Sam Trenholme's webpage
This article was posted to the Usenet group alt.hackers in 1995; any technical information is probably outdated.

AOL's mailsystem, lies and videotape


Article: 8414 of alt.hackers
From: dedeo@mit.edu (Simon Joseph Dedeo)
Newsgroups: alt.hackers
Subject: AOL's mailsystem, lies and videotape
Date: 8 Aug 1995 16:59:03 GMT
Organization: Massachvsetts Institvte of Technology
Lines: 68
Approved: senator-exon@first-amendment.com
Message-ID: 40854n$evj@senator-bedfellow.MIT.EDU
NNTP-Posting-Host: m11-113-2.mit.edu
X-Newsreader: TIN [version 1.2 PL2]
Status: RO

[Part I: AOL's mailsystem.] :)

Before I begin this post, I'll thank all the generous and knowledgable
people who replied in e-mail or on alt.hackers to my previous post. If
anybody's interested, I can summarize the e-mail I received.

OK, so I figured out how all this nslookup stuff works, and I think I
have a good enough handle on how nameservers maintain up-to-date
information on machine addresses and so on.

So, using the authoratative Nameserver "NS.ANS.NET", I locate an
address that would accept connections to port 25.
(mail05.mail.aol.com).  This guy was running HP Sendmail 16.2.

So I say hi with "EHLO" (doesn't compain that I didn't give it an
address), and then try to "vrfy" a friend's address on the system
-->

EXPN joe@aol.com
250 <joe@emin06.mail.aol.com>

OK, sure. Not as much information as I would have hoped for... but
still, it's working fine.  So then I try

EXPN nauinefnwfnnc@aol.com
250 <nauinefnwfnnc@emin06.mail.aol.com>

It will "vrfy" any string of characters, regardless of if it's an
actual user name on the AOL system. (of course, there just might be
someone walking around with the name "nauinefnwfnnc", but I doubt it.
:) )

So does AOL have its own message routing system behind sendmail that
filters out invalid usernames and generates a simulated Error Message?
Does anybody have any suggestions as to the next step in figuring out
how AOL mail delivery works?

--------------------------------------------
>From a previous post:
"Also, note that AOL does NOT like this information getting out, as it
it's proprietary or something."

If all I'm doing is manually tracing out the route mail takes from my
system to theirs, is that a problem? Can I get arrested for
"impersonating a daemon" if I telnet into 25 and simulate the mail
delivery? Sure, something adolescent like sending fakemaill from their
SMTP port is questionable (appropiation of resources? stealing
electricity?), but if they don't have a problem with my legit mail
bouncing around their system automatically...
--------------------------------------------

Argh! Need an ObHack.
(This project is getting more and more expensive...)

Getting out of building a musical instrument for a "Conceptual
Physics" Class (a.k.a. "Touchy-feely Physics for people confused by
addition") in ninth grade with the following project...

Transferring data between two Apple IIe's (gotta love 'em) with the
PDL out ports. Very slow transfer rates (a few baud), but it worked
nonetheless, and I ended up inventing alot of the algorithms that I'm
now reading about in the TCP/IP RFC's (headers, checksums, ACKs,
etc.,etc.) The whole thing was in BASIC (aiie!), but I'm seriously
considering going back to hack up a machine code version.


(Phew. Big post)

-Simon D.



Back to index