You've really missed the point. Oh well. Why do you think I should
allow the keys to my server be handed over to AOL, so anyone that hacks
into AOL (including AOL), can then break into my server? AOL does not
host my customers' domains; I do. So, for their email to be addressed
properly from their own bought-and-paid-for domain, they must relay it
through my server. More accurately, my server must be the SMTP server
to their client. Otherwise, it won't be addressed as coming from their
own domain, but from the aol.com domain, which is what we are trying to
avoid.
I am also curious why you would test my server for being an open relay,
and then not tell me about it?
Yes, I do check my logs, thank you very much. And I believe I have
closed the hole now.
----- Original Message -----
From: "Tom Samplonius" <tom@???>
To: "James P. Roberts" <punster@???>
Sent: Monday, April 22, 2002 9:31 PM
Subject: Re: [Exim] AOL blocks SSL/TLS?
On Mon, 22 Apr 2002, James P. Roberts wrote:
> AOL does not allow their users to attempt to use SSL/TLS when sending
> mail. Their relays can't handle it, and unless the AOL user wants to
> broadcast their remote login info (assuming the remote server allows
> non-encrypted authentication, which I don't), or the remote server
owner
> (e.g. me) wants to be an open relay (no way!), then they cannot send
> email from a non-AOL email account. Unless we go to all this trouble
to
> bypass AOL's relays.
The only reason why you want to use SSL/TLS is protect a password that
the AOL relays can't verify anyhow. They don't have your passwords.
Second, the only reason why you want to provide a password is for secure
relaying, but the AOL relays provide secure relaying without passwords.
So
your users can use AOL just fine to relay their e-mail, without all this
SSL/TLS hassle.
Tom
