Zonealarm / Comcast WTF moment

I am using zonealarm free version 6.1.737

VB and others, please don't tell me that I'm wasting my time on ZA. I
know your opinion.

For someone else. . .

ZA Seems to work OK, but I have an issue with email sending. I
configured ZA to allow outbound connections to "smtp.comcast.net".
Periodically, however, that will not work. i have to "edit" that
policy, ask ZA to "lookup" the ip address. It comes up with a list 4 to
6 ip addresses. They seem to change from time to time.

Two issues, one is a ZA question. Seems to me that the "program
control" feature should allow access once I tell it that I want to allow
thunderbird to access the "internet" then it should be able to get and
send mail.

Second, does is make sense that comcast seems to have a whole cloud of
smtp servers? And that change? if anyone is interested. Here is the
list that is currently "found" by my installation of ZA.

63.240.76.27
63.240.77.77
204.127.198.27
204.127.202.27
216.148.227.125

Thanks,
JH

Re: Zonealarm / Comcast WTF moment

John Hyde wrote:
> Second, does is make sense that comcast seems to have a whole cloud of
> smtp servers?

Yes.

> And that change?

Yes.

Yours,
VB.
--
Ein vision statement ist in aller Regel planfreies Gelalle einer Horde
realitätsferner Spinner.
Dietz Pröpper in d.a.s.r

Re: Zonealarm / Comcast WTF moment

On 1/3/2006 12:43 AM, Volker Birk wrote:
> John Hyde wrote:
>
>>Second, does is make sense that comcast seems to have a whole cloud of
>>smtp servers?
>
>
> Yes.
>
>
>>And that change?
>
>
> Yes.
>
> Yours,
> VB.

That's what I get for "yes or no" questions isn't it.

JH

Re: Zonealarm / Comcast WTF moment

John Hyde wrote:
> >>Second, does is make sense that comcast seems to have a whole cloud of
> >>smtp servers?
> > Yes.
> >>And that change?
> > Yes.
> That's what I get for "yes or no" questions isn't it.

Yes.

;-)

BTW: please explain, what you really wanted to know.

Yours,
VB.
--
Ein vision statement ist in aller Regel planfreies Gelalle einer Horde
realitätsferner Spinner.
Dietz Pröpper in d.a.s.r

Re: Zonealarm / Comcast WTF moment

on 1/3/2006 10:01 AM Volker Birk said the following:
> John Hyde wrote:
>
>>>>Second, does is make sense that comcast seems to have a whole cloud of
>>>>smtp servers?
>>>
>>>Yes.
>>>
>>>>And that change?
>>>
>>>Yes.
>>
>>That's what I get for "yes or no" questions isn't it.
>
>
> Yes.
>
> ;-)
>
> BTW: please explain, what you really wanted to know.
>
> Yours,
> VB.

i was trying to find out two things, one practical, the other to try and
expand my knowledge.

The first is whether there is some way to configure ZoneAlarm so that I
don't have to reconfigure when they change IP addresses of their SMTP
server. Seems to me I should be able to tell it to allow connections to
"Smtp.comcast.net" and it would do so regardless of IP. It don't work
though.

The second was why would comcast have a cloud of IP's for the smtp
server and why they would change. Again, I have no real need for this
information, I just like to understand how things work. I also realize
this is the wrong NG, but I don't moniter what would be the "right" NG.

Regards,\
Jh

Re: Zonealarm / Comcast WTF moment

In article <11rm8c2h5ccs44b@corp.supernews.com>,
John Hyde wrote:

> The second was why would comcast have a cloud of IP's for the smtp
> server and why they would change. Again, I have no real need for this
> information, I just like to understand how things work. I also realize
> this is the wrong NG, but I don't moniter what would be the "right" NG.

It's presumably for redundancy, to implement load sharing and fault
tolerance. The list may change as they take servers down for
maintenance and add new servers.

--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Re: Zonealarm / Comcast WTF moment

On 1/3/2006 6:10 PM, Barry Margolin wrote:
> In article <11rm8c2h5ccs44b@corp.supernews.com>,
> John Hyde wrote:
>
>
>>The second was why would comcast have a cloud of IP's for the smtp
>>server and why they would change. Again, I have no real need for this
>>information, I just like to understand how things work. I also realize
>>this is the wrong NG, but I don't moniter what would be the "right" NG.
>
>
> It's presumably for redundancy, to implement load sharing and fault
> tolerance. The list may change as they take servers down for
> maintenance and add new servers.
>

Hmmm, ok I guess tht makes sense. Still wonder about the ZA thing, but
I should shoot that out to a firewall group.

Re: Zonealarm / Comcast WTF moment

John Hyde wrote:
> The second was why would comcast have a cloud of IP's for the smtp
> server and why they would change.

To understand this, you could read RFC 2821, 5. Address Resolution and Mail
Handling. Then you're understanding, how a MUA choses its MTA.

You can read there:

| Multiple MX records contain a preference indication that MUST be used
| in sorting (see below). Lower numbers are more preferred than higher
| ones. If there are multiple destinations with the same preference
| and there is no clear reason to favor one (e.g., by recognition of an
| easily-reached address), then the sender-SMTP MUST randomize them to
| spread the load across multiple mail exchangers for a specific
| organization.

Unfortunately, not every MUA is fully standards compliant and will use
this algorithm for spreading the load. So for example, comcast could try
to enforce load balancing by using DNS round robin.

For example, Microsoft Outlook and Microsoft Outlook Express are infamous
for ignoring standards.

Yours,
VB.
--
Ein vision statement ist in aller Regel planfreies Gelalle einer Horde
realitätsferner Spinner.
Dietz Pröpper in d.a.s.r