From owner-freebsd-questions@FreeBSD.ORG  Wed Jan 21 12:21:00 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E528D16A4CE
	for <freebsd-questions@FreeBSD.ORG>;
	Wed, 21 Jan 2004 12:21:00 -0800 (PST)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 614CA43D69
	for <freebsd-questions@FreeBSD.ORG>;
	Wed, 21 Jan 2004 12:20:13 -0800 (PST)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (localhost [127.0.0.1])
	by fw.farid-hajji.net (Postfix) with ESMTP id ED78840861;
	Wed, 21 Jan 2004 21:19:33 +0100 (CET)
From: Cordula's Web <cpghost@cordula.ws>
To: fbsd_user@a1poweruser.com
In-reply-to: <MIEPLLIBMLEEABPDBIEGEEINFFAA.fbsd_user@a1poweruser.com>
X-Mailer: Emacs-21.3.1/FreeBSD-4.9-STABLE
References: <MIEPLLIBMLEEABPDBIEGEEINFFAA.fbsd_user@a1poweruser.com>
Message-Id: <20040121201933.ED78840861@fw.farid-hajji.net>
Date: Wed, 21 Jan 2004 21:19:33 +0100 (CET)
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: how to tell if my ISP is blocking email & web ports
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: cpghost@cordula.ws
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jan 2004 20:21:01 -0000

> I am thinking about enabling my gateway's sendmail email 
> server to receive email directly from the public internet and 
> also installing apache to serve my own home page. 

That's a common setup.

> I have 24/7 cable internet connection plus an registered 
> domain name which goes no place right now. 
> 
> I know I can not ask my ISP's tech support if they block 
> ports 110, 25, and 80, because they will get suspicious 
> and monitor my account. Want to stay under their radar.

Switch to an ISP that doesn't object to you running servers.

If you violate your ISP's AUPs, they'll simply cut you off.
Some ISPs run port scans or log their users' traffic, so
you may end up appearing on their radar anyway.

> So I need a way to test if the ports are blocked or not using an 
> friends PC and my current  IP address. 

Just start your servers, and check wether you can reach them
from the outside.

> What do you recommend? 

* Track -STABLE or -CURRENT regularly, esp. after security
  advisories.
* Open as few ports as possible to the outside ("sockstat -46"
  is your friend).
* It's your responsiblity to check that you don't operate an
  open relay!

You should monitor your box closely (i.e. use tripwire etc...),
and tread on the side of caution.

-- 
Cordula's Web. http://www.cordula.ws/