AOL blocking MailScanner messages!

Dan Farmer dan.farmer at PHONEDIR.COM
Fri Dec 5 23:56:29 GMT 2003 

On Dec 5, 2003, at 3:20 PM, Res wrote:

> Jeff,
>
> On Fri, 5 Dec 2003, Jeff A. Earickson wrote:
>
>> Y'all,
>>    I ran Rickert's sendmail ruleset for about 6 hours yesterday, then
>> removed it and looked at the 500 sendmail rejects that it generated
>> for the "Fix reverse DNS" error.  I rejected emails from 364 unique
>> IP numbers.  I wrote a script to do a whois on these numbers and the
>> info was ugly.  Yes I was rejecting probable spam from APNIC, but I
>> also zapped a lot of stuff from other universities, McGraw-Hill books
>> and other publishers, Amazon (the original spammers!), IBM, the FAA
>> (!),
>> etc.  I expect to hear some screaming about my experiment.
>>
>> While I think this is a great idea in theory, in practice it does a
>> lot of collateral damage.  I'll let AOL reform the world before
>
>
> Can you explain why we should operate non compliant mail servers? JUST
> to
> get mail from other non complaint mail servers?

Uh, aren't these blocking rules non-default configurations? So you're
saying that 99% of mail servers are non-compliant as installed because
they don't block servers with missing rdns?

> Sure, RFC1912 is not law, but its there and its there for a good
> reason,
> so do we now start to ignore other RFC's ? or just the ones we dont
> like?
>
> When these people get all there bounced mails they soon get the
> picture,
> complain to their IT unit who in turn should get off there lazy asses
> and
> fix what should have been setup correctly in the first place!

Having used these blocks for nearly a month on real production servers,
what really happens is this: user1 at remotedomain.com sends mail to
user2 at ourdomain.com, they get the reject and don't read it. They
proceed to contact user2 by phone to say their mail was rejected and
they don't know why. user1 then sends mail to user2 at homedomain.com and
it goes through fine since homedomain.com isn't blocking missing rdns.

Since user1 gets their mail through fine to user2's home/alternate
address, they never say anything to their mail server admin, but user2
complains that ourdomain.com is blocking customer/business email's and
they can't do their work. And user2 is right - ourdomain.com may be
trying to limit spam/viruses/etc by requiring other mail servers to
have proper rdns, but it is the server "blocking" legitimate mail
(legitimate mail = non-spam, non-virus, business/personal
communication, albeit from a server with no rdns)

Servers can get away with incorrect/bad rdns simply because 99% of
servers will not bounce their messages back, which is why it is a good
sign that a large force like AOL is starting to push in that direction,
it will make it easier on us when we decide to implement these changes.

> There are just too many lazy incompetant idiots in the IT industry.
                                        ^-ent

Not sure if you're directing this at the non-compliant server admins or
the 99% of server admins who aren't blocking like you, but this isn't a
black or white issue (I once thought it was, and I spent a month trying
to prove it, unsuccessfully.) I will re-implement the blocking when it
becomes more commonplace, but I agree with Jeff - I'll let AOL blaze
the initial path, in hopes that when I re-implement 99% of servers will
be compliant and our users won't be so inconvenienced by it.

> --
> Regards,
> Res
> Network Administrator
> Postmaster / Abusemaster / Flamemaster
> http://www.ausics.net  Australian Hosting Services
>

More information about the MailScanner mailing list