On Fri, Feb 19, 1999 at 12:45:06PM -0500, Scott Schwartz wrote:
> The question arises, however, why those aol users don't just submit their
> mail to aol's smtp server? Presumably an aol user, just like any person on
> the internet, can submit a message to their local smtp server (for which they
> are authenticated) with a "From:" line that has one of your virtual domains
> in it (or indeed, any string they like). So why do aol users need to use you
> as their injection point?
Try this with msn.com. If you're connected to their network and submit a
message to the local smtp server using a "From" address that isn't an msn.com
address, they'll *silently* discard your mail. They'll accept it, and without
warning deposit it into a bitbucket. (This was the case several months ago.
They may have wised up since, but I doubt it.) I've heard that other ISPs are
requiring that the envelope sender domain be one of their domains in order for
you to be able to relay, thus making them unusable as relays if you use a
different address. At one point (and this may have changed), ibm.net would give
you a "550: Unauthorized access" as soon as it saw a MAIL FROM with a
non-ibm.net address.
Another problem I've had runs along the lines of the following:
Me: "Use your ISPs SMTP server to send your mail."
AOL user: "Huh?"
I'm not even sure that AOL provides relays for outgoing mail, since they use
some kind of proprietary mail protocol that's built in to their front-end
software.
Because of stupid policies like MSN's or users' conceptual problems with
relaying mail, it's becoming very difficult to provide people on different ISPs
with e-mail addresses that they can use. I usually wind up telling MSN users
that their mail will just have to look like it's coming from their msn.com
addresses, and there's nothing I can do about it. I tell AOL users to get a
real ISP.
I don't recommend that anyone run an open relay and I'll continue to tell
people not to and to refer them to FAQ 5.4, but I'm becoming increasingly
sympathetic to people who think they need to. Whether the problem can be fixed
without some kind of username/password authentication in SMTP I don't know, but
I think it's something worth talking about.
Chris
