Forgot your password?
typodupeerror
America Online Your Rights Online

AOL Bans Mail From DSL-Hosted Servers 925

Posted by timothy
from the because-individuals-should-not-have-them dept.
kmself writes "As first reported at linux-elitists by Aaron Sherman, and with a demonstration of the denial at zIWETHEY, AOL has begun blocking mailservers identified with residential DSL lines as an anti-spam measure, apparently heedless of the huge collateral damage this move imposes (and guess who can't send mail to Mom...). This action was unannounced, and has received virtually no coverage, spare an oblique mention at News.com. It also violates SMTP RFCs, as Aaron points out, not to mention the 'good neighbor' conventions of Internet communications. Mail to AOL's postmaster is also bounced -- this is RFC-ignorant. I strongly recommend that as a compensatory measure, non-AOL MTAs be configured to deny all incoming mail from AOL's domain."
This discussion has been archived. No new comments can be posted.

AOL Bans Mail From DSL-Hosted Servers

Comments Filter:
  • by Anonymous Coward on Sunday April 13, 2003 @06:31PM (#5723402)
    I recently setup SMTP on my linux box (just for the fun of it). One of my friends has a hotmail account. I very quickly discovered that hotmail is refusing connections from my linux box (on a cable network). I very quickly told Postfix to send any hotmail bound email to my ISP's SMTP server. My friend got the email so... that may be an easy workaround for AOL as well.
  • Good move (Score:5, Informative)

    by Adnans (2862) on Sunday April 13, 2003 @06:33PM (#5723421) Homepage Journal
    If you have DSL you should still use your upstream SMTP server for outgoing mail. About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays. I've set up exim to ignore all incoming SMTP calls from dsl hosts (*.dsl.*) and also to block hosts without proper reverse-DNS. These 2 simple steps take care in blocking a huuuge quantity of incoming SPAM at the doorstep...It's not fullproof, but it helps a great deal.

    -adnans
  • Noticed this earlier (Score:5, Informative)

    by MattC413 (248620) <MattC413@@@hotmail...com> on Sunday April 13, 2003 @06:37PM (#5723440)
    My linux mail server can no longer connect to any of AOL's mail servers for outgoing mail.

    This link [aol.com] is the general site for AOL's mail issues.

    This link [aol.com] is the FAQ that contains some error messages.

    This link [aol.com] is to their daemon section that lists error/rejection messages when connecting to their mail daemon.

    For those who do not wish to risk goatse.cx links, this is the message one gets when trying to connect from a residential block:

    550 - The IP address you're using to connect to AOL is either open to the free relaying of e-mail, is serving as an open proxy, or is a dynamic (residential) IP address. AOL cannot accept further e-mail transactions from your server until either your server is closed to free relaying/proxy, or your ISP removes your IP address from their list of dynamic IP addresses. For additional information, please visit http://postmaster.info.aol.com.

  • by dougmc (70836) <dougmc+slashdot@frenzied.us> on Sunday April 13, 2003 @06:40PM (#5723459) Homepage
    The first I noticed it was March 27th (and I don't email my dad @ AOL that often, so it probably happened even before that ...)

    The original message was received at Thu, 27 Mar 2003 13:35:36 -0600
    from dougmc@localhost

    ----- Transcript of session follows ----- ... while talking to mailin-03.mx.aol.com.:
    550-The IP address you're using to connect to AOL is either open to the
    550-free relaying of e-mail, is serving as an open proxy, or is a dynamic
    550-(residential) IP address. AOL cannot accept further e-mail
    550-transactions from your server until either your server is closed to free
    550-relaying/proxy, or your ISP removes your IP address from their list of
    550-dynamic IP addresses. For additional information, please visit
    550 http://postmaster.info.aol.com. ... while talking to mailin-04.mx.aol.com.:
  • by dougmc (70836) <dougmc+slashdot@frenzied.us> on Sunday April 13, 2003 @06:46PM (#5723489) Homepage
    They could even actually ban telnet, http, and ftp, too.
    They used to do that (sort of. They didn't ban the traffic, they just didn't route it.) If you don't recall, AOL started as a glorified BBS and only later did they add email, then Usenet, then WWW and other Internet services.

    Read about The September that never ended [astrian.net] !

  • by LoadStar (532607) on Sunday April 13, 2003 @06:46PM (#5723495)
    If you want to send mail to AOL you just need to use something different than DSL. No big deal. May I suggest AOL/Time Warner Road Runner Cable Modem Service?

    No, all you need to do is use your ISP provided mail server, or use an alternative mail server not hosted on your DSL line.


    After seeing the umpteenth email stroll into my mailbox that was either a spam or a virus, I applaud the move. Virtually every consumer DSL or cable provider have a "no server" clause in their ToS anyway, so this shouldn't be all that big of a deal. The original poster sounds like sour grapes because he can't use what he shouldn't be using to transmit mail anyway.


    However, as the original post referenced in the submission noted, I too wonder how AOL determines which IP addresses are dynamically allocated, and which are statically allocated, because business class DSL and cable should be exempt from this policy - those lines usually allow servers.

  • Open Proxy Madness (Score:4, Informative)

    by Akai (11434) on Sunday April 13, 2003 @06:48PM (#5723501) Homepage Journal
    As a network engineer of a DSL and T1 only ISP (we have dialup but only for traveling DSL/T1 customers) I can let you know that this will probably stop oodles of spam.

    The latest spammer tactic is not to seek out open relays, but open windows proxies, and from there they can initial outbound SMTP connections to legit SMTP servers and send spam.

    Already a large number of dialup providers will only allow you to send through their mail server, and a larger number of ISPs user the DUN RBL to block email directly from dialup pools.

    This is just more of the same. Your ISP should provide you with SMTP service, use them as a smart host even if you're running your own SMTP server, so it'll offload the requeing/etc from your box to theirs.

    DSL and Cable are the new dialup, and should be treated as such, a place where the majority of the customers are clueless idiots who ruin the party for the smart people.

    Several ISPs are starting to scan mail servers sending them mail for open proxy/open relay before accepting the mails, expect to see this practive and AOL's solution spread to most ISPs in the near future.

    If you want to run a real mail server, perhaps you should get a real internet conenction, like Colocation or T1.
  • Trivial fix (Score:5, Informative)

    by harlows_monkeys (106428) on Sunday April 13, 2003 @06:49PM (#5723515) Homepage
    In /etc/mail/sendmail.mc:

    define(`SMART_HOST',`smtp.server.of.you.isp')
  • It would seem they have added blocking to all dynamic IP senders. ISP's submit these blocks willingly if your ISP put you on the list of dynamic IP have a talk with them NOT AOL. Not all ISP's submit to these lists. Generaly the best thing to do is to have your sendmail use your ISP's mailserver as a smart relay it gets rid of the issues.

    Now as to why people with dynamic IP's are responcible for a VAST ammount of spam (per my spamfilters and thats for over a quarter million domains and no I dont have pretty graphs :) It's jsut way to easy and fast to get DSL, cable modem, or dial up and start sending email dialup especialy. These people cause serious ammounts of grief to the ISP's that end up with them.
  • by osjedi (9084) on Sunday April 13, 2003 @06:57PM (#5723566)
    I have the same problem, but the solution for me is not so easy. My company is self hosted on our DSL line and hotmail refuses mail from our domain. I can't relay the mail through our ISP - we host our own domain on our own server. Hotmail is discriminating against because we are self-reliant.
  • Re:Good move (Score:5, Informative)

    by SoupIsGood Food (1179) on Sunday April 13, 2003 @07:02PM (#5723602)
    Verifying reverse-DNS isn't a terribly good idea... you're blocking mail comming from sites that do virtual hosting. In the olden days of one-to-one mapping of hostname and IP, it was a smart move. Now, when a single box can host hundred domains or more, filtering out connections from domains without reverse-DNS is going to cause more problems than it solves.

    SoupIsGood Food
  • by Anonymous Coward on Sunday April 13, 2003 @07:03PM (#5723606)
    They do this. TCP/IP only account with unlimited access is available for $10.
  • by Cirkit (584149) on Sunday April 13, 2003 @07:04PM (#5723613)
    I'd expect users of RBLs (see http://www.spews.org) and certainly the denizens of NANAE to argue that they have the right to refuse to receive email from anyone, for any reason, since that mailserver is private property.

