#Mailservers

Kevin Karhan :verified:kkarhan@infosec.space
2025-01-31

@topher #Antivirus is for the most part #Scareware aimed at scamming #TechIlliterates which at best only works against kniwn threats and at worst is literal #Malware in and of itself selling user data to bad actors.

As for the rest one can just scan #Fileservers regularly and do so on #Mailservers, but existing tools to enforce quick and early updates on those distros already do most of the heavy lifting re: #ITsec...

#JustSayling

Olly ๐Ÿ‘พOlly42@nerdculture.de
2025-01-09

Over 3 Million Mail Servers without Encryption exposed to Sniffing Attacks.

As scans from the IT-security threat monitoring platform Shadowserver show, 3.3 million hosts are running POP3/IMAP services without TLS encryption enabled and expose usernames & passwords in plain text when transmitted over the Internet.

shadowserver.org/what-we-do/ne

#pop3 #imap #mailservers #exposed #sniffing #tls #it #security #privacy #engineer #media #tech #news

ShadowServer is now notifying mail server operators that their POP3/IMAP servers do not have TLS enabled, exposing users unencrypted usernames and passwords to sniffing attacks.

"This means that passwords used for mail access may be intercepted by a network sniffer. Additionally, service exposure may enable password guessing attacks against the server," Shadowserver said. "If you receive this report from us, please enable TLS support for IMAP as well as consider whether the service needs to be enabled at all or moved behind a VPN."

The original TLS 1.0 specification and its successor, TLS 1.1, have been used for nearly two decades, with TLS 1.0 being introduced in 1999 and TLS 1.1 in 2006. After extensive discussions and the development of 28 protocol drafts, the Internet Engineering Task Force (IETF) approved TLS 1.3, the next major version of the TLS protocol, in March 2018.

In a coordinated announcement in October 2018, Microsoft, Google, Apple and Mozilla said they would retire the insecure TLS 1.0 and TLS 1.1 protocols in the first half of 2020. Microsoft began enabling the latest version, TLS 1.3, by default with Windows 11.[ImageSource: ShadowServer]

The map shows IMAP and POP3 mail servers without TLS.

Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. Almost 900,000 are based in the U.S., another 560,000 and 380,000 in Germany and Poland, the organization found and adding: โ€œWe see around 3.3M such cases with POP3 & a similar amount with IMAP (most overlap). It's time to retire those!โ€ You can check out vulnerability reports for both POP3 email servers and IMAP email hosts on the Shadowserver Foundation site.

IMAP and POP3 are two methods for accessing email on mail servers. IMAP is recommended for checking emails from multiple devices, such as phones and laptops because it keeps your messages on the server and synchronizes them between devices. POP3, on the other hand, downloads emails from the server, making them accessible only from the device where they were downloaded.

The TLS secure communication protocol helps secure users information while exchanging and accessing their emails over the Internet through client/server applications. However, when TLS encryption is not enabled, their messages contents and credentials are sent in clear text, exposing them to eavesdropping network sniffing attacks.

ShadowServer advised all email users to check with their email service provider to be sure that TLS is enabled and the latest version of the protocol is being used.
Kevin Karhan :verified:kkarhan@infosec.space
2024-05-11

@Szwendacz I think #Antivirus and #Malware protection should be the sole responsibility of the #maintainer of said #OS / #Distro!

And I'd happily pay for #support and have that in writing for more than just #compliance reasons...

That being said #Linux already dominates (#Android is just a #toybox + #musl / #Linux distro and for the vast majority of people - espechally in the global south, it is their #Desktop!) and it "solved" the malware problem just by taking away 'the means to fuck up a system' from #TechIlliterate #users - as any reasonable #sysadmin should do anyway...

  • Something that may not work at all on #macOS and espechally on #Windows due to it not having permission managment and actual security in it's design!

So yeah, 3rd party #AV may seem like #Scareware on #Linux (and #Mailservers should at least #ClamAV their inboxes) but on Windows they are absolutely pointless given than those are #BinaryBlob - #Kernelhacks (none of them got Sourcecode access for Windows!) that actually lessen #security of the System!

