[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Insecure Mail Sending Warning
From: |
Robert Thorpe |
Subject: |
Re: Insecure Mail Sending Warning |
Date: |
Sat, 24 Oct 2020 02:48:09 +0100 |
> Robert> Where <mailserver> is the URL of my mailserver.
>
> Robert> Can I fix this or is the problem on my mail provider's side?
>
> The problem is on the mail provider's side, I think.
Thank you. I'll contact my provider and ask them about it.
> Iʼm kind of surprised that a real mail provider still enables
> TLS1.0. You can test what it supports using
>
> gnutls-cli -p 587 <mailserver>
That command doesn't seem to give useful output. It says:
> Processed 148 CA certificate(s).
> Resolving '<mailserver>:587'...
> Connecting to '81.17.254.9:587'...
> |<1>| Received record packet of unknown type 50
> *** Fatal error: An unexpected TLS packet was received.
Anyway, I'll talk to them about it.
> Robert> I'm using port 587, which I thought was correct.
>
> 587 is the mail submission port. It normally starts out in cleartext,
> and is then upgraded to TLS with a STARTTLS command. Iʼd recommend
> 465, which is TLS-only (although you'd have to set
> smtpmail-stream-type to 'tls)
>
> You'd still get the warning, but at least the entire connection would
> be encrypted (not that that means much when using TLS1.0)
It seems that port 465 doesn't work. The gnutls-cli command timed out
on it.
Thank you again,
Robert Thorpe