List posts sent to AOL list subscribers bounce as undeliverable (v. 2.1.20)
Hello,
I'm assisting a small non-profit organization with their informational news listserv which is running on Mailman version 2.1.20.
The issue is that list posts sent to AOL subscriber addresses are now bouncing as undeliverable with the bounce code: "521 5.2.1 : AOL will not accept delivery of this message."
This issue just began several days ago and 200+ subscribers with AOL email addresses are now identified as bouncing in Mailman admin.
I understand last year AOL (and Yahoo) made changes to their email systems which might contribute to this issue. However it didn't seem to impact our list subscribers with AOL email addresses until just now.
The bounce email message for each subscriber appears as:
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
EmailAccountHere@aol.com
host mailin-03.mx.aol.com [64.12.91.196]
SMTP error from remote mail server after end of data:
521 5.2.1 : AOL will not accept delivery of this message.
Unfortunately the list server runs on a host machine maintained by another non-profit, which in turn contacts with a small local hosting provider. And we don't have access to changing any list server configuration parameters, beyond what is available in the list owner admin.
And unfortunately the hosting provider will not make any changes to the server for specific lists. We are just grateful the free listserv service and that they keep the version of Mailman up-to-date.
And we are unable to setup a white list or feedback loop (FBL) with AOL as we don't have access to the postmaster or abuse email accounts for the list server domain.
We have sent an email to http://postmaster.info.aol.com/SupportRequest.php to request unblocking out list email address and/or the list server IP (assuming one or the other is actually "blocked", we have no idea at this point), but have yet to receive a response from AOL.
The error codes page at https://postmaster.info.aol.com/error-codes says this about the bounce error noted above:
AOL will not accept delivery of this message
This is a permanent bounce due to:
* RFC2822 From domain does not match the rDNS of sending server.
* RFC 2822 FROM address does not have an A record and is not a valid domain.
* IP has a poor reputation and mail is sent to multiple recipients.
* There are multiple From address in the mail headers and the IP reputation is poor.
Before I dive into the details above and the info within the document at https://postmaster.info.aol.com/tech-requirements, I'm hoping to hear some potential simple solutions that may be applied to our particular solution.
I can post the content of the list email a headers, but I wish to avoid posting the info in a public forum,
Thank you for any advice.
On 12/4/2015 5:21 AM, Woody Mon via Mailman-Users wrote:
Hello,
I'm assisting a small non-profit organization with their informational news listserv which is running on Mailman version 2.1.20.
The issue is that list posts sent to AOL subscriber addresses are now bouncing as undeliverable with the bounce code: "521 5.2.1 : AOL will not accept delivery of this message."
This issue just began several days ago and 200+ subscribers with AOL email addresses are now identified as bouncing in Mailman admin.
I understand last year AOL (and Yahoo) made changes to their email systems which might contribute to this issue. However it didn't seem to impact our list subscribers with AOL email addresses until just now.
The bounce email message for each subscriber appears as:
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: EmailAccountHere@aol.com host mailin-03.mx.aol.com [64.12.91.196] SMTP error from remote mail server after end of data: 521 5.2.1 : AOL will not accept delivery of this message.
Unfortunately the list server runs on a host machine maintained by another non-profit, which in turn contacts with a small local hosting provider. And we don't have access to changing any list server configuration parameters, beyond what is available in the list owner admin.
And unfortunately the hosting provider will not make any changes to the server for specific lists. We are just grateful the free listserv service and that they keep the version of Mailman up-to-date.
And we are unable to setup a white list or feedback loop (FBL) with AOL as we don't have access to the postmaster or abuse email accounts for the list server domain.
We have sent an email to http://postmaster.info.aol.com/SupportRequest.php to request unblocking out list email address and/or the list server IP (assuming one or the other is actually "blocked", we have no idea at this point), but have yet to receive a response from AOL.
The error codes page at https://postmaster.info.aol.com/error-codes says this about the bounce error noted above:
AOL will not accept delivery of this message This is a permanent bounce due to: * RFC2822 From domain does not match the rDNS of sending server. * RFC 2822 FROM address does not have an A record and is not a valid domain. * IP has a poor reputation and mail is sent to multiple recipients. * There are multiple From address in the mail headers and the IP reputation is poor.Before I dive into the details above and the info within the document at https://postmaster.info.aol.com/tech-requirements, I'm hoping to hear some potential simple solutions that may be applied to our particular solution.