    It can be used in ways you like (refusing emails from Verizon's corporate HQ because they refuse to kick their spammers) or in ways you don't like (making it more difficult to send outgoing mail), but I don't see how you can reasonably kick and scream against one and not the other.

    Actually, several providers have been refusing email from dial-up pools for a year or more, which is what caused me to decide that I would need to send outbound email through my ISP. IIRC, attbi refused email from my server on my ISDN line over a year ago.

    The solution isn't difficult - go dig around on your ISP's website (or call them) and figure out the mailserver that you'd be using if you WEREN'T running your own MTA. Set your mail server to relay outbound emails through them. (See your man pages - it isn't difficult.) There's NO way your ISP's mailserver is going to refuse to accept your email, since if they did, no one not running an MTA could get email out. Sure, you'll have an extra line of headers in your outbound email, but it doesn't seem like such a big deal. Was the location of your mail server a secret anyway?

    Of course, if your ISP is a notorious hoster of spammers, you're going to need to find a new ISP. You didn't really want to support those spammers anyway, did you?
  • Sendmail workaround (Score:2, Informative)

    by sbraab (100929) on Sunday April 13, 2003 @07:05PM (#5723617)
    I saw this problem a while ago with Verizon corporate. I finally had to set up my sendmail to relay through my DSL providers mail server.

    To do this with sendmail use DSoutgoing.isp.net

    If you need to authenticate you need to set up a default-auth-info file.

    This has made mail delivery far more reliable.
  • by Zocalo (252965) on Sunday April 13, 2003 @07:07PM (#5723630) Homepage
    Nope. It's actually in RFC2821 section 4.5.1 - Minimum Implementation:

    Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox "postmaster" as a case-insensitive local name. This postmaster address is not strictly necessary if the server always returns 554 on connection opening (as described in section 3.1). The requirement to accept mail for postmaster implies that RCPT commands which specify a mailbox for postmaster at any of the domains for which the SMTP server provides mail service, as well as the special case of "RCPT TO:" (with no domain specification), MUST be supported.


    SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet. In extreme cases --such as to contain a denial of service attack or other breach of security-- an SMTP server may block mail directed to Postmaster. However, such arrangements SHOULD be narrowly tailored so as to avoid blocking messages which are not part of such attacks.

    Note that there are no punitive measures are listed at all, in fact the worst that can happen for bending an RFC is that you will be named and shamed on a site like www.rfc-ignorant.org [rfc-ignorant.org] and maybe be blocked by some system admins. If you actually *break* the protocol on the otherhand, then things will probably get a little more ugly... ;)
  • Re:No problem (Score:5, Informative)

    by Zocalo (252965) on Sunday April 13, 2003 @07:17PM (#5723695) Homepage
    I've never had a single spam message from those places.

    I've had a few, but in the main, you are correct in saying not much spam comes from aol.com. However, an awful lot of spam *claims* to come from aol.com, even when it actually originates in China, Korea, or some spamhaus in the USA/EU. For this reason refusing mail from aol.com and others may give exceedingly good results with low enough colateral damage to be bearable for some home mail server operators.

  • Re:heh... (Score:3, Informative)

    by ThreeZee (609147) on Sunday April 13, 2003 @07:23PM (#5723723)
    550-The IP address you're using to connect to AOL is either open to the 550-free relaying of e-mail, is serving as an open proxy, or is a dynamic 550-(residential) IP address. AOL cannot accept further e-mail 550-transactions from your server until either your server is closed to free 550-relaying/proxy, or your ISP removes your IP address from their list of 550-dynamic IP addresses. For additional information, please visit 550 http://postmaster.info.aol.com. Comcast IPs are now blocked also. (That's cable!)
  • by realperseus (594176) on Sunday April 13, 2003 @07:24PM (#5723730)
    Check here [aol.com].
  • Re:About Time (Score:3, Informative)

    by Wakko Warner (324) on Sunday April 13, 2003 @07:42PM (#5723806) Homepage Journal
    You do know that you can run spamassassin without running a mailserver.

    Well, now you do, anyway.

    - A.P.
  • Re:Good move (Score:4, Informative)

    by raju1kabir (251972) on Sunday April 13, 2003 @07:46PM (#5723833) Homepage
    All these residential users should be using their ISP as a relay. That's what the ISP is there for.

    I have Verizon DSL. Their relay won't let me send mail with any return address other than @verizon.net. That's completely useless, so I don't use it. Are you honestly saying that all broadband customers should restrict their email addresses to those assigned by their bandwidth providers?

  • by SuperBanana (662181) on Sunday April 13, 2003 @07:50PM (#5723866)
    If you have DSL you should still use your upstream SMTP server for outgoing mail.

    If I did that, I'd be accused of spamming by my ISP, since I run a VERY high volume mailing list. We have approximately 12 lists; the bigest list has 1,500 subscribers and gets about 100 emails a DAY. We have another major list that's about 500 people and similar volume.

    About 90% of incoming SPAM on my box originates from Windows boxes on DSL lines with open relays.

    99% of MY spam comes from chinese and eastern european ISPs that don't give a crap what people do with their internet connections. The solution is not blacklisting DSL and cable connections(because, among other things, it's not easy to switch, unlike dialup.) The solution is cutting off bad ISPs from backbones...but that's not likely to happen any time soon, because the backbone providers don't give a crap- every packet is money in their pocket, regardless of what kind of packet it is.

    And guess what? If you are getting lots of spam from DSL/Cable users, it's really easy to solve. Report it. If there's a report of spam, the ISP disconnects the customer until they fix it. Imagine how fast people will learn to keep their machine clean if their internet connection goes down. ISPs will whine about the work, but, gee, that's like the gas station attendant whining about having to give directions to people all the time. Comes with the territory, bub.

    It's ignorant people like you(who think "since -I- don't need to send mail directly, neither does anyone else!") that cause people like me grief.

    We get next to NO money from subscribers to pay for costs- $5 donations here and there. DSL and Cable offer a nice, cheap way to host a mailing list, or a webboard; we don't use very much bandwidth at all, and occasional hiccups aren't a problem, especially given the design of SMTP; if at first you don't succeed, try, try, again. Commercial DSL is just less down bandwidth, slightly more up bandwidth, a 'real' static IP instead of a DHCP-assigned address that basically never changes...and a HELL of a lot more expensive. Oh, and instead of telling you to go screw yourself when you scream at them for your line being down, they -politely- tell you there's nothing they can do(and, by the way, -please- go screw yourself.)

    Luckily, we're sucking bandwidth off a hosting company that has graciously allowed the box to sit off their network- but if they tank, we'll be screwed- commercial hosting runs about $90+ or more, and our box isn't rackmountable, so there's another $25-50/mo.

    Slowly but surely, the media companies are doing their best to squeeze out other sources of competition- the little guys. Check your Terms of Service/Acceptable Use Policy. My home connection(ATTBI, now Comcast) has banned "messageboards and mailing lists" for years, along with FTP, web, mail, IRC...and specifically states it's an "entertainment service", and I am a "consumer" of that service- ie, sit down, shut up, and be a good little consumer of mass web media. How dare you produce your OWN media...

  • Re:Good move (Score:4, Informative)

    by doorbot.com (184378) on Sunday April 13, 2003 @07:50PM (#5723868) Journal
    1) Most of these "home servers" don't have a PTR record at all.
    2) Those that do, almost NEVER have one pointing to the domain they claim to be recieving for.


    Maybe because that would cost me even more money, and I don't see the need to pay for that, when all I really need is a static IP. If you want to pay for it, though, drop me an email (if you can).

    3) All these residential users should be using their ISP as a relay. That's what the ISP is there for.

    Except I have to pay for this service too. If I want to host my own domain, I can do it with Linux and an MTA. I don't need to rely on Pacific Bell, and more importantly I don't need to pay them extra for a service I can provide on my own.

    4) Since there's no reason for them to need to send it out *not* through the ISP as a relay host, the majority of these users are spammers or just ignorant. In the first case, it's good to block them. In the second, maybe they will get a clue.

