[linux-elitists] AOL says goodbye to AT&T/Comcast and residential mail spools

Aaron Sherman ajs@ajs.com
Thu Apr 10 20:19:39 PDT 2003


Hope no one here has friends or relatives that use AOL if you run your
home MTA on a residential network.... If you do, you'll have to start
relaying mail for AOL through the public relay (probably slow and flaky)
that your ISP provides. Why?

AOL has instituted a new policy: TCP sessions established on port 25 to
any of their MX hosts from systems that obtain their IP addresses
dynamically (their term, I don't know exactly how they define it, since
I'm not on any reputable, public dynip BLs that I can find) will be
summarily disconnected after the transmission of several lines of text
which resemble an SMTP error.

I say "resemble" because the SMTP RFC is clear on their options at this
point in a session (e.g. after the transport session has first been
established):

   The SMTP protocol allows a server to formally reject a transaction
   while still allowing the initial connection as follows: a 554
   response MAY be given in the initial connection opening message
   instead of the 220.  A server taking this approach MUST still wait
   for the client to send a QUIT (see section 4.1.1.10) before closing
   the connection and SHOULD respond to any intervening commands with
   "503 bad sequence of commands".  Since an attempt to make an SMTP
   connection to such a system is probably in error, a server returning
   a 554 response on connection opening SHOULD provide enough
   information in the reply text to facilitate debugging of the sending
   system.

AOL violates this on two major points:

1. They issue a series of 550 responses, not 554, like so:

550-The IP address you are using to connect to AOL is either open to
550-the free relaying of e-mail, is serving as an open proxy, or is a
550-dynamic (residential) IP address.  AOL cannot accept further e-mail
550-transactions from your server until either your server is closed to
550-free relaying/proxy, or your ISP removes your IP address from their
550-list of dynamic IP addresses.  For additional information,
550-please visit http://postmaster.info.aol.com.
550 Goodbye

2. They then send a reset packet to disconnect the session.

I'm going to look into what it takes to get a site on the various
RFC-non-compliance lists, but ultimately, the RFC lossage is not my core
beef (though it certainly is indicative of an attitude that has lead us
down this path). My concern is that more and more companies and
individuals are slicing out those portions of the Internet that they
don't think that they would ever want to interact with in relatively
blind and poorly managed ways.

You cannot, for example, get your well-behaved mailer removed from the
list, since even the initial report that they will send you from their
Web-tool is emailed, not to the IP in question, but to root at the
domain that registered the IP with ARIN!

How much further down this path of large ISPs slicing out the "unwanted"
do we have to see before all ISPs will simply stop passing packets past
their own networks which do not originate from their servers or a
"registered business partner" of some sort?

I'm recommending to all of my friends and family that (a) it will be a
cold day in hell before my mailer config is polluted with a special
entry for every ISP that thinks DHCP-assigned IPs aren't really part of
the Internet, and (b) unless they have the swing to change AOL's policy
on this one, they're better off getting an account with an ISP that
might warn them before taking such drastic and harmful actions.

Sorry for the rant, but I'm annoyed as hell over this. Thanks.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030410/c8b7f592/attachment.pgp 


More information about the linux-elitists mailing list