[26324] in bugtraq
Re: Apple OSX and iDisk and Mail.app
daemon@ATHENA.MIT.EDU (Eric Hall)
Thu Jul 25 17:25:18 2002
Date: Wed, 24 Jul 2002 16:18:23 -0700
From: Eric Hall <bugtraq@darkart.com>
To: bugtraq@securityfocus.com
Message-ID: <20020724161823.D18646@ghosthound.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020724220627.22888.qmail@mail.securityfocus.com>; from spam_bucket@mac.com on Wed, Jul 24, 2002 at 10:06:27PM -0000
On Wed, Jul 24, 2002 at 10:06:27PM -0000, spam_bucket@mac.com wrote:
> In-Reply-To: <86vg75xg18.fsf@blue.stonehenge.com>
>
> Actually all I did was click on the SSL button and it seems to do everything over
> SSL now. I'm using 10.1.5 and it "just works" and I cant see the stream anymore. As
> a side effect it seems to also protect all of the email as well.
I took a look w/ tcpdump, Mail.app IMAP+SSL appears to be fine, nicely
obfuscated. Mail.app authenticated SMTP through smtp.mac.com appears to
try to start TLS, but the connection closes, a new port 25 connection is
opened and AUTH happens in the clear (AUTH=PLAIN) and the message is sent
in the clear.
-eric