    Pacific Bell's mail servers have been blacklisted in the past, thanks to these spammers. My IP, however, has never been blacklisted. If I tried to relay out through my ISP's SMTP server, I would have a hard time delivering my email.

    I agree with your points, but in reality it is a flawed plan. All it takes is one spammer to get an ISP's mail server blacklisted (and I think we all know how quickly the ISPs react to get themselves removed from the lists). At least with my DSL line, as long as I am (apparently now it's "was") a good citizen, I could send mail to whomever I wanted.

    If it comes down to me relaying through my ISP, I'll probably bounce through the server at work. Unfortunately, not everyone has that option.
  • Re:Good move (Score:4, Informative)

    by chill (34294) on Sunday April 13, 2003 @08:01PM (#5723942) Journal
    Really? You just pay for connectivity? Who is your provider? I need to switch!

    Of course, if you mean you didn't read your TOS and only THINK you are playing just for connectivity, then never mind.

  • Re:Good move (Score:3, Informative)

    by Mastoid (138665) on Sunday April 13, 2003 @08:01PM (#5723949) Homepage
    I have Verizon DSL. Their relay won't let me send mail with any return address other than @verizon.net. That's completely useless, so I don't use it.

    True. In fact, Verizon requires that you both use a From address for a domain that they host (such as bellatlantic.net or verizon.net, or a domain you pay them to host) and authenticate with their outgoing relay.

    However, for what it's worth, you can put whatever you want as a Reply-To.

  • No, you did not (Score:5, Informative)

    by autopr0n (534291) on Sunday April 13, 2003 @08:08PM (#5723974) Homepage Journal
    There is no way to Spam from AOL/Yahoo or Hotmail. It's physically impossible for a common user to do it.

    What is possible to do to forge a 'from' address in an email header. Look again at the emails you have in your spam bucket and look at the recived-from: header. I'll bet you $100 they didn't come from anywhere with a '.yahoo.com' at the end.
  • Excellent point (Score:5, Informative)

    by KMSelf (361) <karsten@linuxmafia.com> on Sunday April 13, 2003 @08:18PM (#5724032) Homepage

    I hadn't considered that, but they've got a $1 billion interest in just that area [theregister.co.uk].

  • Re:ummmm... (Score:5, Informative)

    by darkonc (47285) <stephen_samuel.bcgreen@com> on Sunday April 13, 2003 @08:27PM (#5724071) Homepage Journal
    One thing that you can do is foreward your email through your ISP. If you're using Sendmail this is done with the smarthost entry:
    # "Smart" relay host (may be null)
    DSmail.MyISP.net
    would forward youre spam (er, email) through the box mail.myISP.net . Most ISPs have a designated server that will allow email forewarding from anybody in their network space.
  • by Anonymous Coward on Sunday April 13, 2003 @08:35PM (#5724112)
    Try sending 2 oz letter 3500 miles for $0.36

    US Mail is .37 + .23 each additional oz.
  • by Piquan (49943) on Sunday April 13, 2003 @08:41PM (#5724131)

    My ISP has not shown that its servers are reliable. I like to be able to use mailq to see what's backed up. I'd also like to be able to use my own mailer's parameters for bounces. There's lots of reasons to prefer to use your own mailer instead of your ISP's, even if you technically could use your ISP's. But now, you'll want to relay through your ISP for all the mail that AOL won't accept, while sticking to your own SMTP services for everything else. That's what this document is for.

    I encourage people to write corresponding documents for other MTAs. Also, some people can only send mail through their ISP with their ISP-assigned username. It's possible to configure sendmail to adapt AOL-bound mail to have the ISP-assigned sender. That is not discussed in this document; email me if you need it, and I'll write a followup post.

    HOWTO: Configuring Sendmail to use your ISP's relay for AOL

    This uses the sendmail mailertable feature. The mailertable feature allows you to specify the mailer and relay parameters for individual domains. That's exactly what we need here.

