I've been running the toaster configuration of qmail for over a year and it has been great. Yesterday, however, I discovered that AOL had decided to block my server because, in their words:
Remote host said: 554-(RLY:B1) The information presently available to AOL indicates this
554-server is generating high volumes of member complaints from AOL's
554-member base. Based on AOL's Unsolicited Bulk E-mail policy at
554-http://www.aol.com/info/bulkemail.html AOL may not accept further
554-e-mail transactions from this server or domain. For more information,
554 please visit http://postmaster.info.aol.com.
I'm not going to try again; this message has been in the queue too long.
The server supports about 50 domains with a total of about 500 users. There has not been a discernible rise in message volume (though the queue is now filling with delayed messages to AOL users). The load on the server is where it usually is - about 0.20, and disk usage has not increased.
To try and understand why AOl did this, I ran the series of open relay tests from
http://spamlart.homeunix.org/
which DID indicate some possible problems. Here are the parts of their report which indicated problems:
rcpt to: <"[EMAIL PROTECTED]"@[64.186.170.70]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]@[64.186.170.70]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <spamlart.homeunix.org!spamtest>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <"[EMAIL PROTECTED]"@[64.186.170.70]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]@[64.186.170.70]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <spamlart.homeunix.org!spamtest>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <"[EMAIL PROTECTED]"@[64.186.170.70]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]@[64.186.170.70]>
250 ok
** FAILURE / Potentital Vulnerability **
rcpt to: <[EMAIL PROTECTED]>
250 ok
** FAILURE / Potentital Vulnerability **
I confess to not being completely familiar with the way these addresses are constructed.
Is there a vulnerability here?
I've looked through the logs and I don't see anything that looks like an unknown user sending zillions of messages to AOL users - where else can I look?
I really appreciate all you guys have done to help get this set up and working so well for so long - please help me get out of this one!!
amd
Andy Drexler
[EMAIL PROTECTED]
(650) 948-4217
- Re: [toaster] HELP! Am I an open relay? Andy Drexler
- Re: [toaster] HELP! Am I an open relay? Eero Volotinen
- Re: [toaster] HELP! Am I an open relay? Bill Shupp
- Re: [toaster] HELP! Am I an open relay... John Melville
- Re: [toaster] HELP! Am I an open r... Bill Shupp
- Re: [toaster] HELP! Am I an op... John Melville
- Re: [toaster] HELP! Am I an open relay... Jason 'XenoPhage' Frisvold
- Re: [toaster] HELP! Am I an open r... Bill Shupp
- Re: [toaster] HELP! Am I an open relay... Andy Drexler
- Re: [toaster] HELP! Am I an open r... Bill Shupp
- Re: [toaster] HELP! Am I an op... Andy Drexler
