Re: [Exim] AOL blocks SSL/TLS?

Top Page
Delete this message
Reply to this message
Author: Tom Samplonius
Date:  
To: James P. Roberts
CC: exim-users
Subject: Re: [Exim] AOL blocks SSL/TLS?
On Sun, 21 Apr 2002, James P. Roberts wrote:

> Problem solved, with extensive thanks to the kind and intelligent people
> on this list.
>
> In the end, in order to support an Outlook Express 6.0 client, over an
> AOL dial-up connection, requiring SSL/TLS before SMTP AUTH, I learned
> the following items:


I must be missing something, but this seems pointless to me. AOL's SMTP
relays don't support TLS, because they assume that their internal network
is just as secure as their relay servers. In fact, their internal
network is proably more secure then their relay servers, so I'm not
sure why you would trust their relay servers over the internal network.
You can't use SMTP AUTH to AOL relay servers, nor do you need to, since
they will relay for the entire AOL internal network. Why go through all
these contortions to get secure relaying working on your mail server for
AOL clients, when AOL will automatically relay it all?

...
> Finally, I understand the reason that AOL does this. Although I still
> find it distasteful, and even immoral, I have to admit I understand that
> they do it in order to prevent spammers from abusing AOL to transmit
> emails to open relays. "The ends do not justify the means." But,
> thanks to certain calm-headed people on this list, I at least understand
> the reason. And thanks to you, I was able to find a useable
> work-around.


I'm of the opinion that _all_ ISPs should do this. The biggest problem
isn't just the exploitation of insecure mail servers, but direct sending.
If you've have actually looked at any spam lately, most it is simply
direct mailed and does not require a relay. It takes less time to
sign up a new account with AOL than it does to investigate and respond
to a spam complaint. That means that if AOL didn't do this, their one
million some odd dialup ports would be spewing spam into the Internet
faster than anyone could stop. They would need hundreds of people to
police it.

Besides from a tech support standpoint, SMTP redirection to a relay
server is great! Customers can put whatever they like into their Outgoing
mail server setting, as long as it resolves to an IP, and their mail will
work! Especially handy if they move between ISPs.

Tom