a connection through which information flows from a program on your computer, from another computer in a network, or to your computer from the Internet, Port 25 is an unsecured port, and it is increasingly used to send spam emails through malicious computer programs called malware. These spam emails are usually sent by computers that have been infected by viruses, and as a result, most users are unaware that their computers are sending spam. By no longer supporting port 25 to send e-mail, this will help prevent your computer from sending spam without your knowledge. What You Need To Do: We are asking you and other impacted customers to change your email program settings to port 465, which provides more security. You will be unable to send email over port 25 once it is disabled, and you will need to update your settings to port 465 in order to continue to send email. Please click the link below for your current email software and follow the step-by-step instructions to change your settings. Outlook Express Outlook 2003 Outlook 2007 Outlook 2010 Windows Mail Mail (Apple OS X) |
|
|
|
02-12-2013, 09:41 PM
|
#2 |
|
Hall of Famer
Join Date: Jan 2002
Posts: 2,934
|
Yes. It's valid. Just follow the instructions and everything will work properly.
http://customer.comcast.com/help-and...-xfinity-email |
|
|
|
|
02-12-2013, 09:42 PM
|
#3 |
|
Hall of Famer
Join Date: Dec 2007
Posts: 3,642
|
I doubt it will affect you since Mail usually sets itself to use default ports of either 25, 465, 587 (it's one setting for all three). You can check how you're configured by using the Mail menu to select Preferences, then
|
|
|
|
|
02-12-2013, 09:43 PM
|
#4 |
|
Hall of Famer
Join Date: Jan 2002
Posts: 2,934
|
Good point NaOH, about the defaults just working.
|
|
|
|
|
02-12-2013, 09:46 PM
|
#5 |
|
Hall of Famer
Join Date: Dec 2007
Posts: 3,642
|
Maybe. From the link you posted, chabig, is a link to a page showing how to explicitly specify port 465.
http://customer.comcast.com/help-and...mail-for-a-mac Seems like the default would work, but Comcast indirectly suggests otherwise with their setup instructions. |
|
|
|
|
02-13-2013, 06:38 AM
|
#6 |
|
Major Leaguer
Join Date: Mar 2007
Posts: 410
|
My port was set at 995, so i changed it to 465, and could not receive mail
|
|
|
|
|
02-13-2013, 07:04 AM
|
#7 |
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
SMTP is for sending mail, not receiving. So if changing the port didn't work you wouldn't be able to send mail. Receiving mail is done with either POP3 or IMAP and uses different ports.
The reasons Comcast are giving aren't entirely correct though. They still have to receive SMTP mail on port 25 from other providers. Sending SMTP to port 465 is a violation of the specifications and doesn't add any security whatsoever. What would increase security is the use of SMTPS (SMTP over SSL) on port 587. Last edited by SirDice; 02-13-2013 at 07:14 AM. |
|
|
|
|
02-13-2013, 07:10 AM
|
#8 |
|
Major Leaguer
Join Date: Mar 2007
Posts: 410
|
I guess then i don't need to change anything, as I already use POP3 and IMAP
|
|
|
|
|
02-13-2013, 07:16 AM
|
#9 |
|
Hall of Famer
Join Date: Jan 2002
Posts: 2,934
|
You changed the wrong port. The outgoing mail server is supposed to be 465. Keep the incoming server at 995. Set everything back the way it was and you should be OK.
|
|
|
|
|
02-13-2013, 08:15 AM
|
#10 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Sep 2003
Location: Tokyo
Posts: 6,050
|
Comcast is doing things the right way. They are blocking outgoing mail from subscribers directly to other servers, and blocking a lot of bots in the process. |
|||||||||||||||||||||||
|
|
|
02-13-2013, 08:55 AM
|
#11 | |||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
Yes, I was more referring to this statement:
Which is bollocks. |
|||||||||||||||||||
|
|
|
|
02-13-2013, 01:50 PM
|
#12 | |||||||||||||||||||||||
|
Hall of Famer
Join Date: Jan 2002
Posts: 2,934
|
This is not quite right. SMTP is Simple Mail Transfer Protocol, which governs the entire email from sender to receiver. There are separate servers for sending and receiving email. The outgoing server (the one clients use to send email) is identified in Apple Mail preferences as the "SMTP" server. It is commonly called that, so Apple does to. But SMTP just refers to the protocol the server is using. The server that sends email to the client also uses the SMTP protocol. They just don't call it then. Sticking to "outgoing" and "incoming" server would be nicer. |
|||||||||||||||||||||||
|
|
|
|
02-13-2013, 05:29 PM
|
#13 | |||||||||||||||||||||||
|
League Commissioner
Join Date: Sep 2003
Location: Tokyo
Posts: 6,050
|
In the dumbed-down world of announcements for the masses, their statement is accurate enough. While changing the SMTP port provides no direct security for the user's outgoing messages, it does prevent bots using port 25 directly and bypassing the provider's mail relay. So "security" here refers to preventing the user's computer from being an active spambot - it can flail away at a mute port all it wants. |
|||||||||||||||||||||||
|
|
|
|
02-14-2013, 03:19 AM
|
#14 | |||||||||||||||||||||||
|
MVP
Join Date: Apr 2008
Location: Berkeley CA USA
Posts: 1,010
|
