How do ISP's block ports?

Question

I'm currently working on a small town in Argentina and the only ISP that gets here is called Arnet. The connection stability sucks, the help desk is anything but helpful (non techs hired for around 2 dollars/h) and I've had lots of problems wiht them in the past. One of the things they do that really bugs me is that they block port 25 for any smtp servers that isn't smtp.arnet.com.ar forcing you to use that for all your accounts. I was wondering if anyone could explain me how they do this and if there's a way to bypass it. Thanks a lot for any help

When you are given permission to access someone's mail server, they should give you connection information that uses a port other than 25, typically 587. Just ask the administrator of the mail server (or check their help pages). They'll explain how to access it on another port. — David Schwartz, Oct 13 '11 at 18:01

score 3 · Answer 1 · answered Oct 13 '11 at 14:16

How they do that: They configure their devices to block it. Easy. Either with firewall rules or ACLs on the routers or whatever method their architecture requires. Standard stuff anyway.

How to bypass it: You don't, as it's likely violating their Terms of Service.

score 1 · Answer 2 · answered Oct 13 '11 at 14:16

1

Simple; they check each packet to see if it is addressed to port 25, and if so, DON'T forward it. No, there's nothing you can do about it, other than get a host somewhere else that can accept the connection ( and possibly forward it to you ).

answered Oct 13 '11 at 14:16

psusi

3,347
1
17
9

score 0 · Accepted Answer · answered Oct 13 '11 at 14:17

0

There may be doing it to prevent you from sending spam, or to listen on your mails, who knows.

You can bypass it with a VPN or another kind of tunnel (ipsec, gre, ssh) as long as you control some machine outside.

answered Oct 13 '11 at 14:17

b0fh

3,313
1
21
32

So I would need to tunnel all my mails to the VPN through ssh or something like that so what the ISP "sees" is only a packet going to port 22, and from that point forward I can do anything I want and use the smtp once I'm already in the external shell? – federico Oct 13 '11 at 14:24
Right. If you have an ssh server somewhere, enable Local Port Forwarding. You can provide a triple such as 2525:smtp.blah.com:25. Then you can use localhost:2525 and it will be forwarded to blah.com:25 – b0fh Oct 13 '11 at 14:31
ok thanks a lot, it sucks that I'll need to get an ssh server to send emails from my domains but it could be helpful for other things to anyways. – federico Oct 13 '11 at 14:35
You said you wanted to bypass port 25 filtering, but there is another way if you have your own mail domain on a remote machine -- use smtp over ssl, which goes trough 465 (and is more secure). 25 nowadays should be limited to mail exchange between servers, not client-to-server as it is too often the case. – b0fh Oct 13 '11 at 14:40
that was easier ;) – federico Oct 13 '11 at 14:53

How do ISP's block ports?

3 Answers3