Thou shalt not question Comcast

[me-5yx05kfkO/aqeI1yJSURBw at public.gmane.org (Matthew Gillen)]

Boland, John wrote:
> how did they get authority to port-scan "your system"?

I'm assuming that buried in their Terms-of-Service/user-agreement is some
provision that allows their "abuse" department to port scan you.  Or if it
isn't there, it will be as soon as someone complains, since they definitely do
reserve the right to alter the TOS at will.

> I'm hoping that you have your own firewall at a minimum.

Of course he does (well, I did anyway).  The problem is that he had those
ports open on purpose.

What might be useful is to know what IP they were doing the port-scanning
from, so we could blacklist their abuse department in our firewall.  Maybe
I'll figure out how to get iptables to log stuff in a way that doesn't
overwhelm me with gobs and gobs of stuff (I stopped logging port-scans years
ago, once they were happening upwards of 100 times a day).

I'm not sure whether that would help with the port 25 issues, but it might. I
suspect that they port-scan you, find port 25 open (i.e. accepting mail), and
interpret that as you /sending/ spam.  Sounds stupid, but it wouldn't surprise
me in the least, given the multitude of conversations I had with them over the
port-25-block debacle.

As evidence, consider this:  I use smtp.comcast.net as a smarthost (ie *all*
my outgoing mail uses that as a relay).  They sent me a message that I was
/sending/ spam.  I jigger my sendmail to send to port 587 on smtp.c.n, so
nothing coming out of my machine is bound for port 25 (I ran tcpdump for a few
days with "port 25" filter to verify).  A few days later, I get the same
message about spam being sent from my machine.

Matt