SMTP problems from *.ipt.aol.com
I have several users who connect to our mail server from an IP in the *.ipt.aol.com namespace. All are complaining about intermittent SMTP problems. I see that outbound SMTP traffic is proxied through AOL servers to our mail servers. Has there been a change recently causing this to not work? Our mail server does a name lookup on the IP and every once in awhile this will fail. Im assuming AOL DNS servers stop answering queries occassionally? Any ideas much appreciated. -- Aj. Sys. Admin / Developer
On Fri, 16 Jan 2004, Ajai Khattri wrote:
I have several users who connect to our mail server from an IP in the *.ipt.aol.com namespace. All are complaining about intermittent SMTP problems. I see that outbound SMTP traffic is proxied through AOL servers to our mail servers. Has there been a change recently causing this to not work?
We had users who SMTP AUTH relay through us from AOL dsl lines suddenly have problems this week. Switching them to the submission port (587) has solved things so far. ========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Christopher X. Candreva [1/17/2004 5:02 AM] :
On Fri, 16 Jan 2004, Ajai Khattri wrote:
I have several users who connect to our mail server from an IP in the *.ipt.aol.com namespace. All are complaining about intermittent SMTP problems. I see that outbound SMTP traffic is proxied through AOL servers to our mail servers. Has there been a change recently causing this to not work?
We had users who SMTP AUTH relay through us from AOL dsl lines suddenly have problems this week. Switching them to the submission port (587) has solved things so far.
You just noticed this now? AOL has, since the past several months (over a year I think) set up their dynamic IP pool *.ipt.aol.com to hijack port 25 outbound requests and reroute it through a set of their own mailservers, that do some elementary rate limiting and filtering. http://postmaster.info.aol.com/info/servers.html says these are the servers: rly-ip0[3-5].mx.aol.com IP Address Server 64.12.138.7 rly-ip03.mx.aol.com 64.12.138.8 rly-ip04.mx.aol.com 64.12.138.9 rly-ip05.mx.aol.com As Chris Candreva said, have your users use the MSA port 587 to submit their email. And blocking the rly-ipXX.mx.aol.com servers might be a good idea, depending on your situation. My experience has been that you'll see a lot more intercepted direct to MX spam attempts and virus payloads than you'll see mail from road warriors dialing into AOL and trying to smarthost through their ISP / corporate smtp servers. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
On Sat, 17 Jan 2004, Suresh Ramasubramanian wrote:
You just noticed this now?
AOL has, since the past several months (over a year I think) set up their dynamic IP pool *.ipt.aol.com to hijack port 25 outbound requests and reroute it through a set of their own mailservers, that do some elementary rate limiting and filtering.
True, but it appears AOL has cranked something up in the last couple of weeks or something is choking more often. If you look at various places where users like to gripe, you'll notice an uptick of queries and complaints on the subject. I can't explain what changed, and haven't seen any explanation from AOL about what changed.
Sean Donelan [1/17/2004 9:20 AM] :
True, but it appears AOL has cranked something up in the last couple of weeks or something is choking more often. If you look at various places where users like to gripe, you'll notice an uptick of queries and complaints on the subject.
Maybe they finally rolled this out across the board? AOL has a lot of dialup IP space (two /10s I think). srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Suresh Ramasubramanian wrote:
Sean Donelan [1/17/2004 9:20 AM] :
True, but it appears AOL has cranked something up in the last couple of weeks or something is choking more often. If you look at various places where users like to gripe, you'll notice an uptick of queries and complaints on the subject.
Maybe they finally rolled this out across the board? AOL has a lot of dialup IP space (two /10s I think).
The ipt.* blocking dates back many years, I think the intercepter stuff does too. The recommendation from AOL to rDNS block ipt.* dates back several years, and is mentioned in the current postmaster's guide at AOL. Over the past several months I noticed we were getting a lot of ipt.* hits, and Hutzler later said that some of their blocks in (IIRC) Europe were apparently not working. Obviously, they just fixed it. We get virtually nothing but spam from rly.* too, so, we're blocking it now. Hutzler remarked "you won't miss much", but I wouldn't take that as an official pronouncement. We get a handful of FPs on it per month, and we tell them to use the proper smarthosting.
SR> Date: Sat, 17 Jan 2004 08:24:06 +0530 SR> From: Suresh Ramasubramanian SR> AOL has, since the past several months (over a year I think) SR> set up their dynamic IP pool *.ipt.aol.com to hijack port 25 I recall seeing this in November 2002, and believe it had already been in place for a few months... SR> outbound requests and reroute it through a set of their own SR> mailservers, that do some elementary rate limiting and SR> filtering. Eddy -- Brotsman & Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
participants (6)
-
Ajai Khattri
-
Chris Lewis
-
Christopher X. Candreva
-
E.B. Dreger
-
Sean Donelan
-
Suresh Ramasubramanian