when should we esmtps our mxes?
>>>>> Kristian Erik Hermansen <kristian.hermansen@gmail.com> writes:
>>>>> On Mon, Oct 24, 2016 at 1:59 AM, Adrian Bunk <bunk@stusta.de> wrote:
[…]
>> For the kind of attacks you are describing, https is just snake oil.
> Profusely disagree and so do other members of this list. I'll leave
> it at that, but also I should point out that your email is being
> routed insecurely via welho.com and lacks TLS in transit, so I also
> probably shouldn't consider your TLS knowledge very highly…
Speaking of which. Does the gnutls-cli transcript MIMEd signify
of an ongoing MitM attack, or is it just a misconfiguration?
--
FSF associate member #7257 58F8 0F47 53F5 2EB2 F6A5 8916 3013 B6A0 230E 334A
$ dig +nocomment mx lists.debian.org
…
lists.debian.org. 3600 IN MX 0 bendel.debian.org.
…
$ gnutls-cli --starttls -p 25 bendel.debian.org
Processed 173 CA certificate(s).
Resolving 'bendel.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:4002:443'...
Connecting to '82.195.75.100:443'...
- Simple Client Mode:
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=bendel.debian.org,EMAIL=hostmaster@bendel.debian.org', issuer `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2016-02-09 00:00:13 UTC', expires `2017-02-08 00:00:13 UTC', SHA-1 fingerprint `d99dffbab982a0bbca0f95cf88401f75d75a0194'
Public Key ID:
a6fa6354cd66e04bba4f3c3e5f45bf82afe17b61
Public key's random art:
+--[ RSA 2048]----+
| |
| . |
| . + . |
| + = . . |
| +S+ . .|
| o+. .E .|
| ...+ oo... |
| .+o....o.. |
| .o.ooo.++. |
+-----------------+
- Certificate[1] info:
- subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', issuer `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2009-04-04 22:40:56 UTC', expires `2019-04-02 22:40:56 UTC', SHA-1 fingerprint `2bd080f1a4c79bae4d8ce3728fd2483b49ce4ca5'
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed
Reply to: