Mailing List CGatePro@mail.stalker.com Message #104670
From: Rob Logan <Rob@Logan.com>
Subject: Yahoo TLS failures
Date: Fri, 10 Jan 2014 15:34:22 -0500
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

I used a self signed 1k TLS cert for email. since last week its been
failing for yahoo hosted sights:

09:45:33.553 5 SMTP-000060(sbcglobal.net) 1 relay(s) found:mx2.sbcglobal.am0.yahoodns.net
09:45:33.553 4 SMTP-000060(sbcglobal.net) resolving 'mx2.sbcglobal.am0.yahoodns.net'
09:45:33.577 4 SMTP-000060(sbcglobal.net) connecting [0.0.0.0]:0 -> [98.136.217.192]:25
09:45:33.717 5 SMTP-000060(sbcglobal.net) inp: 220 mta1216.sbc.mail.gq1.yahoo.com ESMTP ready
09:45:33.815 4 SMTP-000060(sbcglobal.net) [207.58.244.114]:52146 -> [98.136.217.192]:25 connected to mx2.sbcglobal.am0.yahoodns.net(ESMTP)
09:45:33.833 5 SMTP-000060(sbcglobal.net) out: EHLO logan.com\r\n
09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-mta1216.sbc.mail.gq1.yahoo.com
09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-PIPELINING
09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-SIZE 41943040
09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-8BITMIME
09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250 STARTTLS
09:45:33.932 4 SMTP-000060(sbcglobal.net) Connected. SIZE TLS
09:45:33.932 4 SMTP-000060(sbcglobal.net) starting TLS(optional)
09:45:33.932 5 SMTP-000060(sbcglobal.net) out: STARTTLS\r\n
09:45:34.006 5 SMTP-000060(sbcglobal.net) inp: 220 Start TLS
09:45:34.076 3 SMTP-000060(sbcglobal.net) failed to establish a secure connection with [98.136.217.192]:25. Error Code=TLS alert record received
09:45:34.076 5 SMTP-000060(sbcglobal.net) out: RSET\r\n
09:45:34.076 3 SMTP-000060(sbcglobal.net) read failed. Error Code=connection closed by peer
09:45:34.076 2 DEQUEUER [6674158] SMTP(sbcglobal.net)maharspar@sbcglobal.net delayed: connection with mx2.sbcglobal.am0.yahoodns.net is broken
09:45:34.076 4 SMTP(sbcglobal.net) re-enqueue

I've turned off "send encrypted when possible" but is there better fix?

--Yahoo! Mail Now Encrypted by Default
(January 9, 2014)
While Yahoo! has at last adopted default HTTPS encryption for Yahoo!
Mail, the company is facing criticism over its "failure to follow
industry best practices in rolling out" the encryption. Yahoo! has
supported full-session HTTPS since 2012, but until now, it has been an
opt-in feature. Yahoo!'s implementation of HTTPS encryption is not
consistent across servers and includes flaws that leave it vulnerable
to snooping. Yahoo!'s implementation of the encryption is missing what
is known as Perfect Forward Secrecy, which is used by Google, Microsoft,
and Twitter.
http://www.computerworld.com/s/article/9245258/Yahoo_email_encryption_standard_needs_work
http://www.theregister.co.uk/2014/01/09/yahoo_always_on_crypto_unstrong/

                Rob
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster