AOL Thinks we are an open relay Ugh!!

[stevenriz]

Hello, here is a quick overview. We are using Exchange 5.5 SP4 and Solaris 8 on the network. The Solaris 8 sends out internet email to various domains via the Exchange Server. The unix boxes are "authorized" relays on the Exchange server but all other relay attempts are rejected. Problem is AOL all of a sudden doesn't like this practice. They cannot be reasoned with either! My thought is to stop bouncing the emails off Exchange and go direct to the ISP. I assume we need MX records for each box we wish to send mail out of and take the exchange server "name" out of the DS line in the sendmail config. Does anything go back in there? As long as the DNS servers are set properly, is there anything else I need to think about here? Thanks!! I initially posted thread10-832237 in the exchange forum and thought I would post here as well! Thanks!

 

[Rhinokiller]

I had this problem a while ago with one of my domains and AOL. It turns out that the Rdns for my newest domain was not set up propely and AOL were classing the mail as spam. This was a surprise to me because AOL had been accepting mail from this domain for months and then they stopped abruptly.
Good Luck.

Cogito Ergo Sum - Non Compos Mentis

 

[stevenriz]

Sort of makes sense but how would that affect me? I don't know that I have the exact same problem. Our dns servers are set properly. nothing has changed that I can see.

 

[Rhinokiller]

Did you check to see if you are listed on any rbls ?
Check

http://www.dnsstuff.com

and plug your domain into the spam database lookup.

Cogito Ergo Sum - Non Compos Mentis

 

[stevenriz]

yes I did. We are on a couple but AOL doesn't look at this, they have their own test that does this.... This is from abuse.net. You will see the "250 OK - mail from..." line. This is all AOL requires in order to mark a server as an open relay. They admit never looking further at the "550 Relaying is prohibited" line. You just can't win with them!!

>>> RSET
<<< 250 OK - Reset
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 OK - mail from <spamtest@abuse.net>
>>> RCPT TO:<securitytest@abuse.net>
<<< 550 Relaying is prohibited

 

[Rhinokiller]

You know what they say "Friends don't let friends use AOL!"
Perfect example.

Cogito Ergo Sum - Non Compos Mentis

 

[stevenriz]

Any suggestions on how to email direct out of unix? I don't think we actually need to set up an MX record for outgoing mai only...

 

[Rhinokiller]

You'll have to ammend your MX to point to the unix boxes and set up smart_host on the Unix boxes. In this scenario the Unix boxes (running sendmail ?) would relay mail to/from the exchange server, and the exchange server would handle local delivery. Sound right ?
This is a lot of work, why don't you just get removed from the rbls you're on and see if that fixes the problem. A lot less effort than re-inventing your mail system.

Cogito Ergo Sum - Non Compos Mentis

 

[stevenriz]

I will tackle that first like you suggest but after speaking with AOL postmasters a half a dozen times, it is evident that
>>> MAIL FROM:<spamtest@abuse.net>
<<< 250 OK - mail from <spamtest@abuse.net>
is all they need to shut us off. They don't get any deeper then that. I will hope for the miracle but won't hold my breath..... Don't you think we can just have multiple servers in the model? I am thinking one exchange server which is already setup with MX record. Then simple outgoing mail servers only. The unix boxes will never receive, only send.

 

[Rhinokiller]

I don't bother with AOL post masters for the same reasons you are discovering right now. You could set up your model the way you discussed above but using the Unix box running sendmail for send/receive and the exchange box for local delivery is much neater. It's just a matter of preference.

Cogito Ergo Sum - Non Compos Mentis

 

[RhythmAce]

Pretty soon, only aol users will be able to send e-mail to aol users. They also will not accept mail from a server with a dynamic ip address. Although I had what I thought was a static ip, it was in the range of what my isp called residential ip addresses. I guess aol figures that anyone who sets up a mail server on this type of ip must be up to no good. After shelling out a few bucks for ip addresses that have aol's blessing, they accept mail from my servers again.

 

[stevenriz]

They are something else, next thing you'll know is they want to become their own country!!!

I am now looking at my reverse DNS it doesn't look right anymore. I am willing to bet there is something wrong with it. Once I talk to my ISP, I will let you all know the outcome. Thanks!!!

Back to the unix box sending out email, I don't know that it is any different then using exchange to bounce the unix messages. You are telling me to use unix to bounce exchange mail. What would be the difference? Maybe the unix smtp servers handle this differently? Come to think of it, it probably does it a lot better and more securely then exchange anyway.

 

[jkupski]

>>You will see the "250 OK - mail from..." line.
>>This is all AOL requires in order to mark a
>>server as an open relay.

I'm not sure I believe this. This is basically saying that AOL's policy is not to accept email from servers that are configured to accept incoming email. I can't believe that even AOL would be that blindingly stupid.

Because you say you're already on multiple RBL lists, I think you need to dig a little depper than simply blaming AOL.

 

[stevenriz]

As it turned out, the reverse dns setup prompted AOL to accept mail again. I swear I talked to three separate postmaster guys over there and that is what they told me!!! Maybe I had front line guys that weren't as seasoned as the higher ups...... the lists we are on are small and we have been on them fro years I thnk back when we WERE an open relay but we finally smartened up!! Thanks for all the help!!

 

[Rhinokiller]

I love it when a plan comes together. Rdns was the culprit all along ???

Cogito Ergo Sum - Non Compos Mentis

 

[stevenriz]

ya it seems that way. It felt good blaming AOL though... I hope to have that chance again!! )