1
Don't allow Insecure connections
Idea shared by Kyle McNally - 4/11/2017 at 7:16 AM
Proposed

I've been seeing connections in the Manage->Connections (in 16, but also applies elsewhere) that are not showing the Checkmark under the SSL/TLS heading. I've got my bindings set to use SSL/TLS on all my ports available. So I started looking into it, and it looks like SM isn't enforcing TLS. (confirmed by Von-Austin See on a Support ticket)

I assumed that since all my ports were set to use TLS, that there wouldn't be any insecure connections allowed. 

To test this, I connected to my server using telnet. Below is my output for my tests. The first test, I connected in and used EHLO, which did, in fact, run a STARTTLS. But my second test, I used HELO, which did not encrypt the connection. That's fine, but, I was still able to send an email message. 

When I run an AUTH LOGIN, I think I should get a SMTP '523 Encryption Needed' code in response ( According to www DOT iana DOT org/go/rfc5248 )

This is a proposal to give us an option to force all connections to my server to be encrypted. I'm putting this out there to get some feedback on if this would impede delivery or any other unforeseen problems. 

TELNET

teset@test 11:30:14 ~ $ telnet mail.example.com 25
Trying 0.0.0.0...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com
ehlo example.com
250-mail.example.com Hello [255.255.255.255]
250-SIZE 41943040
250-AUTH LOGIN CRAM-MD5
250-STARTTLS
250-VRFY
250-8BITMIME
250 OK
mail from:<test@example.com>
550 Authentication is required for relay
auth login
334 VXNlcm5hbWU6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
334 UGFzc3dvcmQ6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
235 Authentication successful
mail from:<test@example.com>
250 OK <test@example.com> Sender ok
rcpt to:<rcpt@example.net>
250 OK <test@example.net> Recipient ok
data
354 Start mail input; end with <CRLF>.<CRLF>
testing an email from smtp
.
250 OK
quit
221 Service closing transmission channel
Connection closed by foreign host.









test@test 11:52:44 ~ $ telnet mail.example.com 25
Trying 0.0.0.0...
Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com
helo
250 mail.example.com Hello [97.76.33.134]
mail from:<test@example.com>
550 Authentication is required for relay
auth login
334 VXNlcm5hbWU6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
334 UGFzc3dvcmQ6
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
235 Authentication successful
mail from:<test@example.com>
250 OK <test@example.com> Sender ok
rcpt to:<test@example.net>
250 OK <test@example.net> Recipient ok
data
354 Start mail input; end with <CRLF>.<CRLF>
testing an email from smtp
.
250 OK
quit
221 Service closing transmission channel
Connection closed by foreign host.
Thanks!

Reply to Thread