Maybe of interest to others here: ----- Forwarded message -----
Date: Thu, 16 Jul 2015 19:35:41 +1000 From: XXXXXXX <xx...@net.in.tum.de> Subject: Re: Fwd: Postfix SMTP server: errors from scan2researchpaper.net.in.tum.de[188.95.233.5] User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 Dear colleague, Thanks for reaching out. We were using the STARTTLS implementation in openssl and had mistakenly assumed it would implement STARTTLS/SMTP correctly. I've just had a look at the source code. While openssl does wait for the server's response to EHLO to complete, it completely ignores the fact that STARTTLS is not among the announced capabilities. It even detects this fact and logs it with the words "Trying anyway". A Google search for this yields that they view this behaviour as a feature, at least at some point in the past. Please accept our apologies for this oversight. I am actually quite happy someone pointed it out to us as the patch is fairly easy. We're not going to enable STARTTLS again before the patch is ready. We've also added your system to our blacklist. In case you should be interested in what we're doing: Our team at the Network Architectures and Services Dept. (I8) of TU Muenchen, Germany, is carrying out an IPv4-wide scan of TLS. This is an effort to use this data to detect and classify anomalies in BGP routing, using TLS hosts as beacons. The corresponding whitepaper, which shows the potential of this method, can be found here: https://www.net.in.tum.de/fileadmin/bibtex/publications/papers/schlamp_TMA_1_2015.pdf The scanning procedure is as follows. First, we sweep IP addresses with a port scan. Where a TLS port is open, we connect via a normal STARTTLS or SSL/TLS handshake and download the certificates. We do not do anything else. Best regards, Ralph Holz On 16/07/15 02:14, Britvault Postmaster wrote: > Hello, > > Your scanner stupidly assumes TLS is enabled. > > Update your fuckwit scanner to _READ_ the data it is given: > > ----- Forwarded message from Mail Delivery System > <mailer-dae...@teak.britvault.co.uk> ----- > > Date: Tue, 14 Jul 2015 21:00:58 +0100 (BST) > From: Mail Delivery System <mailer-dae...@teak.britvault.co.uk> > To: Postmaster <postmas...@britvault.co.uk> > Subject: Postfix SMTP server: errors from > scan2researchpaper.net.in.tum.de[188.95.233.5] > > Transcript of session follows. > > Out: 220 teak.britvault.co.uk ESMTP Postfix > In: EHLO openssl.client.net > Out: 250-teak.britvault.co.uk > Out: 250-PIPELINING > Out: 250-SIZE 10240000 > Out: 250-ETRN > Out: 250-AUTH CRAM-MD5 > Out: 250-ENHANCEDSTATUSCODES > Out: 250-8BITMIME > Out: 250 DSN > In: STARTTLS > Out: 502 5.5.1 Error: command not implemented > In: ????"? > Out: 502 5.5.2 Error: command not recognized > In: > Out: 500 5.5.2 Error: bad syntax > In: > Out: 500 5.5.2 Error: bad syntax > In: > Out: 500 5.5.2 Error: bad syntax > > Session aborted, reason: lost connection > > For other details, see the local mail logfile > > ----- End forwarded message ----- > > > Jul 14 21:00:57 teak postfix/submission/smtpd[24310]: connect from > scan2researchpaper.net.in.tum.de[188.95.233.5] > Jul 14 21:00:58 teak postfix/submission/smtpd[24310]: lost connection after > UNKNOWN from scan2researchpaper.net.in.tum.de[188.95.233.5] > Jul 14 21:00:58 teak postfix/submission/smtpd[24310]: disconnect from > scan2researchpaper.net.in.tum.de[188.95.233.5] > > ----- End forwarded message -----
