No no no no no. The problem with your theory below is that: 1. It is by far best for users to authenticate to send mail. 2. Your "solution" works only for unencrypted unauthenticated users that ignore the certificate presented by the mail server. Put another way, your mechanism rewards those doing the wrong thing while punishing those of us sending our email via encrypted and authenticated mechanisms. That's a very bad thing. Owen Sent from my iPhone On Oct 25, 2011, at 15:03, Mike Jones <mike@mikejones.in> wrote:
On 25 October 2011 20:52, Alex Harrowell <a.harrowell@gmail.com> wrote:
Ricky Beam <jfbeam@gmail.com> wrote:
Works perfectly even in networks where a VPN doesn't and the idiot hotel intercepts port 25 (not blocks, redirects to *their* server.)
--Ricky
Why do they do that?
My home ISP run an open relay on port 25 with IP-based authentication, so I might configure my laptops email client to send email via smtp.myisp.com port 25 (many/most? residential ISPs have unauthenticated relays, even ISPs that tell you to use authentication often have another server next to it that doesn't need authentication for customer IP space)
If the hotel simply blocks port 25 then my email is broken, if they allow it then my email is broken (as my ISP doesn't let the hotel relay through their mail servers), however if the hotel redirects 25 to their own open relays then in theory my email should work fine.
They could always tell people "there is a relay at 10.0.0.25 so you can change your settings to use that", however by redirecting all port 25 traffic there they are effectively forcibly auto-configuring anyone who was already configured to send via an unauthenticated server on port 25. They are probably acting under the assumption that the only people using 25 are using it for unauthenticated access, I believe most servers that do use authentication tell users to use alternate ports so this is probably a reasonable assumption.
Compared to straight blocking of port 25 it's probably better as long as the relay it is redirecting you to works properly so you don't have to try and diagnose issues - However considering the quality of the average hotel network I suspect most of them that are trying to do this probably have it set to redirect to a dead server anyway.
- Mike