SMPT server?

  • 1
  • Question
  • Updated 8 months ago
  • Acknowledged
I have 2 ISP's, Viasat as well as a local WISP that uses Comcast for redundancy.

Been doing a new computer build that runs a lot of things as well as security.

Several of the security devices are small servers that detect things like PIR intrusion and the like that alert me in the house as well as email me an alert.

The problem is that these servers use the old TLS encryption and can't be updated so I've had to run a local email server on my LAN that takes those alert emails, repackages them and send them to my email provider (Gmail business account).

Normally that PC is only connected to my WISP provider however today the WISP provider went down so the router failed over to my Viasat connection and I noticed that my alert emails no longer were being sent.

After pulling what little hair I have out for a while, I discovered that Viasat does not allow an email server (port 25 SMTP) and was confirmed by Viasat customer support as well as Business support.

Is this a technological problem or is it just blocked?

If just blocked is there any remedy or is it just the way it is?

Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes

Posted 8 months ago

  • 1
Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Sorry, I misspoke I meant SMTP port 587.
Photo of Jab

Jab

  • 1160 Posts
  • 164 Reply Likes
Not sure that port is blocked: SEE: Why some ports are blocked on our network

Do a complete Shields UP test, and see where issue might be.  All Service Ports


Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
I don't know what they are doing Jab; perhaps just dropping the packets.

I do know that my WISP connection came back up this morning and now the security alert emails are going through so yes, Viasat is disallowing an email server using their Satellite.
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
port 587 is well known....Which SMTP Port Should I Use? Understanding Ports 25, 465, & 587  Port 587: This is the default mail submission port. When a mail client or server is submitting an email to be routed by a proper mail server, it should always use this port.


Email - How to verify your SMTP connection and parameters (TSL/SSL) with TELNET?

I just configured an email program, which uses Port 587...Port 587 is not blocked.






Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Thanks Jab,
"I just configured an email program,"
Was this a client or a server? I've never had problems with clients, just a server on Viasat.
Just tried port 465 without success.

The error returned was:
The IP you're using to send mail is not authorized to[nl]550-5.7.1 send email directly to our servers. Please use the SMTP relay at your[nl]550-5.7.1 service provider instead

Works fine on my Comcast WISP, but not on Viasat.

Could a Viasat employee verify whether I can or can not run my own email server on their service?

Photo of Jab

Jab

  • 1160 Posts
  • 164 Reply Likes
Error Returned...if using Google

This is because Google will reject any emails sent from IP in the spamhaus database.

The IP you're using to send email is not authorized...'


Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Well, there should be no reason why I'd be in Gmails spamhaus database since the only emails I send are to me,

I'll try to set up DKIM signing as well as SPF and see if that solves the issue, but first I'll renew my Viasat IP address since someone else could have abused the IP address at some point when they had it.

It just bothers me that the same emails sent to the same Gmail through Comcast go through fine.
As well, it bothers me that Viasat customer support as well as Business customer support said that email servers would not work on Viasat.

Still would like a Viasat employee to chime in.
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
Viasat provides Internet Service...Viasat CSRs tend to know generic information. Your concern is related to Google's policies.

I've experienced sites that have banned Viasat's IPs.  Hey, "Jerks-R-US' are online, everywhere.  I've know of sites that block large blocks of IP addresses...to insure that jerk is not back again....but these operators are clueless about satellite IPs.

I have no idea if Viasat has done this:

"In order to prevent spam, Gmail refuses mail from IP addresses that are not authorized to send mail. The determination of whether or not an IP address is authorized to send mail is made by the ISP that provides you with the IP address"

Viasat does have static IP addresses, last I knew: Persistent IP FAQs for Viasat Business Internet customers




Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
"The determination of whether or not an IP address is authorized to send mail is made by the ISP that provides you with the IP address"

This would seem to imply that my ISP (Viasat) determines whether I can use a server does it not?

Well, I just released and renewed my Viasat IP address changing the last 16 bits of the address to no avail; same error message so unless Gmail is blacklisting entire blocks of address, it doesn't seem to be Gmail/address related.

I'll try DKIM signing next...
Photo of Jab

Jab

  • 1160 Posts
  • 164 Reply Likes
I assume one has read this: Add & verify your Authentication Domains
Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Yes
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
Have you been here: Blocklist Removal Center

Not directly related, but this Viasat FAQ indicates to "14.Enter 465 as the outgoing port number.

Here's a previous topic: problem sending e-mails
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
@PlugNickel

Port 587 is not being blocked...confirmed again.  I would suggest using this site, Blocklist Removal Center, to see if your current dynamic IP being used is blocked.

Photo of PlugNickel

PlugNickel

  • 18 Posts
  • 3 Reply Likes
Found the root of the problem.

The IP address is not reported as a blocked IP in Spamhaus, but Viasat placed their entire block of IP address on the Policy Block List that Gmail uses to determine whether to allow or disallow a mail server.

Mystery solved.
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
I'll try confirm your finding....years ago, they had one tech who blocked IP addresses on their forum, a different forum than this. 

Years ago, I use to use Gmail via SMTP/POP, but when I did that quick test, it failed to send out email...which is what I tested.

For individual customers, Viasat should not have been blocking access via Gmail.  Maybe there was a spammer on Viasat, and IT said "I'll fix that" headache....which would reduce email to them, and time to eliminate this customer..
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
The key phrase in PlugNickel's reply is "Policy Block List that Gmail uses to determine whether to allow or disallow a mail server" with the emphasis on mail server.

