> postconf | grep percent > allow_percent_hack = no > > ... set to yes. argh > > I know at some point I set it to "no" in my standard config file, but when > I just checked it wasn't there. I've corrected it in my file. > > Everybody should check all their postfix boxes __immediately__. > > AOL uses the percent hack to test open relay and will block mail from your > IP if they find it. > > just add the line and "postfix reload" and check it with postconf > > >OK, now I'm confused. According to >http://archives.neohapsis.com/archives/postfix/2001-08/0252.html when it is >disabled, the relay tester will think it it an open relay even though it >isn't--of course I could be reading this wrong. When it is enabled, the >relay checker would think it isn't open when it actually is???
Well, right in the middle of me upgrading an IMGate for client, he gets AOL tested, = yes, and his box fails, and is now blocked. That's the experience I'm speaking from. from the two instances in the postfix docs: allow_percent_hack Rewrite user%domain to [EMAIL PROTECTED] and Rewrite user%domain to [EMAIL PROTECTED] This feature is controlled by the boolean allow_percent_hack parameter (default: yes). Typically, this is used in order to deal with monstrosities such as [EMAIL PROTECTED] ================================== btw, when I searched my client's maillogs for today and previous 3 days, I saw not one instance of "CloseYourOpenRelay". WTF?? I know my IMGates never failed the suite of 17 open-relay-tests that orbs or whoever used to run every few months From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 4:03 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: *** Server Test Results from America Online, Inc. *** This is a warning message. You are receiving this message because this, or one of your mail relays (see below for details) is open to third party (free) relaying and has been abused to send unsolicited bulk email (spam) to America Online, Inc.'s email system. Below, you will see output from our database indicating which tests we performed on your system, and the time at which the last test was performed. For example, if you see: mail from:<[EMAIL PROTECTED]> rcpt to:<[EMAIL PROTECTED]> it means we were able to send a piece of email with a "from" address of "[EMAIL PROTECTED]" through your system, back to the email account "[EMAIL PROTECTED]". (The email address "[EMAIL PROTECTED]" doesn't exist -- it's greater than 16 characters -- but the fact that your system tried to deliver to that address indicates that your server is available for free relaying. We encourage you to use this email address as a test... you will receive undeliverable email back from AOL's Mailer-Daemon if you are open to free relaying.) Here's your server data: Date: Mon Sep 1 19:30:00 2003 mail from: <[EMAIL PROTECTED]> rcpt to: <[EMAIL PROTECTED]> rcpt to: <[EMAIL PROTECTED]> rcpt to: <[EMAIL PROTECTED]> This is the only proactive notification you will receive alerting you to the block AOL has placed on your mailserver. Your server is now blocked from sending email to AOL owned email properties. If your server is intentionally open and you wish it never to be tested again, please send an email to [EMAIL PROTECTED] with the subject line "forever open, don't test" and your IP address(es) in the body of the email. AOL will then put your IP(s) into the Forever Open Don't Test list. *** Please keep in mind that if you do this, your server will be blocked and will REMAIN blocked until you send an email to [EMAIL PROTECTED] and ask AOL to start testing your server again. *** For more information about Open Relays (including some troubleshooting tips), please visit http://postmaster.info.aol.com, or do a search for "Open Relay" on the Internet. The AOL Postmaster Team Reference number: 753-xxxxxxxx
