RE: [ISW] AOL mail issues

From: Steve Fletcher (safletcher_at_insightbb.com)
Date: 05/22/05

  • Next message: Steve Fletcher: "RE: SAS70" 
    To: "'Security-Basics'" <security-basics@securityfocus.com>
Date: Sun, 22 May 2005 01:38:59 -0500

    I have experienced this exact issue myself. In attempt to reduce the amount
    of spam they receive, AOL and others have made life difficult for everyone
    else by blocking a number of valid emails just because of where they are
    coming from.

    Essentially, here is what is happening. AOL is set up to block incoming
    messages if the mail server sending the message does not have a proper
    reverse DNS entry. For example, say your server has a host name of
    mail.mydomain.com and an IP address of 12.34.56.78. Of course, you already
    have a DNS record for mail.mydomain.com that points to the proper IP
    address. However, if you enter the IP address you will likely get something
    like adsl-12-34-56-78.dsl.cityst.myisp.net. Since the do not match, AOL
    does not allow the message to go through. To make matters worse, most
    companies do not have any control over these reverse DNS (PTR) records.

    There is a solution, however. Look into Sender Policy Framework (SPF).
    Essentially, you create a TXT record in DNS that lists what servers are
    allowed to send email for your domain. Details can be found at
    http://spf.pobox.com, including the format for the TXT records. Or, you can
    try contacting your ISP to see if they can set up the PTR record for your IP
    address.

    Hope this helps,

    Steve Fletcher
    MCSE (NT4/Win2k), MCSE: Security (Win2k), HP Master ASE, CCNA, Security+
    safletcher@insightbb.com

    -----Original Message-----
    From: GuidoZ [mailto:uberguidoz@gmail.com]
    Sent: Sunday, May 15, 2005 2:28 PM
    To: Security-Basics
    Subject: Re: [ISW] AOL mail issues

    Hey X. I've had the same problem many times over. Besides this Gmail
    account, I also have my own mail server running at home (home office
    actually). It's used by all systems locally, and usually works like a
    charm.

    I've received the EXACT same problem when trying to email clients that
    use AOL - emails bounce back to me since the mail server shares my
    Comcast BUSINESS account IP#. (Comcast insists I pay for a business
    account since I have a home office. It's basically a way to charge me
    twice what I would normally pay for the same speed.)

    I've yet to find a way around AOL's "solution" for halting open
    relay's beyond changing the mail server to Comcast when I need to
    email someone at an AOL email address. Top that off with I can even
    use any of the three domain name accounts I own since they are on a
    shared server which made its way onto a blacklist from some idiot
    spamming who knows when. (I've tried to have it removed only to get
    automated replies and crap back. I've given up.)

    If you happen to find a way around this, I'd be most appreciative for
    an answer. It hurts business productivity having to stop everything
    I'm doing just to change a mail server to please one ISP.

    One options I've thought of - if you want a simple solution, host your
    own "website". There are plenty of simple tools out there so even
    someone who hasn't a clue about how to setup DNS, HTTP, SMTP, etc
    could still pull it off. Google programs like "Simple DNS", "Free SMTP
    Server", "Simple Server WWW". While it certainly wouldn't be the most
    secure setup, it can be done. Isolating the machine on the network
    that is hosting everything would suffice for most. Just a thought. 

    --
Peace. ~G
On 5/15/05, xyberpix <xyberpix@xyberpix.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi All,
> 
> Has anyone else experienced this, and if there's anyone from AOL on
> here, please contact me off list, from a non AOL e-mail addy(you'll see
> why in a bit).
> I'm running my own mail server at home, it's not an open relay, it is
> however running TLS, and various other security bolt on's. I also have
> an ADSL connection with a static IP assigned. Now believe it or not,
> this means that I can't send directly to anyone with an AOL e-mail
> addy, as all my messages get bounced, with the error below:
> 
> >> <anyname@aol.com>: host mailin-03.mx.aol.com[64.12.137.249] refused
> >> to talk
> >>     to me: 554- (RTR:BB)
> >> http://postmaster.info.aol.com/errors/554rtrbb.html
> >>     554- AOL does not accept e-mail transactions from dynamic or
> >> residential
> >>     554- IP addresses. 554  Connecting IP: 83.104.33.136
> >> Reporting-MTA: dns; ack.xyberpix.com
> >> X-Postfix-Queue-ID: BBF6C2EDB0B
> 
> Now in an odd sort of way, I can kind of see their logic behind doing
> this, as most Open Relays will be trojans on someone's compromised home
> machine. But this really is a crap way to go about it, and
> consequently, I can't even mail postmaster@aol.com to complain, as my
> mail to that addy bounces with the same error. I have sent 3 mail to
> support@aol.com and postmaster@aol.com from a separate account and have
> had no joy as of yet , and would really like to know if anyone else has
> experienced this and found a way around it at all. Also, would this be
> worth actually writing a story about and posting it to a news site. As
> this irritates the hell out of me, I've never heard a good thing about
> AOL, and I guess this is just fuel for the fire. This wouldn't usually
> bug me, but 3 of my friends have AOL addy's because it's cheap, and I
> can't ask them to change their addys. Thoughts, idea's, AOL people???
> 
> TIA
> 
> xyberpix
> 
> For Security And Open Source News And Info Visit:
> http://www.xyberpix.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (Darwin)
> 
> iD8DBQFChxbNcRMkOnlkwMERAoaTAJ98LJar0OwWToupiNMj85E57x1BIgCeN+Hb
> H7UK6x0Y+pxt0zZdr3Uwv+c=
> =GRjy
> -----END PGP SIGNATURE-----
> 
>
  • Next message: Steve Fletcher: "RE: SAS70"

    Relevant Pages

    • Re: Cant send email from Outlook-Rejected by AOL-unsolicited bulk
      ... No emails go to any recipients. ... > don't know that the report is coming directly from AOL. ... If it is an e-mail then you can look at the headers to see if it came ... from your mail server (although, I believe, if you are using Exchange ...
      (microsoft.public.outlook.general)
    • Re: Hmm AOL and 4006 Event IDs
      ... Message delivery to the host '205.188.155.89' failed while delivering ... to me this seems that the recipent mail server is not ... You can check with AOL to see if you are blacklisted. ... Instead of the website you're using, try using OEx (Outlook Express ...
      (microsoft.public.exchange.connectivity)
    • Re: Unable to send email to AOL domain
      ... NEED a PTR (revserse DNS lookup) for this. ... aol is a real pain, ... > Does your mail server have a PTR record in your DNS? ...
      (microsoft.public.exchange.connectivity)
    • Re: [ISW] AOL mail issues
      ... I also have my own mail server running at home (home office ... Comcast BUSINESS account IP#. ... email someone at an AOL email address. ... > I'm running my own mail server at home, it's not an open relay, it is ...
      (Security-Basics)
    • Re: Are AOL having problems or am I doing something wrong?
      ... Is to apply very aggressive Filters, ... AOL) what Mail they accept. ... Which, naturally, as a PluSNet Customer, you would be expected to? ... Mail Server, cos many Mail Servers won't ...
      (uk.people.silversurfers)
    • Quantcast