Mailing List CGatePro@mail.stalker.com Message #104672
From: Massimo Bolzoni <massimo.bolzoni@answervad.it>
Subject: Re: Yahoo TLS failures
Date: Mon, 13 Jan 2014 10:18:02 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.1085)
Ciao,

yes my approach is:

1- use at least 2kB cert
2- make a CA sign it

Max

Il giorno 10/gen/2014, alle ore 21.34, Rob Logan ha scritto:

>
> I used a self signed 1k TLS cert for email. since last week its been
> failing for yahoo hosted sights:
>
> 09:45:33.553 5 SMTP-000060(sbcglobal.net) 1 relay(s) found:mx2.sbcglobal.am0.yahoodns.net
> 09:45:33.553 4 SMTP-000060(sbcglobal.net) resolving 'mx2.sbcglobal.am0.yahoodns.net'
> 09:45:33.577 4 SMTP-000060(sbcglobal.net) connecting [0.0.0.0]:0 -> [98.136.217.192]:25
> 09:45:33.717 5 SMTP-000060(sbcglobal.net) inp: 220 mta1216.sbc.mail.gq1.yahoo.com ESMTP ready
> 09:45:33.815 4 SMTP-000060(sbcglobal.net) [207.58.244.114]:52146 -> [98.136.217.192]:25 connected to mx2.sbcglobal.am0.yahoodns.net(ESMTP)
> 09:45:33.833 5 SMTP-000060(sbcglobal.net) out: EHLO logan.com\r\n
> 09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-mta1216.sbc.mail.gq1.yahoo.com
> 09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-PIPELINING
> 09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-SIZE 41943040
> 09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250-8BITMIME
> 09:45:33.932 5 SMTP-000060(sbcglobal.net) inp: 250 STARTTLS
> 09:45:33.932 4 SMTP-000060(sbcglobal.net) Connected. SIZE TLS
> 09:45:33.932 4 SMTP-000060(sbcglobal.net) starting TLS(optional)
> 09:45:33.932 5 SMTP-000060(sbcglobal.net) out: STARTTLS\r\n
> 09:45:34.006 5 SMTP-000060(sbcglobal.net) inp: 220 Start TLS
> 09:45:34.076 3 SMTP-000060(sbcglobal.net) failed to establish a secure connection with [98.136.217.192]:25. Error Code=TLS alert record received
> 09:45:34.076 5 SMTP-000060(sbcglobal.net) out: RSET\r\n
> 09:45:34.076 3 SMTP-000060(sbcglobal.net) read failed. Error Code=connection closed by peer
> 09:45:34.076 2 DEQUEUER [6674158] SMTP(sbcglobal.net)maharspar@sbcglobal.net delayed: connection with mx2.sbcglobal.am0.yahoodns.net is broken
> 09:45:34.076 4 SMTP(sbcglobal.net) re-enqueue
>
> I've turned off "send encrypted when possible" but is there better fix?
>
> --Yahoo! Mail Now Encrypted by Default
> (January 9, 2014)
> While Yahoo! has at last adopted default HTTPS encryption for Yahoo!
> Mail, the company is facing criticism over its "failure to follow
> industry best practices in rolling out" the encryption. Yahoo! has
> supported full-session HTTPS since 2012, but until now, it has been an
> opt-in feature. Yahoo!'s implementation of HTTPS encryption is not
> consistent across servers and includes flaws that leave it vulnerable
> to snooping. Yahoo!'s implementation of the encryption is missing what
> is known as Perfect Forward Secrecy, which is used by Google, Microsoft,
> and Twitter.
> http://www.computerworld.com/s/article/9245258/Yahoo_email_encryption_standard_needs_work
> http://www.theregister.co.uk/2014/01/09/yahoo_always_on_crypto_unstrong/
>
>                Rob
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <CGatePro@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
> Send administrative queries to  <CGatePro-request@mail.stalker.com>


--------------------------------------------------------------------
Massimo Bolzoni - Solution Architect
Mob.: +39 335 5278936

Iscriviti ai nostri WEBINAR, solo 30 minuti per illustrarti i nostri servizi in the cloud (SAAS) e le nostre tecnologie CommuniGate, Mailspect e IP Technology LAB, maggiori info qui: www.answervad.it/webinar.php

Answer srl: distributore italiano Communigate Pro, MailSpect, IP Technology labs


Answer srl
via Gandhi, 22 - 42123 Reggio Emilia
Tel +39 0522 286545
e-mail massimo.bolzoni@answervad.it
Web www.answervad.it
--------------------------------------------------------------------
Le informazioni contenute nella presente comunicazione e i relativi allegati possono essere riservate e sono, comunque, rivolte esclusi-vamente al destinatario. La diffusione, distribuzione e/o copie deldocumento trasmesso o degli allegati da parte di qualsiasi soggettodiverso dal destinatario e'perseguibile ai sensi dell'articolo 616Codice Penale e del Decreto Legislativo n. 196/2003.Se avete ricevuto questo messaggio per errore, Vi preghiamo di re-inviarlo al mittente e distruggerlo.
Per informazioni potete contattare l'indirizzo privacy@answervad.it
***
This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have receivedthe message in error, be informed that any use of the content hereofis prohibited and it is punished by law. Please return it immediatelyto the sender and delete the message.
Should you have any questions,please contact us at privacy@answervad.it
--------------------------------------------------------------------




Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster