[unisog] AOL rejects forwarding?

Michael Young mcysys at rit.edu
Tue Nov 2 20:19:17 GMT 2004


We recently had a similar problem with AOL.  This generally indicates
that AOL is received a large number of complaints of unsolicited e-mail
coming from the IP address that they've blocked.

If you configure a feedback loop with them, you will receive forwarded
copies of the complaints they are receiving.  This will allow you to
determine where it is coming from.

In our case, one of our users had a formmail.cgi which was only
partially locked down.  The problem was that the referrer address was
being spoofed by a SPAMmer to appear that was being referred from the
rit.edu web server.  This resulted in a large amount of SPAM appearing
to originate from our servers, when in fact it was being relayed via the
web server to the mail server.

Funny thing was, it was coming from one of AOLs own users - they had
blocked the IP address on their own network for SPAM, but still allowed
them to relay mail through other sites.  There were several other
problems we had with AOL regarding this, but I won't go into those.  In
short, their own postmaster team didn't know what their anti-spam team
was doing.

Michael Young
RIT

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Joseph Brennan
Sent: Tuesday, November 02, 2004 12:52 PM
To: unisog at lists.sans.org
Cc: postmaster
Subject: [unisog] AOL rejects forwarding?


We noticed that AOL was starting to refuse mail from our incoming
mail system.  These are the hosts that handle incoming mail to
columbia.edu.  They send mail when the columbia.edu address forwards
delivery to another address.  So the mail in question is mail from
outside that we are forwarding to AOL addresses.  This mail is
filtered for spam and executables first-- not all is re-sent.

The result of an inquiry to AOL is the message below.  This appears
to mean that our users can no longer forward mail from outside to AOL.
We will need to publicize this and to find a way to alert users on
an ongoing basis.

Of course I will call the phone number given to see whether they
actually read my request.

In the meantime, I would like to know whether any other edu's are
in this situation.  You might have to have separate inbound and
outbound hosts for the spam ratio to be high enough.  Alumni
forwarding systems are likely to have similar ratios.

Joseph Brennan
postmaster at columbia.edu





------------ Forwarded Message ------------
Date: Tuesday, November 2, 2004 11:26 AM -0500
From: AOL Postmaster <postmaster at aol.com>
To: postmaster at columbia.edu
Subject: Your Request ,,cs

Your Whitelist request, with the
confirmation code 1099325016-414428, has been denied.



Request Denied.  Your member complaints are too high.  You may be
sharing
an IP address; contact your ISP to find out if this is the case.  You
may
also want to set up a Feedback Loop to monitor complaints.  To find out
more about a feedback loop go to
http://postmaster.info.aol.com/tools/fbl.html.  If you are having
delivery
problems, please contact the AOL Postmaster Help Desk at 888-212-5537.


For more information on this request, please visit our website
or call the AOL Postmaster Helpdesk at 888-212-5537.

Thank You,
AOL Postmaster.




---------- End Forwarded Message ----------


_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog





More information about the unisog mailing list