Another reason I HATE AOL!

[Jay]

My business email server is setup in a none standard way

I use my web host to host a catchall address with spam filtering

I then have a mail server located in our central network that uses a POP3 connector to pull that mail every 5 mins from the catchall address and pass it through a mail filter, then to the SMTP delivery agent and to the users IMAP mail boxes.

The reason i do this is so that the bandwidth of filtering out 80% of the spam is not ours but our web hosts. The small amount that does get round thier filter is then removed by our own filters. This saves us downloading 1000's of stupid email headers a day.

The issue is that even though we have full reverse DNS setup AOL needs your MX record to point to your mail servers IP and not to your ISP catchall mail server. If your MX does not point to the IP your sending from all emails are blocked and no matter what you do or say they will not change that. I offered to send them a full letter letterhead fax etc but they said no.

I will now have to change the MX record and host it all myself becasue of their rules and due to our host not giving us access to the DNS it has to be done via fax. I understand why they are doing it but if I can prove that I am a legit mail server why can't they put me on the whitelist?

[Agent]

Move from AOL?

[badass]

Move from AOL?

He's not on AOL. Its that he can't send to AOL.

Jay - lookup DNSRBL's, SPF records and setup your email system properly!
I
Using RBL's gets rid of more than 75% of the spam before any real filtering takes place.
If you set up SPF records, you may find AOL let your email through.
If they don't then they are breaking the standards and you have every right to tell your users that you can;t send emails to AOL because their email system is deliberately broken.
If they moan, ask them that if the governemnt broke all traffic lights in london to reduce congestion so you couldn't get anywhere, would they go to Ford demanding they fix their cars or to the gov't telling them to fix what they broke?

[Agent]

He's not on AOL. Its that he can't send to AOL.

And that would explain it

[Jay]

am in the process of setting up a test spf record. Its something I have never done before.

[Jay]

a bit more digging and I have found that your external IP address's DNS name has to reflect that of your domain name.

eg

if your domain name is mydomain.com and your ISP has provided your internet with a reverse DNS of yourip.virginmedia.com then AOL will not be able to put you on their white list. The server you use as an SMTP server has to reflect your email domain name.

[badass]

a bit more digging and I have found that your external IP address's DNS name has to reflect that of your domain name.

eg

if your domain name is mydomain.com and your ISP has provided your internet with a reverse DNS of yourip.virginmedia.com then AOL will not be able to put you on their white list. The server you use as an SMTP server has to reflect your email domain name.

Some light bedtime reading
http://www.faqs.org/rfcs/rfc1912.html
DNS standards for internets hosts

http://www.ietf.org/rfc/rfc1123.txt
Internet host requirements - check the SMTP section

http://www.faqs.org/rfcs/rfc2821.html
SMTP/ESMTP as defined

Don't bother reading the lot in detail bujt a skim may be worthwhile.

These are the 3 that I use to tell people to go **** themselves if they decide their email should get to a non compliant mail system.
I have asked you in your PM - do you use exchange and do you use ISP smarthosting?
If you use exchange I can tell you exactily where to change your settings to get your mail servers greeting to match your reverse and A records for your mailserver.

[Jay]

If I add a new MX record with the IP of my SMTP server eg 123.123.123.123

then add v=spf1 mx -all

This should alow only the IPs listed as MX values to send mail for my domain, is that correct?

I am going to get stuck into the links above a bit later today.

[Steven.Michael]

if your on faxcebook, get a "WE HATE AOL" campaign going.
I cant stand them myself

[badass]

If I add a new MX record with the IP of my SMTP server eg 123.123.123.123

then add v=spf1 mx -all

This should alow only the IPs listed as MX values to send mail for my domain, is that correct?

I am going to get stuck into the links above a bit later today.

Yes, but watch out. It also means that you must be able to accept incoming mail on all of those IP addresses.

[Jay]

In the event of the other 2 MX addresses failing you mean?

[Jay]

I am finally on to the feedback loop system and am able to send mail to AOL again!

Just incase anyone here is ever in the same issue as I was.

add a new subdomain A record to you domain DNS eg

outmail IN A "your IP"

this will give you....

outmail.yourdomain.com

Call up your ISP and request a rDNS to be setup for your IP to outmail.yourdomain.com (this can take upto 7 days)

Once this has been setup and propagated to the DNS setup a feedback loop with AOL here....

http://postmaster.aol.com

Make sure the only IPs you put into the request are "owned" by yourself. eg rDNS must relate to your domain (it will because you have already set this up with your ISP)

Once you are accepted you can then move on to their white list for bulk mail sending to AOL. It is important that you do this as it only takes less than 3% of your emails to be either flagged as spam by AOLs crappy spam filters or for a few users to report your email as spam (AOL users do some very odd things) for you to be blacklisted and if you have hundreds of users sending mail its only a matter of time.

No other ISP / mail service that I know requires that you do this.

Once again thanks to Hexus users for their help (especially you badass)

[Betty_Swallocks]

(AOL users do some very odd things)

It's called A***holes Online for a reason you know.

[Jay]

Oh the irony!!

the confirmation email from AOL for my whitelist approval was picked up as spam by Windows Mail


ha ha ha ha

[Phil_P]

The reason i do this is so that the bandwidth of filtering out 80% of the spam is not ours but our web hosts. The small amount that does get round thier filter is then removed by our own filters. This saves us downloading 1000's of stupid email headers a day.

I understand that completely, but like badass said above, judicial use of good DNSBLs can eliminate a huge proportion of spam at the server (ie, you bounce the message on the connection attempt before accepting the content of the message thus saving bandwidth), so it needn't be an issue.

I recently tested a server before deploying it with a spammy domain receiving approx. 6-700 spam messages per day (tested for 1 month, total message count ~20,000). For the purposes of the tests I set a catchall so as to get an accurate feel for the spam filtering as opposed to simply dropping spam to non-existent users. So this test domain was receiving 6-700 mails per day, all spam, no legitimate mail at all. Obviously not using a catchall and only accepting mail for known users reduces the amount of spam to an extent.

I used a 3 phase filtering process:

I found ~30% of messages can be dropped straight away from hosts that don't helo with a FQDN.

Next up I filtered against DNSBLs (xen.spamhaus.org, uceprotect.net, psbl.surriel.com and spamcop.net). Spamhaus along catches most stuff and the others are extremely effective at catching the small amount that spamhaus misses. In total, the first 2 phases filters ~96% spam. Here's a great resource for DNSBLs:

http://stats.dnsbl.com/

Finally I employ greylisting to filter out the persistent buggers. Overall I can achieve on average 99.6% spam rejection at the server without deploying any costly post-filtering techniques (eg, spamassassin, AV etc).

It's really pretty easy to implement such a mail filtering gateway in any organisation that can then relay mail to an exchange server or act as the sole server. The best part - all done with open source software so the cost is free and the system happily scales to virtually unlimited domains/users to the point where hardware/bandwidth become limiting factors.

I wrote an easy to follow guide here:

http://wiki.centos.org/HowTos/postfix_restrictions