Unexpected and strange email blocking

[roarkh]

I maintain a DirectAdmin box that I use as the email server for the place that I work, let's say the domain name is "mydomain.com".

Many of our users use laptops that they use both at home and on our LAN. All of their outgoing mail servers are configured on port 25 with authentication to "mail.mydomain.com".

Just recently my users have been unable to send mail to anyone else with an account on "mydomain.com". I would have thought that their ISP's were blocking port 25 but I don't think that's it because they can send mail to anyone outside of "mydomain.com" with no problem.

I have tested it myself, from home I am able to send mail to my address at mac.com with no problem but if I try to send it to myself at "mydomain.com" it fails to send saying that the email has been blocked by Spamhaus.

When I look through the server logs I see a line that says the mail was blocked and the address of the blocked mail server is listed as the ip address of my cable modem rather than the address of my smtp server. I suppose that explains why it's being blocked as obviously my cable modem's ip address is in a range of blocked dynamic addresses. Why would the logs show the ip address provided by my cable modem rather than the ip address of the smtp server I am using?

If I switch to port 587 things appear to start working but since port 25 is not being blocked by my isp I am not sure why that fixes the problem.

Has anyone else experienced anything similar to this and if so what did you do to resolve it? Perhaps I am missing something really obvious here.

Thanks in advance.

 

[nobaloney]

Your cable modem should almost always be in a blocklist; if not any other, the blocklist that reports all ISP non-static IP#s.

You're connecting to your server from your cable-modem port. That's why it's being reported. If you connect on port 25 exim has no way of knowing if you're an MUA on your desktop, or an MTA on the internet.

That's precisely what port 587 was invented for; it's a mail "submission" port rather than a mail "transmission" port. By default the exim.conf file included in DA (I wrote it) allows all authenticated email using port 587 onto the server. They key is that the email has to be authenticated. By default the DA SpamBlocker exim.conf file authenticates both by plain-text authentication and by pop-before-smtp.

Jeff

 

[roarkh]

Jeff, thanks for your response, explaining the difference between using ports 25 and 587 was very helpful.

I will start setting the smtp port to 587 by default when setting up my mail clients. I guess I should have been all along.

I still don't understand what caused this to start happening now after working on port 25 without fail for over a year. If it was only me that was affected that might make sense but many users of our server are having the same problem, using mostly different internet service providers.

Thanks again

 

[nobaloney]

Don't forget to tell your clients about the switch.

The problem occurs more and more as more and more dynamic IP#s get into blocklists and as more and more ISPs block port 25 outside their network to eliminate zombie-driven spam.

Jeff