I can post the content of the list email a headers, but I wish to avoid posting the info in a public forum,
Thank you for any advice.
I believe that the AOL rejection
521 5.2.1 : AOL will not accept delivery of this message.
signifies that there is something in the message that AOL thinks is objectionable. What the objectionable content might be is anyone's guess.
P. S.
their informational news listserv which is running on Mailman version
2.1.20.
Listserv (R) is a registered trademark of Lsoft, and that term does NOT pertain to Mailman. Both products are mailing list management software, but only Listserv (R) is listserv.
--Barry Finkel
--Barry Finkel
On 12/04/2015 03:21 AM, Woody Mon via Mailman-Users wrote:
The issue is that list posts sent to AOL subscriber addresses are now bouncing as undeliverable with the bounce code: "521 5.2.1 : AOL will not accept delivery of this message."
This is a rather non-specific AOL error message, but as you note, it is documented. I've seen mail rejected by AOL for this reason, but the only circumstance under which I've seen it on my own server is when an AOL user posts to a list (with DMARC munge from in effect) the copy to that user is rejected with that reason, but it is accepted for other AOL members of the same list. I've dealt with this by setting all AOL list members to 'not metoo'. I've never been able to figure out what in the message causes this.
I see this reject quite often on mail.python.org, but we've seen no complaints from the python.org lists about this, so I don't think it's all AOL users all the time.
In the cases I've seen, the only reasons listed for this at https://postmaster.aol.com/error-codes#other that might apply are "RFC2822 From domain does not match the rDNS of sending server." and "IP has a poor reputation and mail is sent to multiple recipients.", but if one of those is the cause, why in the first case above is only the poster's copy rejected?
This issue just began several days ago and 200+ subscribers with AOL email addresses are now identified as bouncing in Mailman admin.
I understand last year AOL (and Yahoo) made changes to their email systems which might contribute to this issue. However it didn't seem to impact our list subscribers with AOL email addresses until just now.
The changes have to do with DMARC, and if AOL rejects a message for DMARC policy reasons it normally responds with one of the documented DMARC codes.
Unfortunately the list server runs on a host machine maintained by another non-profit, which in turn contacts with a small local hosting provider. And we don't have access to changing any list server configuration parameters, beyond what is available in the list owner admin.
And I wish I knew what you could change if you could, but I don't.
And unfortunately the hosting provider will not make any changes to the server for specific lists. We are just grateful the free listserv service and that they keep the version of Mailman up-to-date.
And we are unable to setup a white list or feedback loop (FBL) with AOL as we don't have access to the postmaster or abuse email accounts for the list server domain.
We have sent an email to http://postmaster.info.aol.com/SupportRequest.php to request unblocking out list email address and/or the list server IP (assuming one or the other is actually "blocked", we have no idea at this point), but have yet to receive a response from AOL.
The error codes page at https://postmaster.info.aol.com/error-codes says this about the bounce error noted above:
AOL will not accept delivery of this message
This is a permanent bounce due to:
* RFC2822 From domain does not match the rDNS of sending server. * RFC 2822 FROM address does not have an A record and is not a valid domain. * IP has a poor reputation and mail is sent to multiple recipients. * There are multiple From address in the mail headers and the IP reputation is poor.
The first reason above is really bad. It's looks like AOL's own extension to DMARC that ignores any DMARC policy that might actually be published by the From: domain. On the other hand, I don't expect AOL to properly document what they are doing anyway. You could try setting from_is_list on your list's General Options page to Munge From or Wrap Message. If that solves the problem, then it is that first reason, but I suspect it is more likely the third and the answer is to improve your IP's reputation with AOL, but you may not be able to do that.
Before I dive into the details above and the info within the document at https://postmaster.info.aol.com/tech-requirements, I'm hoping to hear some potential simple solutions that may be applied to our particular solution.
I'm not aware of any.
I can post the content of the list email a headers, but I wish to avoid posting the info in a public forum,
I don't think that will be helpful. You do need to look at them and determine that the Mailman sending server at least meets the following:
Identifies itself in HELO/EHLO with a host name whose A record matches its IP address.
Its IP address has a rDNS (PTR) record pointing back to the same host name/domain.
Mark Sapiro writes:
This is a permanent bounce due to:
* RFC2822 From domain does not match the rDNS of sending server.
The first reason above is really bad. It's looks like AOL's own extension to DMARC that ignores any DMARC policy that might actually be published by the From: domain.
AOL fired most (all?) of their competent people a couple of years ago. The ones who are left probably don't have time to write super-precise documentation. I just read that one as a reject of a message without a valid DKIM signature that fails the SPF test too, according to the DMARC policy of the From domain. True, it could be as bad as you say -- this is AOL we're talking about -- but I think it's probably just hard-to-understand docs.
On the other hand, I don't expect AOL to properly document what they are doing anyway. You could try setting from_is_list on your list's General Options page to Munge From or Wrap Message.
Note that Wrap Message is the theoretically correct answer, but it causes pain to at least iPhone users (as of last year). I can't imagine it works better than Munge From as a DMARC mitigation (except for Emacs/Gnus and mutt users ;-). I wouldn't bother trying it if I were Woody, and much as it pains me to say it (it was my proposal, after all) I don't think we should recommend it to anybody who can't figure out what it does for themselves. :-(
Also, if this is happening to digests (as Woody says in a later post), that seems weird to me. Digests should be sent From: mailman@sending-host.tld, and so should be DMARC-safe, right? Of course the sending host may not be DMARC-ly correct, but if so I would think they would suffer greatly in many ways.
So I tend to think it's the IP reputation that's the main problem, but what AOL considers in computing reputation I don't know.
Steve
The issue is that list posts sent to AOL subscriber addresses are now bouncing as undeliverable with the bounce code: "521 5.2.1 : AOL will not accept delivery of this message."
I see that you have a yahoo.com address. If there's a yahoo.com address on the From: line of the list mail, AOL and Yahoo's well documented abuse of DMARC will cause the failure you're seeing.
If you're running a recent version of Mailman, there are some DMARC workarounds you can use. Other than that, I'd find a different address to mail from, not at Yahoo, not at AOL, and preferably not at Gmail.
R's, John
On 12/04/2015 02:40 PM, John Levine wrote:
The issue is that list posts sent to AOL subscriber addresses are now bouncing as undeliverable with the bounce code: "521 5.2.1 : AOL will not accept delivery of this message."
I see that you have a yahoo.com address. If there's a yahoo.com address on the From: line of the list mail, AOL and Yahoo's well documented abuse of DMARC will cause the failure you're seeing.
If you're running a recent version of Mailman, there are some DMARC workarounds you can use. Other than that, I'd find a different address to mail from, not at Yahoo, not at AOL, and preferably not at Gmail.
R's, John
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/incoming-pythonlists%4...
Two things to look at:
Enter the IP address of your server on the AOL IP reputation page. I don't know if it will give you anymore information than what you already have, but it's probably worth a try: https://postmaster.aol.com/ip-reputation
I don't believe you mention anywhere whether there are any kind of DKIM signatures in your message or weather there is an SPF record for your sending domain. You could subscribe to your list from a gmail account, and then, on one of the lists postings, click "show original message" (in the GMAIL GUI) and look for gmail's results of the DKIM, SPF, and DMARC tests. If you use from_is_list, or for digests, it is best to have a valid DKIM signature. If you don't use from_is_list, then no signature is your best bet if mailman is adding footers. My sense is you stand the best chance of getting your message through if it has a valid DKIM signature. A bad DKIM signature will likely cause problems. I know that under some circumstances mailman strips dkim signatures, but it's best to look at headers to see what is actually happening.
I realize you have no ability to change some of these things, but at least determining the cause of your problem will help to determine if you will be able to solve it or not.
Natu
participants (6)
-
Barry S. Finkel -
John Levine -
Mark Sapiro -
Natu -
Stephen J. Turnbull -
Woody Mon