    1. First, you'll need mailertable support in your sendmail config. Grep your sendmail.cf for the string "Id: mailertable.m4". If it's in there, you've got it and can skip the next step.
    2. Since you don't have mailertable support, you'll need to add the following line to your .mc file:
      FEATURE(mailertable, `hash -o /etc/mail/mailertable')
      Note that the first quote is a backquote! After you do this, you'll need to rebuild your sendmail.cf file. (On FreeBSD, you can just run 'make' in /etc/mail to do this. You can also use the following command (it's on one line):
      m4 -D_CF_DIR_=/path/to/sendmail/cf/ /path/to/sendmail/cf/m4/cf.m4 sendmail.mc > sendmail.cf
      You'll need to put sendmail.cf in its proper place, usually /etc/mail but sometimes /etc or elsewhere.
    3. Create a file /etc/mail/mailertable. In it, add lines like the following:
      aol.com esmtp:relay.my-isp.net
      earthlink.net esmtp:relay.my-isp.net
      Fill in relay.my-isp.net with your ISP's relay hostname.
    4. Rebuild the mailertable file. On FreeBSD, you can just run 'make' in /etc/mail to do this. You can also use the following command:
      makemap hash mailertable.db < mailertable
    5. Restart sendmail. On FreeBSD, you can just run 'make restart' in /etc/mail. Other OS's may vary.

    Remember that some ISPs may require you to use your ISP-assigned email address to relay through them. This won't help with that, but there's easy solutions for it. (This sort of thing is where Sendmail rocks.) Email me if you need it, and I'll post a followup.

  • Re:Privatized mail (Score:2, Informative)

    by MetaDupe (665151) on Sunday April 13, 2003 @08:53PM (#5724201)
    Why does the USPS need to get it's act together? you cite that our already privatzed postal service is the envy of the world, but why say it needs to get its act together? They are efficient, statistically reliable (anecdotes about US mail getting lost are mere, well, anecdotes) and very cheap. 37 cents for a first class letter? 2-3 day express mail is comprable to UPS and Fedex in speed and reliability and waaaaaaay cheaper. Of course, Fedex is a bit safer for overnighting and UPS cuts great deals, but as far as a post office system goes, the USPS 0wnz3rs.
    BTW, did you know that the USPS does not take taxpayer money? Not a cent.
  • Re:Privatized mail (Score:3, Informative)

    by innocent_white_lamb (151825) on Sunday April 13, 2003 @08:54PM (#5724206)
    And frankly our postal system is a bargain. Try sending 2 oz letter 3500 miles for $0.36 in any other country in the world.

    48 cents in Canada, which is about 31 US cents at current exchange rates.

    Try again.
  • by bedouin (248624) on Sunday April 13, 2003 @09:18PM (#5724353)
    Let me just point out a few things:

    1) Although I've never used my ISP's mailservers for outgoing mail, my friends have -- and mail is constantly lost, or delivered hours late.

    2) Likewise, my ISP's incoming mail servers are frequently down, losing mail, and full of spam (the address was either harvested or sold, I don't know which. I have evidence of it, but that's another thread). A couple of my own local accounts suffer from spam as well, but I managed to install Spamassassin, which must be too difficult for my ISP.

    3) Privacy is a concern with me, and I'd prefer to handle mail transactions myself.

    4) I like the reassurance of looking through my Sendmail logs, knowing that an important message was delivered, and if it wasn't, the reason why.

    5) Although this is unrelated, my friends often complain of outages when my service is fine. The reason? My ISP's DNS servers are constantly screwed up, yet I run my own.

    6) I run majodomo to host a small mailing list of 20 of so members (that moves perhaps 500 messages a month); that's not enough traffic to justify having it hosted somewhere else, and Yahoogroups butchers messages with advertisements. Luckily none of its members use AOL.

    7) I check my mail logs often (to make sure nothing unordinary is going on), and do not allow relaying.

    Many of us run mail servers simply because our ISPs are unreliable. Many ISPs can't even host a measly 5mb of web space adequately, so I feel weary letting them handle important E-Mails. I wish Speakeasy was available in my area, it would be a no-brainer switch.

    You've probably heard the saying, "tolerating excesses in order to preserve freedoms." Well, Spam is an excess -- a very horrible excess. At the same time, enough people use home mail servers for justifiable reasons that outlawing them, or blocking mail from them isn't a logical decision.

