Tuesday, 29. November 2005
PermaLink AOL doesn't send spam
Regular readers may recall that assertion, documented here some while ago.

Maybe AOL doesn't send any spam any more but this is just as bad.

AOL Sober.AG backscatter

Yes, it's a Sober.AG backscatter bounce from our friends at AOL.

Adding insult to injury, the reason text given in the eventual * 554 response was:

TRANSACTION FAILED - Unrepairable Virus Detected. Your mail has not been sent.

Aside to AOL: My mail? My mail? Go away now and don't come back until you understand spoofing.

Of course, being a delayed bounce the message has a null sender envelope. And it comes from an AOL IP which is whitelisted (our users seem to want email from AOL as a rule). So not much to work with so far as blocking or filtering are concerned.

I guess there's always Taj May's technique for handling bogus bounces by examining the X-Mailer header (if it's not Lotus Notes, we didn't send it in the first place), though we currently have that turned off. Why? Because a number of remote systems seem to remove the X-Mailer header, occasionally substituting their own.

And guess what. Most if not all of those seem to be Exchange shops.

Another hit for "I hate Exchange", Ed.

Update: These just keep rolling in. We've turned on the Taj May rule and it is working like a charm, sidelining the two or three delayed bounces from AOL (plus occasional others) we are seeing every hour. The most recent AOL sample announces that "my" mail was not delivered to no fewer than (count them) 65 individual AOL users and helpfully lists every one of their email addresses.


* "eventual" because had they issued a hard rejection at the time the message was delivered to them, it would have died there and then - they evidently chose to accept and bounce later

Category: Viruses and Worms
Technorati:

Comments :

1. Ed Brill30/11/2005 16:17:49
Homepage: http://www.edbrill.com


huh. microsoft claims that Exchange and Outlook addressed all their virus issues years ago.



2. Chris Linfoot30/11/2005 16:30:36


Oh yes?

In another bizarre Sober related twist, an external business partner of ours has managed to get their own Exchange server infected with Sober and it is spewing Sober.AG in every direction - has been for days and I can't get them to stop. The administrator must have received that FBI email and actually opened the attachment on the server itself!

The problem isn't solely the software, it's the users too.



3. yomi09/11/2007 15:12:45


i am having this error too 554 transaction failed but just from a particular domain.



Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Contact Me
email - Chris Linfoot
skypeme
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info


My Amazon wish list Wishlist


Wikio - Top Blogs - Technology
Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Dilbert