similar to: pop 110/995, imap 143/993 ?

Displaying 20 results from an estimated 4000 matches similar to: "pop 110/995, imap 143/993 ?"

2017 Aug 22
0
pop 110/995, imap 143/993 ?
>> Lest anyone think STARTTLS MITM doesn't happen, >> >> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Right, the attack does happen, but it can be prevented by properly configuring the server and client. >> Not only for security, I prefer port 993/995 as it's just plain >> simpler to initiate SSL from the get-go
2017 Aug 21
6
pop 110/995, imap 143/993 ?
If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct??? Is there something to enable for perfect forward security with starttls? ? Original Message ? From: s.arcus at
2017 Aug 21
2
pop 110/995, imap 143/993 ?
Lest anyone think STARTTLS MITM doesn't happen, https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Not only for security, I prefer port 993/995 as it's just plain simpler to initiate SSL from the get-go rather than to do some handshaking that gets you to the same point. Joseph Tam <jtam.home at gmail.com>
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017, Sebastian Arcus wrote: > > On 21/08/17 10:37, Gedalya wrote: > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > > > is there a 'preferred way'? should I tell users to use 143 over 993 ? or > > > 993 over 143? or? > > There is no concrete answer. There are various opinions and feelings about > > this. > > The
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On 21/08/17 22:18, Joseph Tam wrote: > > Lest anyone think STARTTLS MITM doesn't happen, > > https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > > Not only for security, I prefer port 993/995 as it's just plain simpler > to initiate SSL from the get-go rather than to do some handshaking that > gets you to the same
2017 Aug 22
1
pop 110/995, imap 143/993 ?
Robert Wolf wrote: >> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you >> have enabled something like cram-md5. > > Hi, > > exactly, this is the reason, why plain-text is still needed. You don't need > encryption for authentication, if you have secure authentication. Without > knowing original password, the MITM cannot generate correct hash
2017 Aug 22
3
pop 110/995, imap 143/993 ?
On 22.08.2017 03:56, Peter wrote: >>> Lest anyone think STARTTLS MITM doesn't happen, >>> >>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > Right, the attack does happen, but it can be prevented by properly > configuring the server and client. Dovecot, by default, requires STARTTLS before accepting plaintext
2017 Aug 22
0
pop 110/995, imap 143/993 ?
On Tue, 22 Aug 2017, Aki Tuomi wrote: > else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you > have enabled something like cram-md5. Hi, exactly, this is the reason, why plain-text is still needed. You don't need encryption for authentication, if you have secure authentication. Without knowing original password, the MITM cannot generate correct hash for login, so
2017 Aug 21
1
pop 110/995, imap 143/993 ?
On 21/08/17 16:25, Robert Wolf wrote: > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> On 21/08/17 13:39, Robert Wolf wrote: >>> >>> On Mon, 21 Aug 2017, Sebastian Arcus wrote: >>> >>>> >>>> On 21/08/17 10:37, Gedalya wrote: >>>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>>>> is there a
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > is there a 'preferred way'? should I tell users to use 143 over 993 ? or > 993 over 143? or? There is no concrete answer. There are various opinions and feelings about this. The opinion againt 993/995 is that these are not standard ports, and there is no need to allocate new ports for the secure version of each protocol since we
2017 Aug 20
4
pop 110/995, imap 143/993 ?
just setting a new Dovecot server to migrate from older system, but, I have a general question: 1. I've set the server with self issued cert, and both pop/imap StartTLS/110/143 SSL/993/995 (apologies if I'm using wrong naming terminology) is there a 'preferred way'? should I tell users to use 143 over 993 ? or 993 over 143? or? my current understanding is that some (MS?)
2017 Aug 21
0
pop 110/995, imap 143/993 ?
On Mon, 21 Aug 2017, Sebastian Arcus wrote: > On 21/08/17 13:39, Robert Wolf wrote: > > > > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > > > > > > > > On 21/08/17 10:37, Gedalya wrote: > > > > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: > > > > > is there a 'preferred way'? should I tell users to use 143 over
2017 Aug 21
4
pop 110/995, imap 143/993 ?
On 21/08/17 10:37, Gedalya wrote: > On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >> 993 over 143? or? > There is no concrete answer. There are various opinions and feelings about this. > The opinion againt 993/995 is that these are not standard ports, Out of curiosity, is there a
2020 May 31
0
identify 143 vs 993 clients
> Le 31 mai 2020 ? 06:09, Peter <peter at pajamian.dhs.org> a ?crit : > > On 29/05/20 11:27 pm, mj wrote: >> Thanks to all who participated in the interesting discussion. >> It seems my initial thought might have been best after all, and discontinuing port 143 might be the safest way proceed. > > Yes and no. Some of the attack vectors mentioned are not
2017 Aug 21
2
pop 110/995, imap 143/993 ?
On 21/08/17 13:39, Robert Wolf wrote: > > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> >> On 21/08/17 10:37, Gedalya wrote: >>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>> is there a 'preferred way'? should I tell users to use 143 over 993 ? or >>>> 993 over 143? or? >>> There is no concrete answer. There
2016 Apr 27
2
Apache/PHP Installation - opinions
On Wed, Apr 27, 2016 at 12:50 AM, Alice Wonder <alice at domblogger.net> wrote: > That is the only reliable way to avoid MITM with SMTP. Except I can just strip STARTTLS and most MTAs will continue to connect. Brandon Vincent
2020 May 31
3
identify 143 vs 993 clients
On 29/05/20 11:27 pm, mj wrote: > Thanks to all who participated in the interesting discussion. > > It seems my initial thought might have been best after all, and > discontinuing port 143 might be the safest way proceed. Yes and no. Some of the attack vectors mentioned are not reasonable and it really depends on the client. Thunderbird, for example, used to have settings for
2017 Aug 22
0
pop 110/995, imap 143/993 ?
On Tue, 22 Aug 2017, Ivan Warren wrote: > Le 8/22/2017 ? 10:03 AM, Robert Wolf a ?crit?: > > > > WRONG!!! The email is stored plain-text on the first server and then it can > > be > > sent to other few MX servers over plain-text connection. I.e. encrypted > > connection does not protect emails, but the authentication credentials. > > > > > Indeed.
2016 Apr 27
0
Apache/PHP Installation - opinions
On 04/27/2016 12:59 AM, Brandon Vincent wrote: > On Wed, Apr 27, 2016 at 12:50 AM, Alice Wonder <alice at domblogger.net> wrote: >> That is the only reliable way to avoid MITM with SMTP. > > Except I can just strip STARTTLS and most MTAs will continue to connect. > No you can't. Not with a smtp that enforces DANE. If my postfix sees that your SMTP publishes a DANE
2020 May 29
0
identify 143 vs 993 clients
On 2020-05-26, mj <lists at merit.unu.edu> wrote: > Hi, > > On 25/05/2020 23:04, Voytek wrote: >> jumping here with a question, if I use 143 with STARTTLS, and, force >> TLS/SSL in configuration, that's equivalent from security POV, isn't >> it? and, same for 110 STARTTLS? Or am I missing something? > Interesting point, after some googling, I think you