AOL says my Exchange 5.5 is an open relay 1

[lobo170]

Help

AOL is sending me a message that mey server is an open relay. I appears that because they can send an email to
rcpt to: <CloseYourOpenRelay%aol.com@216.165.165.164> where the IP is my server, that this is an open relay. What happens in reality is that my server takes the email and ( i am assuming they get a 250 OK. the test is then not delivered because it is an invalid email box. How do I convince AOL this is not an open relay.

Any body else getting this?

Steve Wolfe
IS Facilitator
Hufcor Inc

 

[devastator]

That is because Exchange accepts Source Routed Emails. I have been able to disable this in the Firewall but haven't found a way to do it just in Exchange. But with the Firewall blocking them I am now relay secure all the way around.

Here is a description that I found from our firewalls site:

A source-routed address is an email address which gateways through another host. For example, the address &quot;john%somewhere.com@elsewhere.com&quot; is actually &quot;john@somewhere.com&quot;, but it first gets delivered to &quot;elsewhere.com&quot;, which then forwards the mail on to &quot;somewhere.com&quot;.

Source routed address are legitimate according to Internet standards, but their use is &quot;deprecated&quot; (i.e., discouraged) by the standards.

Some older networks still use source-routed addresses (for example, BITNET), but most do not. In 1997, AOL banned all source-routed email from their network, so that most remaining source-routed sites upgraded their sites to not use source routing.

Drew

 

[lobo170]

Drew

Thanks for the info. I could not even find any info about &quot;source routed&quot; email. I (at this time) do not have a firewall in place. Is my only option to satisfy AOL is to get a firewall??

(i hate aol)

Steve

 

[ChrisHirst]

I am surprised that AOL have the cheek to send out these messages, With the amount of spam (porn & general) that gets re-routed through AOL addresses they need to get their own house in order before playing nanny to everyone else.

Chris.

 

[lobo170]

I agree.

I still need to solve this problem and move on to real work. I have not recvd any other notifications form the hundreds of other open relay checkers. AOL appears to be the only one that is saying that source routing is prohibited. I tend to agree with them, but.. there appears to be no &quot;quick fix&quot; and so AOLers may be off my email capabilities.


Steve (i still hate aol) Wolfe

 

[devastator]

Yeah, AOL = RIP

What you could try doing adding AOL.COM to your message filtering to block all AOL.COM emails. Then have AOL try and relay again and it should fail. Maybe after that leave it up for a day just in case they try and test again or have figured that out. Of course the downside would be all AOL email would be denied.

Otherwise I have yet to find a way to block source routed emails through Exchange.

Drew

 

[swp13]

Using the IMS Routing tab you can set these. It is in Ex Srv 5.5 SP1. You can set IMS to not accept relaying. Look at MS Knowledge Base Q199656.

 

[lobo170]

Well over the weekend AOL has followed thru on their word...

No emails out to AOL. All get bounced back.

Drew After investigating AOL they check every 24hrs once you are on their LIST so blocking temporarily is not an answer.

SWP13 I have shut down all routing following MS process to not accept relaying..

Well I am looking at Firewall Software for a quick solution and will need to invest in a hardware firewall sooner that I wanted to.

Thanks for all of the feedback. If anyone has any more suggestions I would appreciate it.

Steve

 

[lobo170]

OK

AOL is finally excepting my email again. The resolution to this problem was:

1. Following all OPEN RELAY procedures as defined elsewhere
2. AOL did not like the fact that my email server did not have a reverse DNS entry.. The emails I got from them did not reference this. I found this out after calling their support line and talking to a person

Thanks for all the help

Steve