    And besides, there's other [apple.com] ways to prevent spam [spamassassin.org] without making anyone unhappy. Spamassassin, once configured correctly, nails just about all spam. My university filters spam on my POP account, and I receive maybe one (if that) a month; couple that with Mail App's built in filtering and I haven't actually seen a Spam message in months. The best way to get rid of spammers is to implement solutions that make their efforts ineffective on ANY level, not just by killing off one of their hundreds of other options (AOL's method).
  • Re:Trivial fix (Score:2, Informative)

    by corz (409850) on Sunday April 13, 2003 @09:48PM (#5724539) Homepage
    Or, for qmail users:

    echo ":smtp.server.of.your.isp" > /var/qmail/control/smtproutes
  • Re:Trivial fix (Score:3, Informative)

    by Saint Nobody (21391) on Sunday April 13, 2003 @10:00PM (#5724623) Homepage Journal

    http://www.sendmail.org/~ca/email/sm-812.html#812A UTH [sendmail.org]

    you put this in your access map: "AuthInfo:smtp.server.of.your.isp "U:foo" "I:foo" "P:bar"" although you might need to know realms and/or mechanisms, too.

    next time, at least check to see if it's an easy answer before you get belligerent and sarcastic.

  • Re:No problem (Score:3, Informative)

    by afidel (530433) on Sunday April 13, 2003 @10:48PM (#5724893)
    This [okean.com] site lists Korean and Chinese netblocks.
  • by Fletch (6903) <<fletch> <at> <pobox.com>> on Sunday April 13, 2003 @11:39PM (#5725169) Homepage
    "Yes, but have they told their subscribers?"

    Of course not. In fact, they're downright lying about it.

    I've got a free AOL account at the moment, and your question prompted me to go check out the "mail controls" that entails. I've found an option to "allow all email to be delivered to this screen name." This translates to "allow e-mail from all AOL members, e-mail addresses, and domains." (emphasis mine.) This is the default setting.

    Does that mean this account is still affected by this email blockage? They're apparently blocking it at the SMTP level, not just failing to deliver it, so, Yep! It sure is.
  • by ajs (35943) <ajs@ a j s . com> on Sunday April 13, 2003 @11:56PM (#5725247) Homepage Journal
    It's worse. Here are the ways that I know AOL is violating RFCs for valid mail traffic:

    1. Mail bound for postmaster@aol.com is not accepted.

    2. They issue a 550 response before the client has a chance to issue a greeting. There are two allowed responses at that point: 554 and 220. 550 is right out.

    3. They disconnect before the client issues a "QUIT" command or times out. Also bogus.

    AOL is playing a game of chicken here to see how much of the net will blacklist them for breaking the RFCs. Once they smell blood in the water because not enough sites care, they can pretty much start writing their own book....
  • by scrain (43626) on Monday April 14, 2003 @12:57AM (#5725645)
    Let me preface this with a disclaimer. I worked in AOL's mail and anti-spam groups for 5 years, ending back about a 2 years ago. I still keep in touch with the people back there, and I have a good idea what's up, as I still work in the anti-spam 'industry'.

    Not that anyone will see this, as it's on the second page of comments...

    A massive percentage of spam (well over 50%) comes from compromised windows boxes running either trojan software to open ports for spammers to proxy through, software like AnalogX that does the same, or just users who somehow manage to set up a proxy that's open to the world. There's also a big problem with a LOT of the DSL hardware on the market, that allows people to proxy through it transparently, via use of a security hole. Check Bugtraq if you want to find details.

    These broadband connections are where the spammers are headed for anonymity. Yeah, sure, there's still a bunch of big-time professional spammers out there who spam away from their often-moving netblocks. That bunch isn't so hard to keep up with.

    There's also the problem of Klez and other SMTP aware worms that busily want to send you lots of infected mail. Sure, *nix users don't really care about that, but companies like AOL, with a crapload of less-than-savvy users have to.

    It's been this way for 56k dialups for about 3 years or so... but the noise about that only lasted a few weeks, much like this will. If your DSL company can't support your needs, vote with your feet! Switch your service to one that can. If Verizon can offer you service, you can pretty much bet that Covad can too.