PlugNickel's running a mail server not a mail client - different beasts and my guess is Viasat doesn't want any residential customers running mail servers but your guess is as good as mine - I'm 5 years removed from all that techie stuff. As I recall the acceptable use policy prohibits running "servers" that have access beyond your own local network.

For example the Spamhaus Policy Block List is different from the other block lists and helps networks (i.e. ISPs) enforce their Acceptable Use Policy and ISPs self-list:

https://www.spamhaus.org/pbl/

(Edited)
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
"The Spamhaus PBL is a DNSBL database of end-user IP address ranges which should not be delivering unauthenticated SMTP email to any Internet mail server except those provided for specifically by an ISP for that customer's use. The PBL helps networks enforce their Acceptable Use Policy for dynamic and non-MTA customer IP ranges."
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
So, once again, what's your point? Everybody's capable of reading that link. The PBL is for ISP and mail server administrators.
(Edited)
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
unauthenticated SMTP email

I believe OP is authenticated SMTP email: Add & verify your Authentication Domains
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
You're wrong - he's using his own SMTP server running on his LAN trying to send email through it to Gmail - maybe he is authenticating, maybe not. It doesn't matter. You don't just get to set up your own SMTP server and start blasting the world with SPAM. I could do that right now by running an SMTP server that's built-in to my operating system under IIS if that's the case.

It's a Policy Block List not a SPAM block list, dig deeper and try to understand the difference between all of the different types of lists maintained by Spamhaus (as well as others).

In this case (Spamhaus  and I'm not claiming this is what Google uses for policy blocking but probably they do, I don't know):


When you send email from your client using SMTP it's going through a reputable SMTP server, properly established with MX records as well as other configuration records needed.

From his original post:

The problem is that these servers use the old TLS encryption and can't be updated so I've had to run a local email server on my LAN that takes those alert emails, repackages them and send them to my email provider (Gmail business account).

Read all of the pages especially the one  at https://www.spamhaus.org/pbl/ispaccount/

And for the record, my IP address is listed in the PBL just as I would expect it to be. It is not listed in their SBL or XBL.

https://www.spamhaus.org/lookup/

(Edited)
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
@CO

Mine is not listed...yes, I follow your drift...but on Vsat's end, I'm not aware of them involved, so far.
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
FWIW...I flipped over to a VZW IP address

Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
Now try running an SMTP server (not a client) on your local network and sending and email to a Gmail account though that local server. Since you're on an augmented beam it's likely/probable that Viasat has overlooked the IP addresses used there - who knows, ask Viasat they're listening.  
(Edited)
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
SMTP server (not a client)

OP's thread....he gets to sort the chaff from the wheat.  He did say "Mystery solved."

FWIW - Port: 465 (SSL required) or 587 (TLS required)

It would seem he could send out 'bulk emails' without going thru
MX, DKIM, or SPF song/dance, according to that article.



Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
You can now send 10,000 emails with GMass and Gmail [Updated 2018]

Launched in October of 2017, this new capability lets you send an unlimited number of emails from your Gmail account. Need to send a campaign to 250,000 people? Just connect your GMass account to a third-party service like Sendgrid, and you can send as many emails as you want, right from the familiar Gmail interface.
(Edited)
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
Yes he said mystery solved, not that it was fixed.

Found the root of the problem.

The IP address is not reported as a blocked IP in Spamhaus, but Viasat placed their entire block of IP address on the Policy Block List that Gmail uses to determine whether to allow or disallow a mail server.

Mystery solved.
Your latter two suggestions are email clients sending email through an SMTP server. If he wants to send mail via SendGrid's servers they may not use the Policy Block List.

He already explained why he can't use an email client that requires using an SMTP server and current TLS protocols in  his original post -  ask him to clarify, not me.

Maybe he'll come back and say problem solved and how he eventually got his notifications sent to his Gmail account.

But a client solution is much different than a server solution and your now shifting the conversation. Feel free to go down that rabbit hole, I won't be joining you but It appears he's constrained by the capabilities of:

Several of the security devices are small servers that detect things like PIR intrusion and the like that alert me in the house as well as email me an alert.
But again ask him and try to understand his entire problem domain and what led him to using a local SMTP server (as the title states) to begin with if your goal is to offer potential solutions. As he clearly stated above:

I've never had problems with clients, just a server on Viasat.
So why continue offering him a client solution? That's a rhetorical question, no answer required.

TL;DR - The answer to his original question is right there in the acceptable use policy - as usual with all things related to working around Viasat limitations and when all is said and done, there's a lot more said than done - but at least somebody's listening albeit probably not comprehending.

I miss the old forum.
(Edited)
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
If this was a problem, "problem is that these servers use the old TLS encryption," but is working fine with their other provider, then logically, this is not a problem.

FWIW - Port: 465 (SSL required) or 587 (TLS required)

To my awareness, there is more than one way to skin a cat...offering other ideas sometimes promotes inspiration.  I would suspect l33t members could offer other solutions.
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
Once again the "other provider" would not appear to utilize the PBL - it's the providers choice and Viasat appears to have done so to enforce their acceptable use policy. So yes its not a problem - working as designed and apparently you still fail to recognize his "I've never had problems with clients, just a server on Viasat" statement.

Have a nice day Phanein!
(Edited)
Photo of Jab

Jab

  • 1158 Posts
  • 164 Reply Likes
"fail to recognize"

133t speak would suggest one is not listening, also.
Photo of Casual Observer

Casual Observer

  • 422 Posts
  • 436 Reply Likes
Nice try!