nanog mailing list archives
Re: Transparent hijacking of SMTP submission...
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Sat, 29 Nov 2014 13:46:05 -0500
backing up a bit in the conversation, perhaps this is just in some regions of comcastlandia? I don't see this in Northern Virginia... $ openssl s_client -starttls smtp -connect my-mailserver.net:587 CONNECTED(00000003) depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailserver.net, emailAddress = my-emailaddrss.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailsever.net, emailAddress = my-emailaddress.com verify error:num=27:certificate not trusted verify return:1 depth=0 description = kVjtrCL8rUdvd00q, C = US, CN = my-mailserver.net, emailAddress = my-emailaddress.com verify error:num=21:unable to verify the first certificate verify return:1 ... Certificate chain 0 s:/description=kVjtrCL8rUdvd00q/C=US/CN=my-mailserver.net/emailAddress=y-emailaddress.com i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA ... New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: FC3E47AF2A2A96BF6DE6E11F96B02A0C41A6542864271F2901F09594DE9A48FA Session-ID-ctx: Master-Key: BE7FB76EF5C0A9BA507B175026F73E67080D6442201FDF28F536FA38197A9B1353D644EEAF8D0D264328F94B2EF5742C Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1417286582 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 DSN ehlo me 250-my-mailserver.net 250-PIPELINING On Sat, Nov 29, 2014 at 12:26 PM, Jean-Francois Mezei <jfmezei_nanog () vaxination ca> wrote:
On 14-11-29 11:07, Sander Steffann wrote:I am so glad that our Dutch net neutrality laws state that "providers of Internet access services may not hinder or delay any services or applications on the Internet" (unless [...], but those exceptions make sense)However, in the case of SMTP, due to the amount of spam, most ISPs break "network neutrality" by blocking outbound port 25 for instance, and their SMTP servers will block much incoming emails (spam). However, SMTP is a layer or two above the network. But blocking port 25 is at the network level. I have seen wi-fi systems where you ask to connect to 20.21.22.23 port 25, and you get connected to 50.51.52.53 port 25. (the ISPs own SMTP server). I would rather they just block it than redirect you without warning to an SMTP server of their own where they can look and your outbound email, pretend to acccept it, and never deliver it.
Current thread:
- Re: Transparent hijacking of SMTP submission..., (continued)
- Re: Transparent hijacking of SMTP submission... Mark Andrews (Nov 27)
- Re: Transparent hijacking of SMTP submission... Suresh Ramasubramanian (Nov 27)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 27)
- Re: Transparent hijacking of SMTP submission... Suresh Ramasubramanian (Nov 27)
- Re: Transparent hijacking of SMTP submission... Jay Ashworth (Nov 27)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 29)
- Re: Transparent hijacking of SMTP submission... Jay Ashworth (Nov 27)
- Re: Transparent hijacking of SMTP submission... Randy Bush (Nov 29)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)
- Re: Transparent hijacking of SMTP submission... Jean-Francois Mezei (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... John Levine (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... joel jaeggli (Nov 29)
- Re: Transparent hijacking of SMTP submission... Christopher Morrow (Nov 29)
- Re: Transparent hijacking of SMTP submission... William Herrin (Nov 30)
- Re: Transparent hijacking of SMTP submission... Sander Steffann (Nov 29)
- Re: Transparent hijacking of SMTP submission... Randy Bush (Nov 29)