    (shameless plug: Check out lmi.net for that stuff.. small companies make for better service, and if you need the medium-sized company feel, go with Speakeasy.)

    So what if you have a contract... if they can't get your mail to AOL with the right domain, it sounds like grounds to break it to me. =)
  • Re:No problem (Score:3, Informative)

    by blowdart (31458) on Monday April 14, 2003 @01:13AM (#5725734) Homepage
    See blackholes.us [blackholes.us] for a suitable dnsBL list for Korea.

    It covers other countries too, as well as some ISPs (including certain ones that don't give a damn like wannadoo and interbusiness.it)

  • by scrain (43626) on Monday April 14, 2003 @01:42AM (#5725850)
    AOL is also their own registrar, so it's pretty much impossible for them to ever lose their domain. =)
  • by kcbrown (7426) <slashdot@sysexperts.com> on Monday April 14, 2003 @04:25AM (#5726377)
    I wrote:
    especially since there is only one paragraph in RFC 821 that even mentions "mail exchange" and not in any context that we're talking about

    Arrgh. RFC821 is way out of date...should have been looking at RFC 2821. But looking at that only seems to strengthen my case:

    The Mail eXchanger mechanisms of the domain name system [22, 27] (and
    section 5 of this document) are used to identify the appropriate
    next-hop destination for a message being transported.

    (implying that if you receive email from a host, that host should either be a mail exchanger for the sender's domain, or the originating host itself)

    ... Servers MUST be
    prepared to encounter a list of source routes in the forward path,
    but SHOULD ignore the routes or MAY decline to support the relaying
    they imply.

    and

    SMTP servers MAY decline to act as mail relays or to
    accept addresses that specify source routes.

    ...

    When source routes are not used, the process described in RFC 821 for
    constructing a reverse-path from the forward-path is not applicable
    and the reverse-path at the time of delivery will simply be the
    address that appeared in the MAIL command.

    Basically, it looks like the use of source routes is deprecated, and the only situation in which the source route will not be the sender is when it's null -- which should generally only happen when the message is a bounce message of some sort. I'd say in that case it would be acceptable to check the From: line using the same heuristics, even though the RFC says that the SMTP relay should never examine mail headers.

  • Re:About Time (Score:1, Informative)

    by Anonymous Coward on Monday April 14, 2003 @05:07AM (#5726474)
    You don't need to set up a mail server to be talking SMTP directly, it is an entirely valid way for a mail client to deliver mail.

    You also don't need to set anything up if you're using Unix, sendmail often comes configured in send-only mode.

    It is particularly useful if you have a laptop and connect to the net from various places at different times, and don't want to figure out a valid relay at each place separately.

    As far as I understand this is not about AOL blocking AOL residential accounts from sending mail directly via SMTP, either, but AOL blocking users of any ISPs that are known to be residential from sending mail directly via SMTP to AOL.
  • Re:Privatized mail (Score:1, Informative)

    by Anonymous Coward on Monday April 14, 2003 @11:55AM (#5728501)
    You should contact your state's Postmaster General. They are obligated BY LAW to provide US mail service for all US citizens. Period.

    I grew up in a town of 231 people. Mail was delivered in town up and down main street only. Not a problem. All the mailboxes for everyone in town were placed on main street in order. If you don't want to do that then you get a PO Box down town. They also run rural routes. They are required to service your mailbox if it is within 1/2 mile of the next nearest mailbox.

  • Re:Good move (Score:3, Informative)

    by Jack Hughes (5351) on Monday April 14, 2003 @04:48PM (#5730925) Homepage
    U - user (authorization) id
    I - authentication id
    P - password
    R - realm
    M - list of mechanisms delimited by spaces
    Or you could RTFM http://www.sendmail.org/m4/smtp_auth.html [sendmail.org]
  • Re:No, you did not (Score:1, Informative)

    by Anonymous Coward on Monday April 14, 2003 @05:47PM (#5731421)
    Physically impossible? So what was happening to my brother's account the day it got hijacked? Somebody was sending spam from his account with as many addresses in the CC line as AOL allows. Maybe it's not the most efficient way to spam, but it's still spam.

The degree of technical confidence is inversely proportional to the level of management.

Working...