Transparent hijacking of SMTP submission...

Fri Nov 28 01:13:52 UTC 2014

No. He is a comcast customer. And some third party wifi access point
blocked his smtp submission over TLS by setting up an asa device to inspect
587 as well.
On Nov 28, 2014 6:16 AM, "William Herrin" <bill at herrin.us> wrote:

> On Thu, Nov 27, 2014 at 2:54 PM, joel jaeggli <joelja at bogus.com> wrote:
> > I don't see this in my home market, but I do see it in someone else's...
> > I kind of expect this for port 25 but...
> >
> > J at mb-aye:~$telnet 147.28.0.81 587
> > Trying 147.28.0.81...
> > Connected to nagasaki.bogus.com.
> > Escape character is '^]'.
> > 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> > 19:17:44 GMT
> > ehlo bogus.com
> > 250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net
> > [XXX.XXX.XXX.XXX], pleased to meet you
> > 250 ENHANCEDSTATUSCODES
> >
> > J at mb-aye:~$telnet 2001:418:1::81 587
> > Trying 2001:418:1::81...
> > Connected to nagasaki.bogus.com.
> > Escape character is '^]'.
> > 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> > 19:18:33 GMT
> > ehlo bogus.com
> > 250-nagasaki.bogus.com Hello
> > [IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you
> > 250-ENHANCEDSTATUSCODES
> > 250-PIPELINING
> > 250-8BITMIME
> > 250-SIZE
> > 250-DSN
> > 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
> > 250-STARTTLS
> > 250-DELIVERBY
> > 250 HELP
> >
> > that's essentially a downgrade attack on my ability to use encryption
> > which seems to be in pretty poor taste frankly.
>
>
> Hi Joel,
>
> I'm not sure I follow your complaint here. Are you saying that Comcast or a
> Comcast customer in Washington state stripped the STARTTLS verb from the
> IPv4 port 587 SMTP submission connection between you and a third party?
>
> Thanks,
> Bill Herrin
>
>
> --
> William Herrin ................ herrin at dirtside.com  bill at herrin.us
> Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
> May I solve your unusual networking challenges?
>