# What means “Communication administratively filtered”

tcp

I am facing a problem in a foreign country reaching a special server per TCP/IP. ICMP is no problem but it looks like the dialup access provider is somehow filtering the TCP port 25 (SMTP). I get a connection refused when trying this port. However in the same moment I get an ICMP message from a nearby host:

22  3.250098363 80.10.126.18    192.168.1.24    ICMP    94  Destination unreachable (Communication administratively filtered)[Packet size limited during capture]


As far as I can see the access provider is Orange in France.
I assume it is a type of filtering mechanism by the access provider. But why is this, what might be the reason and is it well known practice at all?

PS: Port 25 is not filtered by default. I can not reach a specific server only.

This is usually not a mechanism that your ISP enforces in its network, but rather just a default setting in the (potentially ISP-supplied) modem/router.

It is increasingly common for european ISPs to ship their devices for non-commercial customers like that, simply to get rid of the endless deluge of spam originating from trojaned windows boxes.

The router could have dropped the packages aswell, but was nice enough to give you a standards-compliant ICMP response to let you know what happened - not all router firewalls do.

Type 3: Destination Unreachable

Solutions:

• You can probably disable that specific firewall without changing anything else in the routers settings.
• If you can switch to using TLS-tunneled (usually port 465) smtp, then by all means do. If you cannot trust your ISP to provide you with proper documentation on how its devices are setup, expect more shenanigans that would be avoided in a secured transport.