Monday, September 14, 2009

LIME St. Lucia SMTP Blocking - End User Edition

By: Jason Hynds
Site: http://jsun4it.blogspot.com
Date: 2009-09-14


LIME St. Lucia was discovered to be one of the sites for a hush hush change in network policy that blocks persons from sending e-mail through third party E-mail Service Providers (ESP) using SMTP (Simple Mail Transfer Protocol) on TCP (Transmission Control Port) port 25.

LIME St. Lucia (http://www.time4lime.com) has not issued any on-line alerts on this change in policy. Checks were made up to September 12th, 2009 on their Service Alerts web page - which was empty, and also with other informational pages such as Press Releases and Promotions.

This network policy changes apparently intends to combat spam from originating on the LIME network, especially from subscribers with infected computers commonly called zombies. These zombie computers can act as a spam sources by mimicking the functionality of mail servers. Such spamming computers can utilize significant network bandwidth and cause spammed destinations to complain to and for the customers' Internet Service Provider (ISP).

Unfortunately the same SMTP on port 25 is popularly used for legitimate business communication. Particularly those end users and businesses utilizing third party ESPs are expected to be affected by this policy change. It is suspected those using LIME St. Lucia as their ESP remain unaffected, but this has not been confirmed. This possibility however raises the question of if this action can be considered an anti-competitive business practice, especially since the choice of Internet Service Providers (ISP) is limited, and most local and regional ESPs are likely to be considerably smaller and less technically resourced than LIME.

This network policy change may have resulted in multi-day and multi-week outages for some customers and shaken their confidence in their otherwise innocent ESPs. Some affected LIME clients have been notably peeved at what has been seen as the lack of proper notice from LIME.

The network policy change is known to affect ADSL (Asynchronous Digital Subscriber Line) subscribers. It is however possible that, at least on initial roll-out, leased line customers were also affected. This change in policy appears to be 2 to 3 weeks old at the time of publication.

For ADSL subscribers looking to resolve this issue, LIME states they must first migrate to a premium business package, at additional cost - if not already on one. Perhaps at no additional cost the customer can use LIME St. Lucia as a smart host - as this is the standard practice by ISPs who implement this policy.

The SMTP protocol on port 25 has traditionally been used for both:
  1. sending e-mail messages between end-user e-mail client software (such as Microsoft Outlook, Mozilla Thunderbird and Eudora) and mail servers - a process known as message submission and,
  2. for sending e-mail between source and destination e-mail servers - a process called message relaying.
The actual correct solution to resolve a problem in message submission is for the customer and their ESP to utilize message submission on port 587, instead of port 25, as described in RFC 4409 (http://tools.ietf.org/html/rfc4409). LIME St. Lucia does not block this port. By applying this solution, the customer is neither coerced into paying LIME St. Lucia more money in order to workaround its silent change in network policy nor does he/she have to introduce LIME's mail servers into the process of message delivery (thus separating technical support responsibility for mail issues based on if messages are being sent or received).

To resolve an issue with message relaying - where a publicly accessible mail server is operated on-site, is may be necessary to request a site exception to this policy from LIME St. Lucia.

If further silence comes from LIME on this issue, other jurisdictions should probably brace for similar policy changes.

4 comments:

  1. I am in St lucia and getting the problem mentioned above on port 25.
    Are you sayin the solution is as easy as editting the port 25 value to port 587??

    thanks

    ReplyDelete
  2. looks like this is happening in the Caymans too - bloody hell

    ReplyDelete
  3. Mark, obviously I'm too late to assist you. My apologies. Just for the benefit of others:

    The solution is as easy as your e-mail service provider (ESP) allowing you to use another port. Whatever port they provide - other than the blocked TCP port 25, is what you would use as your workaround.

    Usually this is port 587. Some providers however use non-standard ports, some use 465. Your ESP should be able to guide you on all the settings.

    ReplyDelete
  4. LIME had a service alert up on http://www.time4lime.com/bb/news/service_alerts.jsp when it upgraded its network to block communication on TCP port 25 for Barbados-based customers.

    The upgrade was planned for Saturday, November 6th, 2010 between 1:00 and 5:00 a.m.

    Due to the "upgrade" some customers started the work week with the inability to send e-mail via their e-mail client program e.g. MS Outlook, Thunderbird, Outlook Express, IncrediMail etc.

    LIME should be commended for both web publishing the Service Alert and providing a mail-out to customers. GENUINE applause! Much better work!

    They also provided an "open relay" to easy the transitional problem? I even used it for a client with an ESP that was not ready for the service transition.

    The "open relay" provided is "xmail.cwjamaica.com". It accepted unauthenticated SMTP communication on port 25 and relayed the messages during my tests.

    Since "xmail.cwjamaica.com" is an open relay - at least within the LIME network, it is not a viable long-term fix to the issue and you should get your ESP to provide a suitable alternative Message Submission port (other than 25) as soon as possible!

    Open Relays tend to find their way on DNSBLs and then cause your outbound messages can get rejected by destination mail servers.

    ReplyDelete