[176419] in North American Network Operators' Group
Re: Transparent hijacking of SMTP submission...
daemon@ATHENA.MIT.EDU (William Herrin)
Thu Nov 27 19:44:33 2014
X-Original-To: nanog@nanog.org
X-Really-To: <nanog@nanog.org>
In-Reply-To: <54778167.7080808@bogus.com>
From: William Herrin <bill@herrin.us>
Date: Thu, 27 Nov 2014 19:42:20 -0500
To: joel jaeggli <joelja@bogus.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, Nov 27, 2014 at 2:54 PM, joel jaeggli <joelja@bogus.com> wrote:
> I don't see this in my home market, but I do see it in someone else's...
> I kind of expect this for port 25 but...
>
> J@mb-aye:~$telnet 147.28.0.81 587
> Trying 147.28.0.81...
> Connected to nagasaki.bogus.com.
> Escape character is '^]'.
> 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> 19:17:44 GMT
> ehlo bogus.com
> 250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net
> [XXX.XXX.XXX.XXX], pleased to meet you
> 250 ENHANCEDSTATUSCODES
>
> J@mb-aye:~$telnet 2001:418:1::81 587
> Trying 2001:418:1::81...
> Connected to nagasaki.bogus.com.
> Escape character is '^]'.
> 220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
> 19:18:33 GMT
> ehlo bogus.com
> 250-nagasaki.bogus.com Hello
> [IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you
> 250-ENHANCEDSTATUSCODES
> 250-PIPELINING
> 250-8BITMIME
> 250-SIZE
> 250-DSN
> 250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
> 250-STARTTLS
> 250-DELIVERBY
> 250 HELP
>
> that's essentially a downgrade attack on my ability to use encryption
> which seems to be in pretty poor taste frankly.
Hi Joel,
I'm not sure I follow your complaint here. Are you saying that Comcast or a
Comcast customer in Washington state stripped the STARTTLS verb from the
IPv4 port 587 SMTP submission connection between you and a third party?
Thanks,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?
