On 22.08.2017 03:56, Peter wrote:
>>> Lest anyone think STARTTLS MITM doesn't happen,
>>>
>>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
> Right, the attack does happen, but it can be prevented by properly
> configuring the server and client.
Doveco
Am 22. August 2017 02:29:30 MESZ schrieb kenneth topp :
>Hi,
>
>I've just switch from procmail to pigeonhole, and I'm seeing an issue
>(twice in six hours).
>
>I have spamassisn running via postfix milter, and dropping off via
>main.cf
>"mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp"
>
>> Lest anyone think STARTTLS MITM doesn't happen,
>>
>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
Right, the attack does happen, but it can be prevented by properly
configuring the server and client.
>> Not only for security, I prefer port 993/99
Gary writes:
If I read this correctly, starttls will fail due to the MITM attack.
That is the client knows security has been compromised.
I'm not sure what you man by "fail". STARTTLS is prone to MITM attacks
if a client has not been configured to refuse non-STARTTLS/SSL sessions.
For client
Hi,
I've just switch from procmail to pigeonhole, and I'm seeing an issue
(twice in six hours).
I have spamassisn running via postfix milter, and dropping off via main.cf
"mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp"
The issue is that I get a sequence of these log messages:
Aug 21
If I read this correctly, starttls will fail due to the MITM attack. That is
the client knows security has been compromised. Using SSL/TLS, the MITM can use
SSL stripping. Since most Postifx conf use "may" for security, the message
would go though unencrypted. Correct???
Is there something to e
Hello!
It's a client thing. The client should not request StartSSL when
there is no certificate present.
Sorry for the noise!
Andreas
Andreas Meyer schrieb am 22.08.17 um 00:16:54 Uhr:
> Hello!
>
> I have a new domain integrated into dovecot but no certificate yet.
>
> In dovecot.conf the
Hello!
I have a new domain integrated into dovecot but no certificate yet.
In dovecot.conf there is ssl = yes and the other domains have
certificates configured.
How do I exclude this new domain from using SSL?
Greetings
Andreas
pgpX5krx2vxKu.pgp
Description: Digitale Signatur von OpenPGP
On 21/08/17 22:18, Joseph Tam wrote:
Lest anyone think STARTTLS MITM doesn't happen,
https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
Not only for security, I prefer port 993/995 as it's just plain simpler
to initiate SSL from the get-go rather t
Lest anyone think STARTTLS MITM doesn't happen,
https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
Not only for security, I prefer port 993/995 as it's just plain simpler
to initiate SSL from the get-go rather than to do some handshaking that
get
Bottom line, a server operator's view can be a lot narrower than this,
especially in the scenario where you serve the general public and do not
control the clients.
There is definitely no reason why you wouldn't want to serve ports 993/995. The
MITM thing can be used to argue against serving por
On 21/08/17 16:25, Robert Wolf wrote:
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
On 21/08/17 13:39, Robert Wolf wrote:
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
On 21/08/17 10:37, Gedalya wrote:
On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
is there a 'preferred way'? should I tel
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> On 21/08/17 13:39, Robert Wolf wrote:
> >
> > On Mon, 21 Aug 2017, Sebastian Arcus wrote:
> >
> > >
> > > On 21/08/17 10:37, Gedalya wrote:
> > > > On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
> > > > > is there a 'preferred way'? should I tell
On 21/08/17 13:39, Robert Wolf wrote:
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
On 21/08/17 10:37, Gedalya wrote:
On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
is there a 'preferred way'? should I tell users to use 143 over 993 ? or
993 over 143? or?
There is no concrete answer. Ther
On Mon, 21 Aug 2017, Sebastian Arcus wrote:
>
> On 21/08/17 10:37, Gedalya wrote:
> > On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
> > > is there a 'preferred way'? should I tell users to use 143 over 993 ? or
> > > 993 over 143? or?
> > There is no concrete answer. There are various opinio
On Mon, 21 Aug 2017 11:04:40 +0100, Sebastian Arcus stated:
>On 21/08/17 10:37, Gedalya wrote:
>> On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or
>>> 993 over 143? or?
>> There is no concrete answer. There are vario
On 08/21/2017 06:04 PM, Sebastian Arcus wrote:
>
> On 21/08/17 10:37, Gedalya wrote:
>> On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or
>>> 993 over 143? or?
>> There is no concrete answer. There are various opinions and
On 21/08/17 10:37, Gedalya wrote:
On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
is there a 'preferred way'? should I tell users to use 143 over 993 ? or
993 over 143? or?
There is no concrete answer. There are various opinions and feelings about this.
The opinion againt 993/995 is that the
On 08/21/2017 07:28 AM, voy...@sbt.net.au wrote:
> is there a 'preferred way'? should I tell users to use 143 over 993 ? or
> 993 over 143? or?
There is no concrete answer. There are various opinions and feelings about this.
The opinion againt 993/995 is that these are not standard ports, and ther
On 21/08/17 00:28, voy...@sbt.net.au wrote:
just setting a new Dovecot server to migrate from older system, but, I
have a general question:
1. I've set the server with self issued cert, and both pop/imap
StartTLS/110/143 SSL/993/995 (apologies if I'm using wrong naming
terminology)
is there a
20 matches
Mail list logo
