[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

when should we esmtps our mxes?



>>>>> Kristian Erik Hermansen <kristian.hermansen@gmail.com> writes:
>>>>> On Mon, Oct 24, 2016 at 1:59 AM, Adrian Bunk <bunk@stusta.de> wrote:

[…]

 >> For the kind of attacks you are describing, https is just snake oil.

 > Profusely disagree and so do other members of this list.  I'll leave
 > it at that, but also I should point out that your email is being
 > routed insecurely via welho.com and lacks TLS in transit, so I also
 > probably shouldn't consider your TLS knowledge very highly…

	Speaking of which.  Does the gnutls-cli transcript MIMEd signify
	of an ongoing MitM attack, or is it just a misconfiguration?

-- 
FSF associate member #7257  58F8 0F47 53F5 2EB2 F6A5  8916 3013 B6A0 230E 334A
$ dig +nocomment mx lists.debian.org 
…
lists.debian.org.	3600	IN	MX	0 bendel.debian.org.
…
$ gnutls-cli --starttls -p 25  bendel.debian.org 
Processed 173 CA certificate(s).
Resolving 'bendel.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:4002:443'...
Connecting to '82.195.75.100:443'...

- Simple Client Mode:

*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=bendel.debian.org,EMAIL=hostmaster@bendel.debian.org', issuer `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2016-02-09 00:00:13 UTC', expires `2017-02-08 00:00:13 UTC', SHA-1 fingerprint `d99dffbab982a0bbca0f95cf88401f75d75a0194'
	Public Key ID:
		a6fa6354cd66e04bba4f3c3e5f45bf82afe17b61
	Public key's random art:
		+--[ RSA 2048]----+
		|                 |
		|        .        |
		|       . +    .  |
		|        + =  . . |
		|       +S+    . .|
		|      o+.   .E  .|
		|     ...+  oo... |
		|     .+o....o..  |
		|    .o.ooo.++.   |
		+-----------------+

- Certificate[1] info:
 - subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', issuer `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP CA,EMAIL=hostmaster@puppet.debian.org', RSA key 2048 bits, signed using RSA-SHA1, activated `2009-04-04 22:40:56 UTC', expires `2019-04-02 22:40:56 UTC', SHA-1 fingerprint `2bd080f1a4c79bae4d8ce3728fd2483b49ce4ca5'
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed

Reply to: