May 05, 2010
This caused trouble for some of our clients, read below for the workarounds.
Today Verizon reconfigured residential FiOS in the Washington DC area to block TCP port 25 to non-Verizon servers. They claim this is for network security reasons, and I understand that this change will ultimately be made to the nationwide FiOS network.
SMTP interception: Not a new issue
For a long time we've recommended to our clients that they use port 1025 for sending email to our servers. Our servers listen to this port in addition to port 25. The main reason we recommend this is that many ISPs, in particular hotels, redirect port 25 to their own email servers. We definitely do not want our email to traverse these servers!
For those clients who have already switched to port 1025, today's action by Verizon was a non-event. For other clients (and indeed my own computers at home!) outbound email was broken until the clients were reconfigured.
Problems with Apple
Switching to port 1025 worked well for our clients using Thunderbird, but Apple Mail presented a unique problem. Old Apple Mail clients (2.1.4) worked, but for versions 3.1 and 4.2 the port setting would not survive a reboot. Fortunately Apple Mail tries multiple ports: 25, 465, and 587. So by adding port 465 to the list of ports we were already listening to, these Apple Mail clients started working without any reconfiguration.
Nov 23, 2009
I recently upgraded my FiOS service and had a problem resolving some DNS names. The solution was simple but frustrating.
I've been using Verizon FiOS for Internet service for years. In general I've been pleased with the service: it's very fast and very reliable.
I've been running FiOS without using the Verizon supplied router. Instead, I plugged the incoming CAT5 cable directly into my Linux server. This did require that I use a slightly complicated configuration supporting PPPoE, but once I finally got it set up it has been problem-free. My Linux server has also been my DNS server and my DHCP server. I'm sure Verizon doesn't like this configuration, as it gives them less control over and less visibility into my network. But that's fine with me.
However, I recently switched to using FiOS TV. Because of the way the TV set top boxes (STB's) need to communicate upstream for program information, I'm forced to use the ActionTec router that Verizon supplies. As long as I'm forced to use this router I decided to use a more normal, less techy configuration and just let the ActionTec be my DNS and DHCP server. This has generally worked without issue, at least for the first few days.
Last night I decided to change the default domain name that the router uses. It defaults to "home", but it's better for me if it uses "trueblade.com", that way I can more easily resolve domain names. In any network I've ever worked on, this would not be a problem. The only thing it should affect is that when a client asks for a name like "mail", it would first query for "mail.trueblade.com".
However this morning my home network wasn't able to connect to my mail servers. After a lot of poking around I discovered that my internal systems were not able to resolve fully qualified DNS names like mail.trueblade.com. After a lot more poking around, I discovered that the ActionTec would not resolve domain names ending in trueblade.com if its default domain were also trueblade.com.
So the solution was simply to change the default domain name on the ActionTec back to "home", or indeed any other string. That's frustrating, because it means that I can't type domain names like "mail", but I need to use the fully qualified "mail.trueblade.com". But it's only a minor frustration. The only time I don't use fully qualified names is when I'm debugging. All of my systems use fully qualified names for their configuration files.
I'll probably switch away from using the ActionTec as my DNS and DHCP servers. In addition to this problem, you're limited in the amount of configuration you have over the DHCP server in particular. I'll post more when I've made the decision to switch off of the ActionTec for DNS and DHCP.