Re: [Exim] AOL blocks SSL/TLS?

><snip>
>I must be missing something, but this seems pointless to me. AOL's
SMTP
>relays don't support TLS, because they assume that their internal
network
>is just as secure as their relay servers. <snip> Why go through all
>these contortions to get secure relaying working on your mail server
for
>AOL clients, when AOL will automatically relay it all?

Answer: Because I am hosting my customers' domains. For them to be
able to send mail from their own domain, they need to have my server
relay it for them, not AOL's. Because I do not wish to be an open
relay, of course, I require authentication. In order to protect my
customers' passwords, I require SSL/TLS encryption before
authentication. They can connect to the internet anyway they like, and
set up their email client with my server listed as their SMTP server,
with SSL/TLS and authentication enabled.

The AOL mail relays intercept SMTP messages directed to port 25 on my
server. (Actually, any IP packets addressed to any IP address:port 25,
are redirected to THEIR mail relay IP address:port 25). AOL does not
relay secure connections. So now I have to tell my AOL-using customers
to use a different port, that AOL does not redirect. And that port has
to be able to handle secure connections. Problem solved.

Try using an AOL dial-up connection, then telnet to port 25 on any
machine in the universe, and look closely at what happens. In
particular, issue an EHLO command... You will see what I mean. You
will be talking to an AOL relay machine, NOT the machine you specified
in your telnet connection command.

><snip>
> Besides from a tech support standpoint, SMTP redirection to a relay
>server is great! Customers can put whatever they like into their
Outgoing
>mail server setting, as long as it resolves to an IP, and their mail
will
>work! Especially handy if they move between ISPs.
>
>Tom


In point of fact, it does NOT work, if you use SSL in your client
settings. The mail does not get through the AOL relay. One of the main
advantages of using my service is that you CAN move between ISPs without
changing any email settings. For a little while, it looked as though
AOL users were unable to use my services. Fortunately, this has now
been resolved.

If I had simply disabled the SSL before AUTH requirement on my server, I
would have been telling my customers to give AOL unencrypted copies of
their username/password combination every time they sent an email. Not
acceptable.

I hope this clarifies for you? Understand, I admire AOL for attempting
to reduce spam (well, spam other than their own, I suppose). I just
disagree with the implementation of their method. As far as I am
concerned, what AOL is doing is the equivalent of wire-tapping without a
warrant, and worse, blocking any transmission they themselves can't
read.

By the way, AOL is still using Sendmail, not Exim. Oh well.

Jim Roberts
Punster Productions, Inc.

"Just because you're paranoid, doesn't mean they're NOT out to get you."