Good ${greeting_time}, Andrew!
10 Oct 2021 01:17:34, you wrote to Brian Rogers:
I have Comcast as well, however they filter the same ports on IPv6
as they do on IPv4 such as 25, 80, etc. I see you're running under
the Comcast native IPv6 - did they open the ports for you or are you
lucky and they just haven't hit your block yet? I ended up using
HE.net with a 6 to 4 tunnel which bypasses the Comcast blocks.
The filter on port 25 is easy to work around, and prevents a lot of
spam entering the internet.
Properly configured mail servers do accept incoming messages only from other servers (they act in completely different manner than hijacked hosts) or from authenticated users (having a certificate or at least an username+password).
They do not filter port 80 for me.
Having 80/tcp filtered out is not a big problem: you always have an option to use HTTPS instead of plain HTTP (issuing a self-signed certificate is trivial, and the encryption overhead is minimal; however, SSL/TLS is unsafe).
The reanon for ISPs to filter out incoming (to user) HTTP and outgoing (from user) SMTP is trivial: first is used to access improperly configured routers, and second is used to send spam - both increasing the load on the abuse desk.
(http://phoenix.bnbbbs.net works fine.) They have a list of blocked
ports on their website at https://www.xfinity.com/support/articles/list-of-blocked-ports ...
Ok, at least users know in advance what they would get for their money.
--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii
... :wq!
--- /bin/vi
* Origin: ::1 (2:5020/545)