  • I don't trust #Microsoft and thus I don't use Windows - period!
2024-04-05

ADMIN #80 is available now! In this issue, we look at threat management strategies and tools. Get your copy today! bit.ly/ADMIN-library #security #containers #MailServers #Azure #scripting #chatbot #MySQL #Kubernetes #Microsoft #Bicep #cloud #ransomware #Kubescape #RustDesk

ADMIN Netwok & Security | ISSUE 80 | Threat MANAGEMENT: Lock down your IT environment | MySQL Migration | Kubescape
Kevin Karhan :verified:kkarhan@infosec.space
2024-03-22

@lamp @Mastodon @MastodonEngineering @puniko I know, but the #Fediverse kinda makes #SelfHosting quite #paywalled even compared to @Websites and #Mailservers...

Stefano Marinellistefano@bsd.cafe
2024-03-08

Escape the cloud: Own your e-mail.

Make your own E-Mail server - FreeBSD, OpenSMTPD, Rspamd and Dovecot included - Part 1

it-notes.dragas.net/2024/03/08

#FreeBSD #IT #SysAdmin #EMail #MailServers #BastilleBSD

Joerg Jaspert :debian:Ganneff@fulda.social
2024-01-02

Hrm. When you have #dmarc setup for your #mailservers, getting reports is nice.

Then you get the idea that you could also have your tools send out #reports. Ok, sure, easy to setup, just a cronjob.

But then, umm, it seems I am missing something.
Sending dmarc reports for mails that clearly had been spam (#rspamd sorted them out correctly), seems like an idiotic idea to me?! "Heyho, I got your mail all fine, here is a report, come on, send more" seems to not be the wisest move available.

But there also doesn't appear to be an option to skip on such things. Except for setting either exclude_domains or only_domains.
For the first I would need to know which domains spammers send from. So nope, out.
For the second I limit myself to just a few domains to send to. Which would be the known big ones usually, and that's not much interesting.

Meh, so for now, no report sending.

Kevin Karhan :verified:kkarhan@mstdn.social
2023-08-07

@Annalee

Exactly!
Because whilst #OpenBSD is propably the safest Operating System that one can hook up to the Internet out-of-the-box, noone's gonna yeet all their #Linux boxes out and force themselves to migrate everything to it.

Just because I know people who earned their living doing #Mailservers on #OpenBSD doesn't mean it's something I'd recommend to anyone even if on paper that's the "most secure option"...

Kevin Karhan :verified:kkarhan@mstdn.social
2023-08-07

@Annalee OR you could just choose a #ManagedHosting provider where someone is being paid for keeping stuff updated and secure.

Just like with #Mailservers, #Wordpress or whatever application one wants hosted.

It's not as if #SelfHosting is without alternative and choosing a #FLOSS solution that multiple providers offer as #managed / #SaaS offering is my go-to recommendation espechally for SMEs and Users that can't afford personnel hours needed to properly #SelfHost!

Kevin Karhan :verified:kkarhan@mstdn.social
2023-05-08

@freakazoid @dansup well, #ActivityPub - just like #XMPP & #SMTP + #IMAP - #eMail is an #open, #MultiVendor / #MultiProvider standard and thus jist like with #Webservers, #Browsers, #Mailservers & -Clients, #Mastodon not only can but will be superseded by better alternatives over time...

Just like #Linux overtook #Minix and why #FreeBSD is sometimes being used instead of #Linux and why we'll see #Windows dying a slow and painful death...

mstdn.social/@kkarhan/11033077

2023-01-13

I have had a couple of incidents recently of important customer communications not getting through in part because said customers' SPF records were not correctly set up.

In both cases, the blocked emails were from a mail solution/service that was not listed in the customer's SPF networks/includes โ€“ and the SPF record ended with a dash-all (ie: hard fail for others). It boggles my mind that admins aren't setting up these records correctly in 2022.

If you administrate a mailsystem, I urge you to read up on SPF. It is an essential part of your mail domain's validation and reputation and is relatively easy to set up. #SPF #mailservers

support.google.com/a/answer/10

Lightmeterlightmeter
2021-03-31

Lightmeter 1.5 is out: now you can monitor remote using either sockets or sync'ing! ( users: we've got you covered ๐Ÿ˜‰). Also past delivery performance now gets analysed and Insights created, producing a handy digest of found issues ๐Ÿ“œ lightmeter.io/lightmeter-1-5-h

2019-09-10

Critical TLS flaw opens Exim servers to remote compromise - A โ€˜criticalโ€™ security vulnerability has been discovered in the Exim mail server that requires admi... more: nakedsecurity.sophos.com/2019/ #servernameindication #securitythreats #bufferoverflow #cve-2019-10149 #cve-2019-15846 #vulnerability #cve-2018-6789 #emailsecurity #mailservers #https #exim #rce #tls

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst