Ah, it's once again virus season here in Canada. It appears that Conficker has been making the rounds again too. From February, we saw a pretty good mix of Conficker and Bredolab variants here at the LW mothership:

147 Conficker.gen (Worm)
 58 Bredolab.BZ (Trojan)
 55 UPX packed executable file
 33 Bredolab.QR_2 (Trojan)
 29 Bredolab.CE_2 (Trojan)
 12 EggDrop.AAM (Trojan)
  9 Bredolab.SMF (Trojan)
  5 Pif.VF (Trojan)
  4 Merond.AA_2 (Worm)
  4 Bredolab.AG (Trojan)
  4 Banker.NA (Phish)
  2 Suspicious#fakeav_2 (Trojan)
  2 Pay-23 (Phishing)
  2 Bank-87 (HTML.Phishing)

We've had some issues relaying mail to AOL.com (surprise surprise) and I was trying to track down if any particular type of message was getting bounced more regularly than others. Naturally, I went to my favorite log-grepping search:

N:\>grep ERROR s20090610-00.log
64.12.137.169   [0E48] 00:14:55 Client session *** <dingus1@aol.com> <dingus1@aol.com> 1 22997 00:00:00 ERROR RKY25155
205.188.252.17  [0F14] 01:27:10 Client session *** <dingus2@aol.com> <dingus2@aol.com> 1 10238 00:00:00 ERROR RLL81309

Who does this????

Fortunately though, in this case stupidity is its own reward:

[0EBC] 16:21:51 *** <retard@domain.com> <friendoftard@otherdomain.com> 1 58355330 00:13:56 TOO-DATA WZW48454
[0EBC] 16:21:51 >>> 554 5.3.4 Message size exceeds fixed maximum message size

Sucks that you wasted your time trying to send this thing 20 times in a row, buddy. I guess maybe you should read that bounce message the server keeps so-helpfully sending back.

We've got a spam feedback loop with AOL to try and help get email delivered there. They've decided that since they are a huge source of junk they need to hold the rest of us to a higher standard. So when a user gets email in their inbox that they don't want (regardless of whether it's something they signed up for or not) they click the "Junk" button and we get an "abuse report" from AOL about it.

Well, I've been seeing a decent amount of junk mail getting returned to us that has been forwarded from local accounts to someone's AOL inbox. Keep in mind, this is not email that's rejected by a junk filter, it's email that AOL's anti-spam didn't catch either. So shame on us for not having a system that's somehow magically smarter.

As part of my ongoing quest to make things more fault-tolerant at work, I've worked out what's required to split out our email system into more discrete pieces. Soon, instead of our eggs-in-one-basket setup, we will have two webservers, two SMTP/POP3 servers, a database, and a file server all pitching in. I'm pretty satisfied with how the system is performing even without the nitpicky optimizations I still have to add in. I was about 30 minutes away from climbing a tower with a rifle this morning as I fought with connecting the 2nd webmail server into the existing configuration.