Comodo ASG Being Blocked As Non-Domestic

Business / Enterprise Security Products & Services Comodo AntiSpam Gateway - Hosted Anti Spam Service
#1

Hello everybody,

To describe my problem, I have to give the whole back story. Please bear with me as I detail it out.

I have several customers who we sign up for Comodo ASG who all use Exchange 2007 - 2010. We have been using Comodo as the outbound send-connector with no issues until a few customers have been notifying us that local and state (US) and government email (@state.fl.us, for example) are blocking their email. I contacted the mail admins of a few of these local county governments only to find they block any non-domestic mail source. Since the email is sending out through CASG - which is hosted in France - we had to change something. For Verizon FiOS customers, we started sending out through Verizon using stunnel and find it works perfectly. Unless you are sending to a Comodo customer - like ourselves - i.e. they email us of an issue.

What we are finding is email can be delayed upwards of 11 hours from Verizon.net to our Comodo mail system. What I also notice is the email is received close to the same minute it was sent, just off by more than 1 hour. In other words, if the email was sent at 3:22 pm I could end up receiving the email at 5:23pm, 8:23pm, 11:23pm or any other time in there with the hour being the only thing that is “off”.

I am sure this is a Verizon issue here, but what more can we do? Not sure if any of you have had the rare pleasure to spend some quality time in queue a, transferring to queue b, then going to residential sales, then back to business support, etc. The likelihood that I’ll get anybody on the phone who has the ability to fix this or even knows how is slim to none. Hence why this issue is still occurring.

Is there any talk of creating an outgoing server for CASG in the US? Problem is I can either fix Verizon or convince the state of FL, and possibly all others including the local county governments to stop blocking non-domestic email. I’d probably have more luck talking to my congressmen to pass a bill to STOP blocking email from CASG than getting Verizon to realize there’s an issue and fix it. But still…

We are already considering looking at other services for smarthosting email that will resolve our issues with sending to these local and state governements. But even when I sign into a Verizon.net webmail account and send an email to a CASG protected email account, the message will still be delayed. Any ideas if this v2.0 upgrade will stop Verizon and others from blocking the service? Pretty sure the IP addresses aren’t changing, but maybe they are.

#2

Hi,

We have heard of this a few times and have seen a few different workarounds. All of which are an extra burden to the overworked, underpaid, stressed-out admins and is therefore completely unacceptable to us.

We will be spinning up a replica of our European platform in Canada within the next 2/3 months (well, at current speed anyway). I’m sure everyone here understands why the platforms are in Europe and Canada.

Anyhoo, please let us get done with the migrations, enhancements to the mail-backup and time-zone settings and we’ll get right on the with North American servers.

Kind regards,
Michel.

#3

I concur with your choice of where to host the platform.

That reminds me, I really need to figure out what it takes to encrypt the inbound and outbound connections between my servers and yours.

#4

TLS?

Regards,
Michel.

#5

(apologies for hijacking the original thread)

Anything needs to be done on Comodo’s side, or just need to setup my server correctly to support it?

I’ve already got the client connections encrypted but not real sure about inbound and outbound SMTP where Comodo ASG is involved. Or maybe it is already doing it but I didn’t notice. I already had TLS turned on at the receive connector, meaning it should be offering TLS but falling back to unencrypted SMTP if the source doesn’t support it. I don’t see an option to explicitly require it.

It looks like my outbound connections are in fact encrypted, as reported in the headers on some sample messages. The inbound, I’m not sure. It’s encrypted up until the point where ASG connects to my Exchange, it looks like either the last hop is either unencrypted, or it is encrypted but Exchange doesn’t say so in the header it produces. I’ll have to dig deeper.

#6

What ports do you have configured for inbound and for outbound email?

#7

Inbound port 26 as specified on my ASG destination routes
Outbound port 587 as specified (I think) in the help documentation

I can see in the Receive Protocol log where I’m saying “250-STARTTLS,” in the post-EHLO conversation, however nothing indicates that the received message is anything other than plaintext. I can PM you some examples if you like.