Transparent hijacking of SMTP submission...
Mark Andrews
marka at isc.org
Thu Nov 27 20:38:38 UTC 2014
Which is why your MTA should always be setup to require the use of
STARTTLS. Additionally the CERT presented should also match the
name of the server.
There is absolutely no reason for a ISP / hotspot to inspect
submission traffic. The "stopping spam" argument doesn't wash with
submission.
Mark
In message <54778167.7080808 at bogus.com>, joel jaeggli writes:
>
> I don't see this in my home market, but I do see it in someone else's...
> I kind of expect this for port 25 but...
>
> J at mb-aye:~$telnet 147.28.0.81 587
> Trying 147.28.0.81...
> Connected to nagasaki.bogus.com.
> Escape character is '^]'.
> 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> 19:17:44 GMT
> ehlo bogus.com
> 250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net
> [XXX.XXX.XXX.XXX], pleased to meet you
> 250 ENHANCEDSTATUSCODES
>
> J at mb-aye:~$telnet 2001:418:1::81 587
> Trying 2001:418:1::81...
> Connected to nagasaki.bogus.com.
> Escape character is '^]'.
> 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> 19:18:33 GMT
> ehlo bogus.com
> 250-nagasaki.bogus.com Hello
> [IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
>
> that's essentially a downgrade attack on my ability to use encryption
> which seems to be in pretty poor taste frankly.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list