Cox Communications has announced that email traffic from Cox High Speed Internet (CHSI; residential cable
modem service) to UCSB SMTP servers on port 25/tcp will be blocked beginning July 28, 2004. Cox will require that users
sending email from their CHSI network use the CHSI SMTP servers (smtp.west.cox.net; alternatively, smtp.central.cox.net or
smtp.east.cox.net).
In a letter to the campus network programmer, Cox states, "Our SMTP servers will authenticate and allow any
e-mail address in the from field if the domain has a valid MX record."
Thus, CHSI users who wish to send mail via COX SMTP relays using a UCSB
sender address should work if the UCSB domain name has an MX record.
Email delivery to servers without MX records has generally been possible
(a plain "A" IP address record is sufficient), but Cox is requiring MX
records for sender addresses on relayed mail.
As an example, if your
users' email addresses are in the format "mickey@disneyology.ucsb.edu,"
there must be an MX record for the disneyology.ucsb.edu domain name, or
your Cox-based users will be unable to relay mail via Cox SMTP servers
using their @disneyology.ucsb.edu address as the email sender address.
You can easily check for MX records for your domain name using a tool
like those available at DNSstuff.com.
Just enter your domain name in the "DNS lookup" box (upper-right corner,
under "Hostname Tests"), select MX from the drop-down list, and click
Lookup. You should see an MX record in the "Type" column in the
"Answer" section.
According to the letter, Cox began blocking outbound use of port 25 in
June 2003, with limited exceptions "to select universities in and near our
markets." UCSB was one of the exceptions, apparently due, in part, to
sensitivity regarding finals.
The most pertinent quote from Cox's letter:
This is to notify you that beginning 7/28/2004, access to your
universities [sic] SMTP server on port 25 will be blocked from the Cox
High Speed Internet network. All email sent via Cox High Speed Internet
network must route through Cox's email servers.
If you provide relaying for your off-campus Cox users, your service may
remain functional if you support relaying via another port besides 25.
There are a couple of ports commonly used for this purpose, 465 and
587. SMTP servers on port 465 are expected to immediately negotiate TLS
(i.e., encrypt everything from the start). This type of operation is
generally considered legacy and not preferred.
Port 587 presents a
standard SMTP dialog with optional STARTTLS support for encryption. The campus network programmer
recommends requiring STARTTLS before accepting authentication
credentials. If you configure your SMTP server to support port 587, you
should also ensure that all submissions are authenticated, not just relayed
messages. Failure to require authentication on all port 587 connections
is likely to result in spam delivery via that port. The whole point of
port 587 is to support authenticated submission of email for delivery,
and not to create a clone of port 25.
This move by Cox is increasingly common in the ISP community as a means
to combat spam sourced via their customers' systems.
KPS
