Mailinglist Archive: opensuse (783 mails)

< Previous Next >
[opensuse] No encryption on imap on some servers [WAS: Basically every WiFi device just hacked?]
On 2017-10-16 22:37, James Knott wrote:
On 10/16/2017 04:02 PM, Carlos E. R. wrote:
On 2017-10-16 20:11, James Knott wrote:
On 10/16/2017 01:51 PM, Carlos E. R. wrote:
Besides, any communication protocol that uses encryption is safe, even
if they get entry to our WiFi: ssh, https... but not, I think, smb, nfs,
most email...
Many email providers are moving to SSL/TLS for POP, IMAP and SMTP.
Not mine.


Geez... Spain is really behind the times. Can you not even configure
it with your email apps? Also, email web interfaces now use https.
Also, Google tries to favour https web sites, to encourage encryption on
the web.

It is the ISP, email is secondary for them. It is no longer offered to new
clients, so they don't care that much.

So currently the IMAP connection has no security at all, whereas the smtp
connection does. I tried to enable starttls or ssl/tls and the connection
failed.


I also looked at my fetchmail log of one connection, it is this:

- - 6.3.26 querying imap.telefonica.net (protocol IMAP) at 2017-10-16T13:07:35
CEST: poll started
- - Trying to connect to 86.109.99.71/143...connected.
- - IMAP< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE AUTH=PLAIN AUTH=CRAM-MD5] e.movistar.es.
- - IMAP> A0001 CAPABILITY
- - IMAP< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN AUTH=CRAM-MD5
- - IMAP< A0001 OK Pre-login capabilities listed, post-login capabilities have
more.
- - IMAP> A0002 AUTHENTICATE CRAM-MD5
- - IMAP< + ***********==
- - IMAP> ************==
- - IMAP< * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT
MUMULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN
CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE QUOTA
- - IMAP< A0002 OK Logged in
- - IMAP> A0003 SELECT "Inbox"
- - IMAP< * FLAGS (\Answered \Flagged \Deleted \Seen \Draft NonJunk Junk)
- - IMAP< * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft
NonJunk Junk \*)] Flags permitted.
- - IMAP< * 3 EXISTS
- - IMAP< * 0 RECENT
- - IMAP< * OK [UNSEEN 1] First unseen.
- - IMAP< * OK [UIDVALIDITY 1496821626] UIDs valid
- - IMAP< * OK [UIDNEXT 33] Predicted next UID
- - IMAP< A0003 OK [READ-WRITE] Select completed (0.002 secs).
- - IMAP> A0004 EXPUNGE
- - IMAP< A0004 OK Expunge completed.
- - 3 messages for SOMEBODY at imap.telefonica.net (folder Inbox).
- - IMAP> A0005 FETCH 1:3 RFC822.SIZE
- - IMAP< * 1 FETCH (RFC822.SIZE 31383)
- - IMAP< * 2 FETCH (RFC822.SIZE 15673)
- - IMAP< * 3 FETCH (RFC822.SIZE 16227)
- - IMAP< A0005 OK Fetch completed.
- - IMAP> A0006 FETCH 1 RFC822.HEADER
- - IMAP< * 1 FETCH (RFC822.HEADER {2994}
- - reading message SOMEBODY@xxxxxxxxxxxxxxxxxxx:1 of 3 (2994 header
octets)Trying to connect to 127.0.0.1/25...connected.
- - SMTP< 220 Telcontar.valinor ESMTP
- - SMTP> EHLO Telcontar.valinor
- - SMTP< 250-Telcontar.valinor
- - SMTP< 250-PIPELINING
...


Looking at the exchange and that it used cramd5, I changed Thunderbird to also
use encryption for the password and apparently it works - this is new.



But I see no nothing about using TLS or SSL in the body fetch. On another
provider (pop3), I see:

- - POP3> CAPA
- - POP3< +OK
- - POP3< CAPA
- - POP3< TOP
- - POP3< UIDL
- - POP3< RESP-CODES
- - POP3< PIPELINING
- - POP3< AUTH-RESP-CODE
- - POP3< USER
- - POP3< SASL PLAIN
- - POP3< .
- - pop.dominioabsoluto.net: upgrade to TLS succeeded. <==========


so fetchmail tries and succeeds on another provider, but not on telefonica aka
movistar.

--
Cheers / Saludos,

Carlos E. R.
(from 42.2 x86_64 "Malachite" at Telcontar)

< Previous Next >
Follow Ups