Friday, March 6, 2009

AT&T U-Verse Did something right.

*Edit: If you found this page on a search engine while looking for info on AT&T blocking port 25 go to this post

I know the title surprises me too. Even more since this was going to start off as a huge rant about them.

As it says on the side bar, I work as a Network Engineer. I won't say where, but I'm the senior technical resource in the department. Security, design, repair, etc all fall under my position. That includes fixing misconfigured servers and trouble shooing problems (so we can know what needs to be fixed).

Yesterday we (the system administrators) got an email from someone not able to send us email. From what we could tell it looks like their problem, is on their stuff. Not ours. While looking into that problem, I saw another one. The company's email servers were listed on some Real Time Black Lists (RTBL). Which are used to block emails from spammers.

Looking into why we were on the list, one of our mail servers were listed as an open relay which means that spammers could send mail through our mail servers. The easiest and fastest way to check, is to login to the servers via telnet and see if they will send the mail. So, I bounce to my box at home (from work via ssh), and try to telnet to port 25 on the mail server. Not working. Can't telnet to port 25 anywhere else either. Luckily a friend was able to let me use his linux box to trouble shoot the problem, and it wasn't blocked from there. We fixed the configuration on our mail server this morning.

But I still couldn't get to the server on port 25 to re-test remotely. So I took note, and after confirming stuff was fixed, I started to look into why I couldn't telnet from home. My budy doesn't have a problem leaving my account on his box, but that doesn't mean I want to have to rely on his box being up.

After hunting around, it turns out to try and cut down on spam, ISPs are blocking port 25 outbound. It is, what it is. And I think it's a bad idea, to a point. People like me, who need to test are the smaller subset of people that need to use the port, while the spammers are the bigger group. Blocking it from everyone does prevent zombies and spammers from using the port to send spam. But it also prevents us from being able to fix our systems. The better idea would be to start blocking the mail servers that are found to be open relays. Although blocking port 25 prevents finding open relays that haven't been blocked yet. It also cuts down on some traffic (the hunting of open ports).

So I started looking into AT&T and the blocking of the port. The article I found, on their help site, said that they're blocking port 25 for Dial up and Dynamic High Speed internet customers, and doesn't affect people with static ip address, or dedicated connections (Frame Relay, T1, T3).

But wait, I pay 15.00 a month for 8 static ip addresses. So I called ready to raise hell. I fought my way through the automated system, it took several tries and they had to remotely "test" my connection, before transferring me to a live person. I told her the deal, I'm a network engineer, I need to test my mail servers at work remotely, and port 25 is being blocked. She couldn't unblock it. So off to tier 2 I go. The guy there was a lot of help. Re-explained the situation, he looked up my account, confirmed I do have a static ip address (although he read the read column the first time), and unblocked the port for me. he noted the account that I requested it unblocked and why.

Seriously I was expecting to jump through a bunch more hoops before getting things resolved. I wasn't happy at the start of the call, but was by the end. And now I can get to my servers at work the way I need to so I can make sure they're not open relays the next time I find us on a black list.

Is there a better way to block the spammers? Yes. Will it happen? no. I can think of several ways. The biggest is to take the profit out of it, like they did when they ended prohibition. Re-writing the standards so relaying is changed, and being and open relay can't happen. (There has been some work in this). will it be easy to fix the problem... not in today's world.

No comments: