similar to: pop 110/995, imap 143/993 ?

Displaying 20 results from an estimated 5000 matches similar to: "pop 110/995, imap 143/993 ?"

2017 Aug 21
6
pop 110/995, imap 143/993 ?
If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct??? Is there something to enable for perfect forward security with starttls? ? Original Message ? From: s.arcus at
2017 Aug 22
3
pop 110/995, imap 143/993 ?
On 22.08.2017 03:56, Peter wrote: >>> Lest anyone think STARTTLS MITM doesn't happen, >>> >>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > Right, the attack does happen, but it can be prevented by properly > configuring the server and client. Dovecot, by default, requires STARTTLS before accepting plaintext
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On 21/08/17 22:18, Joseph Tam wrote: > > Lest anyone think STARTTLS MITM doesn't happen, > > https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > > Not only for security, I prefer port 993/995 as it's just plain simpler > to initiate SSL from the get-go rather than to do some handshaking that > gets you to the same
2017 Aug 22
0
pop 110/995, imap 143/993 ?
>> Lest anyone think STARTTLS MITM doesn't happen, >> >> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Right, the attack does happen, but it can be prevented by properly configuring the server and client. >> Not only for security, I prefer port 993/995 as it's just plain >> simpler to initiate SSL from the get-go
2017 Aug 22
1
pop 110/995, imap 143/993 ?
Robert Wolf wrote: >> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you >> have enabled something like cram-md5. > > Hi, > > exactly, this is the reason, why plain-text is still needed. You don't need > encryption for authentication, if you have secure authentication. Without > knowing original password, the MITM cannot generate correct hash
2017 Aug 21
4
pop 110/995, imap 143/993 ?
On 21/08/17 10:37, Gedalya wrote: > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >> 993 over 143? or? > There is no concrete answer. There are various opinions and feelings about this. > The opinion againt 993/995 is that these are not standard ports, Out of curiosity, is there a
2017 Aug 21
1
pop 110/995, imap 143/993 ?
On 21/08/17 16:25, Robert Wolf wrote: > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> On 21/08/17 13:39, Robert Wolf wrote: >>> >>> On Mon, 21 Aug 2017, Sebastian Arcus wrote: >>> >>>> >>>> On 21/08/17 10:37, Gedalya wrote: >>>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>>>> is there a
2017 Aug 20
4
pop 110/995, imap 143/993 ?
just setting a new Dovecot server to migrate from older system, but, I have a general question: 1. I've set the server with self issued cert, and both pop/imap StartTLS/110/143 SSL/993/995 (apologies if I'm using wrong naming terminology) is there a 'preferred way'? should I tell users to use 143 over 993 ? or 993 over 143? or? my current understanding is that some (MS?)
2020 May 26
5
identify 143 vs 993 clients
Hi, On 25/05/2020 23:04, Voytek wrote: > jumping here with a question, if I use 143 with STARTTLS, and, force > TLS/SSL in configuration, that's equivalent from security POV, isn't > it? and, same for 110 STARTTLS? Or am I missing something? Interesting point, after some googling, I think you are right, and as long as we have set "disable_plaintext_auth = yes" (and we
2017 Aug 22
0
pop 110/995, imap 143/993 ?
Gary <lists at lazygranch.com> writes: > If I read this correctly, starttls will fail due to the MITM attack. > That is the client knows security has been compromised. I'm not sure what you man by "fail". STARTTLS is prone to MITM attacks if a client has not been configured to refuse non-STARTTLS/SSL sessions. For clients that will allow both secured and plaintext
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017, Sebastian Arcus wrote: > > On 21/08/17 10:37, Gedalya wrote: > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > > > is there a 'preferred way'? should I tell users to use 143 over 993 ? or > > > 993 over 143? or? > > There is no concrete answer. There are various opinions and feelings about > > this. > > The
2017 Aug 22
0
pop 110/995, imap 143/993 ?
On Tue, 22 Aug 2017, Aki Tuomi wrote: > else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you > have enabled something like cram-md5. Hi, exactly, this is the reason, why plain-text is still needed. You don't need encryption for authentication, if you have secure authentication. Without knowing original password, the MITM cannot generate correct hash for login, so
2017 Aug 21
2
pop 110/995, imap 143/993 ?
On 21/08/17 13:39, Robert Wolf wrote: > > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> >> On 21/08/17 10:37, Gedalya wrote: >>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >>>> 993 over 143? or? >>> There is no concrete answer. There
2014 Dec 06
1
MD5-CRYPT/CRAM-MD5 vs SHA512-CRYPT/PLAIN
Am 6. Dezember 2014 13:10:58 MEZ, schrieb Reindl Harald <h.reindl at thelounge.net>: > >Am 06.12.2014 um 06:56 schrieb Jan Wide?: >> If you add disable_plaintext_auth=yes ssl=required settings, then >> dovecot will drop authentication without STARTTLS. But damage will be >> done, client will send unencrypted (or in this scenario MD5 or SHA512 >> hash)
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > is there a 'preferred way'? should I tell users to use 143 over 993 ? or > 993 over 143? or? There is no concrete answer. There are various opinions and feelings about this. The opinion againt 993/995 is that these are not standard ports, and there is no need to allocate new ports for the secure version of each protocol since we
2020 May 29
3
identify 143 vs 993 clients
> Le 29 mai 2020 ? 11:17, Stuart Henderson <stu at spacehopper.org> a ?crit : > > On 2020-05-26, mj <lists at merit.unu.edu> wrote: >> Hi, >> >> On 25/05/2020 23:04, Voytek wrote: >>> jumping here with a question, if I use 143 with STARTTLS, and, force >>> TLS/SSL in configuration, that's equivalent from security POV, isn't
2020 May 31
3
identify 143 vs 993 clients
On 29/05/20 11:27 pm, mj wrote: > Thanks to all who participated in the interesting discussion. > > It seems my initial thought might have been best after all, and > discontinuing port 143 might be the safest way proceed. Yes and no. Some of the attack vectors mentioned are not reasonable and it really depends on the client. Thunderbird, for example, used to have settings for
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017, Sebastian Arcus wrote: > On 21/08/17 13:39, Robert Wolf wrote: > > > > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > > > > > > > > On 21/08/17 10:37, Gedalya wrote: > > > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > > > > > is there a 'preferred way'? should I tell users to use 143 over
2017 Aug 22
0
pop 110/995, imap 143/993 ?
On Tue, 22 Aug 2017, Ivan Warren wrote: > Le 8/22/2017 ? 10:03 AM, Robert Wolf a ?crit?: > > > > WRONG!!! The email is stored plain-text on the first server and then it can > > be > > sent to other few MX servers over plain-text connection. I.e. encrypted > > connection does not protect emails, but the authentication credentials. > > > > > Indeed.
2013 Mar 05
6
New java update?
I see there's a release today or so from Oracle of a new zero-day vulnerability. Any idea how soon we'll have an update? <https://threatpost.com/en_us/blogs/oracle-rushes-emergency-java-update-patch-mcrat-vulnerabilities-030413> mark