Re: [exim] the great TLS mystery

WJCarpenter wrote:
>
*snip*

> ..... One of my hypotheses is that his
> ISP is transparently proxying SMTP and injecting the AUTH advertisement
> into the EHLO response (for reasons unknown, but clearly looney if
> true). If that's so, they may be watching ports 25 and 587, but they
> will be unlikely to be watching port 8111 (for SMTP anyhow).
>
> His ISP is bellsouth.net. Does anyone know of any weird
> firewall/filtering junk they might be doing?
>
>
Not specifically.

We have had *bellsouth.net LBL'ed for years due to bot infestations, and their
subscriber IP pool is also regularly/periodically listed in dul.dnsbl.sorbs.net
and/or xbl.spamhaus.org. It is also forged now and then, but that's easy to catch.

A look at recent logs shows hits absent, so that particular carelessness 'may'
have been stopped, ergo they MAY have moved to some form of
interception/diversion-to-self or other control on traffic leaving their 'pool'
toward remote port 25.

You'll need that tested from within that pool IF you care.

We would not care, as we simply exempt 587 arrivals with our specified protocol
from LBL/RBL, rDNS checks, eyeball them again later to insure they've AUTH'ed.

Port 25 is an odds-on favorite for ISP blocking, interception, et al, which is
as it should be, so that one we never use for end-user submission, only
'credentialed' peer MTA.

Port 587 we haven't generally found to be interfered with *at all* in the
Americas, Europe, or Asia. Really really rare - so far, anyway.

That said, as with your 8111, we have two workaround ports. Plus webmail...

HTH,

Bill