erinspice

Well-Known Member
Feb 12, 2006
99
0
166
Hi! I received a Client TOS Notification from AOL today. It was my understanding that they sent these whenever they believe that my server is the origination point of a spam email message. Can you guys help me understand this?

Subject: Can you tell me what's wrong, and how we can fix it?
From: "Zachery O. Livingston" <[email protected]>
Date: Wed, 08 Aug 2007 10:35:13 +0400
To: <Undisclosed Recipients>
Return-Path: <[email protected]>
Received: from rly-xa05.mx.aol.com (rly-xa05.mail.aol.com [xx.xx.xx.xx]) by air-xa02.mail.aol.com (v118.4) with ESMTP id MAILINXA21-7446b964229c; Wed, 08 Aug 2007 02:35:35 -0400
Received: from my.hostname.com (my.hostname.com [xx.xx.xx.xx]) by rly-xa05.mx.aol.com (v118.4) with ESMTP id MAILRELAYINXA56-7446b964229c; Wed, 08 Aug 2007 02:35:14 -0400
Received: from xx.xx.xx.xx.blahblah.com ([xx.xx.xx.xx]) by my.hostname.com with smtp (Exim 4.63) (envelope-from <[email protected]>) id 1IIf8Q-0007pP-2y for [email protected]; Wed, 08 Aug 2007 01:35:10 -0500
Received: from xx.xx.xx.xx (HELO mail3.someunrelateddomain.com) by blahblah.com with esmtp (GZQPSLACJQJ GMAGB) id 9nLM0a-Iw8dFU-Rw for [email protected]; Wed, 08 Aug 2007 10:35:13 +0400
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_2967_0C01_01C7D9A7.CD59F8E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1165
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - my.hostname.com
X-AntiAbuse: Original Domain - myclientsdomain.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - someunrelateddomain.com
X-AOL-IP: xx.xx.xx.xx
My server received the email in the 2nd Received line and sent it out in the 3rd one. I tested my server on 2 different open relay test sites and it came back both times that it is not an open relay. What do these headers mean? How was my server involved in this spam transmission and how can I stop it?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
Check /etc/valiases/* and see if anyone is forwarding email to AOL. If they are, they've probably reported your server as sending spam within their AOL account - bad user. If that's the case you're better off removing the forwarder and telling the user to POP their email from the server (though if they're an AOL user...)