I have several users who connect to our mail server from an IP in the
*.ipt.aol.com namespace. All are complaining about intermittent SMTP problems.
I see that outbound SMTP traffic is proxied through AOL servers to our mail
servers. Has there been a change recently causing this to not work?
Our mail server does a name lookup on the IP and every once in awhile this will
fail. Im assuming AOL DNS servers stop answering queries occassionally?
Any ideas much appreciated.
We had users who SMTP AUTH relay through us from AOL dsl lines suddenly have
problems this week. Switching them to the submission port (587) has solved
things so far.
Christopher X. Candreva [1/17/2004 5:02 AM] :
I have several users who connect to our mail server from an IP in the
*.ipt.aol.com namespace. All are complaining about intermittent SMTP problems.
I see that outbound SMTP traffic is proxied through AOL servers to our mail
servers. Has there been a change recently causing this to not work?We had users who SMTP AUTH relay through us from AOL dsl lines suddenly have
problems this week. Switching them to the submission port (587) has solved
things so far.
You just noticed this now?
AOL has, since the past several months (over a year I think) set up their dynamic IP pool *.ipt.aol.com to hijack port 25 outbound requests and reroute it through a set of their own mailservers, that do some elementary rate limiting and filtering.
http://postmaster.info.aol.com/info/servers.html says these are the servers:
rly-ip0[3-5].mx.aol.com
IP Address Server
64.12.138.7 rly-ip03.mx.aol.com
64.12.138.8 rly-ip04.mx.aol.com
64.12.138.9 rly-ip05.mx.aol.com
As Chris Candreva said, have your users use the MSA port 587 to submit their email.
And blocking the rly-ipXX.mx.aol.com servers might be a good idea, depending on your situation.
My experience has been that you'll see a lot more intercepted direct to MX spam attempts and virus payloads than you'll see mail from road warriors dialing into AOL and trying to smarthost through their ISP / corporate smtp servers.
srs
True, but it appears AOL has cranked something up in the last couple
of weeks or something is choking more often. If you look at various
places where users like to gripe, you'll notice an uptick of queries
and complaints on the subject.
I can't explain what changed, and haven't seen any explanation from AOL
about what changed.
Sean Donelan [1/17/2004 9:20 AM] :
True, but it appears AOL has cranked something up in the last couple
of weeks or something is choking more often. If you look at various
places where users like to gripe, you'll notice an uptick of queries
and complaints on the subject.
Maybe they finally rolled this out across the board? AOL has a lot of dialup IP space (two /10s I think).
srs
Suresh Ramasubramanian wrote:
Sean Donelan [1/17/2004 9:20 AM] :
True, but it appears AOL has cranked something up in the last couple
of weeks or something is choking more often. If you look at various
places where users like to gripe, you'll notice an uptick of queries
and complaints on the subject.
Maybe they finally rolled this out across the board? AOL has a lot of dialup IP space (two /10s I think).
The ipt.* blocking dates back many years, I think the intercepter stuff does too.
The recommendation from AOL to rDNS block ipt.* dates back several years, and is mentioned in the current postmaster's guide at AOL.
Over the past several months I noticed we were getting a lot of ipt.* hits, and Hutzler later said that some of their blocks in (IIRC) Europe were apparently not working. Obviously, they just fixed it.
We get virtually nothing but spam from rly.* too, so, we're blocking it now. Hutzler remarked "you won't miss much", but I wouldn't take that as an official pronouncement. We get a handful of FPs on it per month, and we tell them to use the proper smarthosting.
Date: Sat, 17 Jan 2004 08:24:06 +0530
From: Suresh Ramasubramanian
AOL has, since the past several months (over a year I think)
set up their dynamic IP pool *.ipt.aol.com to hijack port 25
I recall seeing this in November 2002, and believe it had already
been in place for a few months...
outbound requests and reroute it through a set of their own
mailservers, that do some elementary rate limiting and
filtering.
Eddy