How To Get Around Cable/DSL Lockdowns By Pirho Raise your hand, all of you that have a cable or dsl modem. Now how many of you have email accounts with your cable/dsl provider? Now how many of you have tried to use your email account to send out without being on the cable/dsl network? Ok, put your hands down. I am going to fill you in on a little secret. The cable and DSL companies all have locked down their outgoing SMTP access so you can't send out mail with any other company's account other than their own. Many a time I am out in the field and I need to hook into a company's LAN and use their internet access to send out mail only to be frustrated because my ISP has locked out Port 25 to everyone who isn't on their network. Well I got so frustrated I finally decided to take matters into my own hands. But first a word from our legal team. Everything I am about to explain is for informational purposes only and should not be attempted or duplicated as it may very well be a violation of you TOS with you ISP. In other words, don't try this at home! Ok, here we go. The company that I work for has a Microsoft Exchange server that I obviosly have an account on(I should, I built it). But I never want to use the exchange servers to do my SMTP relay because I know that my company not only monitors the email traffic for spam and viruses but also captures every scrap of mail that comes in and out of the exchange server. the last thing I want is someone reading my emails. We also have a separate piece of hardware known as a Barracuda Spam Firewall which allows us to filter out the spam and any virus that tries to come in throuhg email. I also know that the Barracuda tags the outbound emails with a stupid signature that gives a legal disclaimer with my company's address and information, so I don't want to use that. So what's a person to do? Simple, build your own SMTP server and use that to relay your messages. Here's how you do it: Being that I have 2 computers at my apartment hooked up to a cable modem using a store bought firewall/switch, i built one of them as a win 2k3 box. Since, it's a true server now, i ahve the ability of installing IIS 6.0 on it. Since IIS is more than just a web server, it has the ability to install SMTP service on it. Thus allowing me to use it as an open relay. That's when i discovered the problem. How do I lock it down? Why do you need to lock it down? Why not leave it open? Well, for starters this is what happens when you leave an SMTP open as a relay: Received: from cm218-254-88-90.hkcable.com.hk ([218.254.88.90]) by **************************************.DYNDNS.ORG with Microsoft SMTPSVC (6.0.3790.1830); Wed, 7 Jun 2006 05:45:16 -0400 Received: from dns0.yahoo.com (dns0.yahoo.com [100.170.4.28]) by 218.254.88.90 with Microsoft SMTPSVC(5.0.2195.6824); Wed, 07 Jun 2006 10:42:39 +0100 Received: from dns0.yahoo.com (dns0.yahoo.com [187.164.152.236]) by 218.254.88.90 with Microsoft SMTPSVC(5.0.2195.6824); Wed, 07 Jun 2006 12:40:39 +0300 Received: from dns0.yahoo.com (dns0.yahoo.com [106.74.231.6]) by 218.254.88.90 with Microsoft SMTPSVC(5.0.2195.6824); Wed, 07 Jun 2006 07:41:39 -0200 Message-ID: <5475963666.949175265917000707031@yahoo.com> X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Date Tue, 19 Jan 2092 11:14:07 +0800 From: [deleted]@yahoo.com Reply-To: [deleted]@yahoo.com To: [deleted]@yahoo.com.tw You get people from all over the world sending out spam to everyone like you and me. Not only is this a terrible thing to get in your email bit it can send up red flags at your ISP when hundreds of these come in at night. What to do? Simple, now turn on authentication. By simply enabling authentication on the access tab ans setting it to use Windows Authentication you can now just create an account and safely send out the emailw ithout having to worry about the entire taiwanese country sending spam through your server. Ok, that worked. We're all done right? WRONG! We need to do something about port 25 now. Remember, ISP's are blocking all traffic on port 25 that's not part of their network. So if I am over at a friend's house or using a wireless connection that I "borrowed" from someone, I need to have the ability to send out mail on a port other than 25. I need a way of fooling the ISP to allow me to send out the emails. In IIS you can specify the ports that you want to send out on. By default it's prt 25, but that does not mean you're limited to using that. Under the default SMTP server connection you can go into the properties and you will be presented with a list of options: General, Access, Messages, Delivery, LDAP Routing, and Security. Go into the General tab and within that page is an advanced button. Fromt here you have the ability to not only add and remove more virtual SMTP servers, but to edit them as well. From here you want to change it to a port that is not going to be in use by any other application . In this case we chose 465. WAIT!! 465 - that's SSL! Yes, it is the port that SSL is using. However you can still utilize it without having SSL configured. Just make sure after you're done to open port 465 on your firewall/router ans set it to go to the inside IP address of your new server. WAIT!! What about the IP address? Isn't it going to change? Why yes it is, and this is the cool part. You make sure that whatever router you get has the ability to use dynamic DNS. Dynamic DNS is the service that works the same way regular DNS works but works in real time instead of waiting /n/ amount of time for the replication to update (usually 24 hours). With Dynamic DNS you router will automatically update the external DNS service in real time each time your ISP renews your address. This way you never have to keep track of an IP address. That's basically it. With some minor tweaking and a decent computer you can easily send out email with no problems and not have to be restricted by those damn cable/dsl providers any more!