Cisco ASA / Comcast SMTP problem workaround

Suresh Ramasubramanian ops.lists at
Mon Jan 19 00:40:52 UTC 2009

On Mon, Jan 19, 2009 at 6:07 AM,  <lorell at> wrote:
> I have the problem when working out of my house that Comcast will lock down
> outbound SMTP on the regular ports.  This may be due to the kids' computer
> getting infected with a virus from time to time.  That is its own problem
> and I want to deal with it on its own.
> The problem I want to discuss is a workaround to Comcast blocking outbound

That's what port 587 is for and comcast hasnt been locking that down, eh?

Have your server listen on the smtp submission port (587) as well - if
you want you can use 465/smtp+ssl but that's deprecated to a large
extent (though yes, I had to switch it on after I figured out my
phone's push email service only supports smtps currently)

>   1. I don't want to change the email server configurations because it is
> run by a control panel software and if I take it out of spec, the next
> update could wipe out my custom config.

If that's cpanel there are ways to do it in the config + save it. An
update wont wipe it out if you use the cpanel management console
rather than edit files using vi.  In fact, chances are, your cpanel
box ALREADY listens on 587.

For more details - and these are best practices from MAAWG, which is
sort of like a nanog for mailops and antispam - very operational and
relevant content there.

Oh, and RFC2476 (about port 587) and 2554 have been around for ages now.


More information about the NANOG mailing list