Subj : New one
To   : Andrew Leary
From : Alexey Vissarionov
Date : Sun Oct 10 2021 11:36:36

Good ${greeting_time}, Andrew!

10 Oct 2021 01:17:34, you wrote to Brian Rogers:

 BR>> I have Comcast as well, however they filter the same ports on IPv6
 BR>> as they do on IPv4 such as 25, 80, etc. I see you're running under
 BR>> the Comcast native IPv6 - did they open the ports for you or are you
 BR>> lucky and they just haven't hit your block yet? I ended up using
 BR>> HE.net with a 6 to 4 tunnel which bypasses the Comcast blocks.
 AL> The filter on port 25 is easy to work around, and prevents a lot of
 AL> spam entering the internet.

Properly configured mail servers do accept incoming messages only from other servers (they act in completely different manner than hijacked hosts) or from authenticated users (having a certificate or at least an username+password).

 AL> They do not filter port 80 for me.

Having 80/tcp filtered out is not a big problem: you always have an option to use HTTPS instead of plain HTTP (issuing a self-signed certificate is trivial, and the encryption overhead is minimal; however, SSL/TLS is unsafe).

The reanon for ISPs to filter out incoming (to user) HTTP and outgoing (from user) SMTP is trivial: first is used to access improperly configured routers, and second is used to send spam - both increasing the load on the abuse desk.

 AL> (http://phoenix.bnbbbs.net works fine.) They have a list of blocked
 AL> ports on their website at
 AL> https://www.xfinity.com/support/articles/list-of-blocked-ports ...

Ok, at least users know in advance what they would get for their money.


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

.... :wq!
--- /bin/vi
 * Origin: ::1 (2:5020/545)

.