That's not accurate. SMTP is one of many protocols that is involved in sending mail, but there are other protocols, most notably POP and IMAP. Let me say that again. POP, IMAP, and SMTP are three entirely different protocols. When you look for incoming mail, the mail may have gotten to your incoming server using SMTP, but you are most certainly not using SMTP to bring it across that last leg of its journey to your machine. There is nothing improper in reserving the term "SMTP server" for the server you talk to when submitting mail, because that's the only server you talk to using SMTP. Comcast is doing the right thing here, even down to using correct terminology to describe it. |
|||||||||||||||||||||||
|
|
|
|
02-14-2013, 04:06 AM
|
#15 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
No, the problem I have with that statement is that running an insecure protocol on a non-standard port doesn't magically make it secure. Changing one port for another doesn't change the inherent insecurity of SMTP. Think about it, what's keeping malware from using port 465 instead of 25? Or try them both? What they should have done is enable SMTPS, which is SMTP over SSL, combined with authentication. SSL will prevent eavesdroppers and the authentication will prevent unauthorized access. THAT's something that will actually improve security. Yes, blocking outgoing connections to port 25 to anything other than the ISP's mailserver will block most spam. But it will also block anyone from running their own mailserver. Last edited by SirDice; 02-14-2013 at 04:13 AM. |
|||||||||||||||||||||||
|
|
|
|
02-14-2013, 04:08 AM
|
#16 | |||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
No, SMTP is the ONLY protocol that's used to transfer/send email on the internet. POP3 and IMAP are client protocols used to pull email from a server. |
|||||||||||||||||||||||
|
|
|
|
02-14-2013, 07:16 AM
|
#17 |
|
League Commissioner
Join Date: Sep 2003
Location: Tokyo
Posts: 6,050
|
"Accuracy" was simply not a factor in the drafting of the Comcast statement. They wanted a notice that met the following criteria:
- 8th grade reading level - enough buzzwords to sound like a reasonable idea - enough scary words that users will actually do it - sufficiently simple that users will do it without pestering the support desk - close enough that power users won't pester the support desk about how incorrect it is And I think you are misinterpreting the object of the "security" - the end goal here is the security of the provider, not the subscriber's messages. It's like Microsoft's notice that "You may be a victim of software counterfeiting". The user isn't the victim there. And it won't stop anyone from running their own mailserver. I run a mailserver for one office, the ISP blocks port 25 outgoing but not incoming. Other than a 2-minute config change to set the appropriate mail relay it wasn't a problem, and anyone running their own mailserver that can't set up an ISP delivery relay has no business running their own mailserver. |
|
|
|
|
02-14-2013, 08:29 AM
|
#18 | ||||||||||||||||||||||||||||||||||||||||||
|
MVP
Join Date: Aug 2009
Posts: 1,119
|
No, I don't think that's what they want to get across. The first part goes on and on how insecure port 25 is and the second one says to improve security it must be run on a different port. But as I said before, running an insecure protocol on a non-standard port doesn't magically secure it. Neither for the ISP or for the consumer.
Yes, but that assumes your ISP allows you to relay your mail through their servers. Most ISPs won't. They will probably also want to know for what domain they are forwarding. If they simply accept any and all domains they are highly vulnerable to abuse. Even more so than simply allowing outgoing connections to port 25 on their network. |
||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
02-14-2013, 08:46 AM
|
#19 |
|
League Commissioner
Join Date: Sep 2003
Location: Tokyo
Posts: 6,050
|
1) that wasn't my reading of the word "security"
2) Every ISP I have used in the past 12 years does mail relaying. If they didn't, your email recipients would be rather limited. None in the past 5-ish years allowed outbound port 25 to anywhere other than their server, and one of them today has a throttle that I need to build a workaround for. |
|
|
|
|
02-17-2013, 11:26 PM
|
#20 | ||||||||||||||||||||||||||||||||||||||||||||||
|
MVP
Join Date: Apr 2008
Location: Berkeley CA USA
Posts: 1,010
|
The clients also are on the internet. They do not use SMTP to get their mail. Mail can flow over SMTP, POP, and IMAP (and probably a few protocols I don't know about). POP and IMAP are not special cases of SMTP, nor are they overlays on top of SMTP. They are not SMTP in any sense of the word, and yet they are used to fetch mail over the internet. It's true that POP and IMAP are used to pull mail rather than push it, but that's the point I was making. I was responding to:
Apple and everyone else are quite correct in referring to the outgoing server as "the SMTP server". They do not use SMTP to talk to the incoming server. When Comcast referred to security, they were referring to their own procedures. It's much easier for them to keep mail secure if they don't have mail submission (from their customers) and incoming mail (to their customers) both arriving on the same port. The security implications of these two kinds of mail are very different, and it's easier for Comcast to implement their security policies correctly if they aren't bundled together into the same mail daemon. "Easier" = "More secure". |
||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
 |
| Thread Tools | |
| Display Modes | Rate This Thread |
|
|
Linear Mode
