SMPT server?

  • 1
  • Question
  • Updated 3 months ago
  • Acknowledged
I have 2 ISP's, Viasat as well as a local WISP that uses Comcast for redundancy.

Been doing a new computer build that runs a lot of things as well as security.

Several of the security devices are small servers that detect things like PIR intrusion and the like that alert me in the house as well as email me an alert.

The problem is that these servers use the old TLS encryption and can't be updated so I've had to run a local email server on my LAN that takes those alert emails, repackages them and send them to my email provider (Gmail business account).

Normally that PC is only connected to my WISP provider however today the WISP provider went down so the router failed over to my Viasat connection and I noticed that my alert emails no longer were being sent.

After pulling what little hair I have out for a while, I discovered that Viasat does not allow an email server (port 25 SMTP) and was confirmed by Viasat customer support as well as Business support.

Is this a technological problem or is it just blocked?

If just blocked is there any remedy or is it just the way it is?

Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes

Posted 3 months ago

  • 1
Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Sorry, I misspoke I meant SMTP port 587.
Photo of Jab

Jab

  • 1155 Posts
  • 164 Reply Likes
Not sure that port is blocked: SEE: Why some ports are blocked on our network

Do a complete Shields UP test, and see where issue might be.  All Service Ports


Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
I don't know what they are doing Jab; perhaps just dropping the packets.

I do know that my WISP connection came back up this morning and now the security alert emails are going through so yes, Viasat is disallowing an email server using their Satellite.
Photo of Jab

Jab

  • 1155 Posts
  • 164 Reply Likes
port 587 is well known....Which SMTP Port Should I Use? Understanding Ports 25, 465, & 587  Port 587: This is the default mail submission port. When a mail client or server is submitting an email to be routed by a proper mail server, it should always use this port.


Email - How to verify your SMTP connection and parameters (TSL/SSL) with TELNET?

I just configured an email program, which uses Port 587...Port 587 is not blocked.






Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Thanks Jab,
"I just configured an email program,"
Was this a client or a server? I've never had problems with clients, just a server on Viasat.
Just tried port 465 without success.

The error returned was:
The IP you're using to send mail is not authorized to[nl]550-5.7.1 send email directly to our servers. Please use the SMTP relay at your[nl]550-5.7.1 service provider instead

Works fine on my Comcast WISP, but not on Viasat.

Could a Viasat employee verify whether I can or can not run my own email server on their service?

Photo of Jab

Jab

  • 1155 Posts
  • 164 Reply Likes
Error Returned...if using Google

This is because Google will reject any emails sent from IP in the spamhaus database.

The IP you're using to send email is not authorized...'


Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Well, there should be no reason why I'd be in Gmails spamhaus database since the only emails I send are to me,

I'll try to set up DKIM signing as well as SPF and see if that solves the issue, but first I'll renew my Viasat IP address since someone else could have abused the IP address at some point when they had it.

It just bothers me that the same emails sent to the same Gmail through Comcast go through fine.
As well, it bothers me that Viasat customer support as well as Business customer support said that email servers would not work on Viasat.

Still would like a Viasat employee to chime in.
Photo of Jab

Jab

  • 1155 Posts
  • 164 Reply Likes
Viasat provides Internet Service...Viasat CSRs tend to know generic information. Your concern is related to Google's policies.

I've experienced sites that have banned Viasat's IPs.  Hey, "Jerks-R-US' are online, everywhere.  I've know of sites that block large blocks of IP addresses...to insure that jerk is not back again....but these operators are clueless about satellite IPs.

I have no idea if Viasat has done this:

"In order to prevent spam, Gmail refuses mail from IP addresses that are not authorized to send mail. The determination of whether or not an IP address is authorized to send mail is made by the ISP that provides you with the IP address"

Viasat does have static IP addresses, last I knew: Persistent IP FAQs for Viasat Business Internet customers




Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
"The determination of whether or not an IP address is authorized to send mail is made by the ISP that provides you with the IP address"

This would seem to imply that my ISP (Viasat) determines whether I can use a server does it not?

Well, I just released and renewed my Viasat IP address changing the last 16 bits of the address to no avail; same error message so unless Gmail is blacklisting entire blocks of address, it doesn't seem to be Gmail/address related.

I'll try DKIM signing next...
Photo of Jab

Jab

  • 1155 Posts
  • 164 Reply Likes
I assume one has read this: Add & verify your Authentication Domains
Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Yes
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
Yes he said mystery solved, not that it was fixed.

Found the root of the problem.

The IP address is not reported as a blocked IP in Spamhaus, but Viasat placed their entire block of IP address on the Policy Block List that Gmail uses to determine whether to allow or disallow a mail server.

Mystery solved.
Your latter two suggestions are email clients sending email through an SMTP server. If he wants to send mail via SendGrid's servers they may not use the Policy Block List.

He already explained why he can't use an email client that requires using an SMTP server and current TLS protocols in  his original post -  ask him to clarify, not me.

Maybe he'll come back and say problem solved and how he eventually got his notifications sent to his Gmail account.

But a client solution is much different than a server solution and your now shifting the conversation. Feel free to go down that rabbit hole, I won't be joining you but It appears he's constrained by the capabilities of:

Several of the security devices are small servers that detect things like PIR intrusion and the like that alert me in the house as well as email me an alert.
But again ask him and try to understand his entire problem domain and what led him to using a local SMTP server (as the title states) to begin with if your goal is to offer potential solutions. As he clearly stated above:

I've never had problems with clients, just a server on Viasat.
So why continue offering him a client solution? That's a rhetorical question, no answer required.

TL;DR - The answer to his original question is right there in the acceptable use policy - as usual with all things related to working around Viasat limitations and when all is said and done, there's a lot more said than done - but at least somebody's listening albeit probably not comprehending.

I miss the old forum.
(Edited)
Photo of Jab

Jab

  • 1155 Posts
  • 164 Reply Likes
If this was a problem, "problem is that these servers use the old TLS encryption," but is working fine with their other provider, then logically, this is not a problem.

FWIW - Port: 465 (SSL required) or 587 (TLS required)

To my awareness, there is more than one way to skin a cat...offering other ideas sometimes promotes inspiration.  I would suspect l33t members could offer other solutions.
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
Once again the "other provider" would not appear to utilize the PBL - it's the providers choice and Viasat appears to have done so to enforce their acceptable use policy. So yes its not a problem - working as designed and apparently you still fail to recognize his "I've never had problems with clients, just a server on Viasat" statement.

Have a nice day Phanein!
(Edited)
Photo of Jab

Jab

  • 1155 Posts
  • 164 Reply Likes
"fail to recognize"

133t speak would suggest one is not listening, also.
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
Nice try!