Exim Flaw Exposes Servers to Remote Code Execution
A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.
#RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls
RFC: What should the rating for #STARTTLS be like?
Customised Server Login Message and WordPress Email Problem
WordPress emails had been silently failing for years.https://islandinthenet.com/customised-server-login-message-wordpress-email-problem/
Anyone know why #Amazon has started insisting on #STARTTLS before it'll send you emails? I discover the reason why I'm no longer getting some emails (e.g. from a charity I'm a member of) is because:
Diagnostic-Code: smtp; 550 5.1.1 Remote MTA does not support STARTTLS. Message can be delivered only over a TLS connection.
This seems an odd decision to have made :(
Don't know whether anybody of you guys uses #Apple Mail but I'd rather be careful:
https://www.linkedin.com/feed/update/urn:li:activity:7349803754226868224/
TL;DR: UI prefers #STARTTLS over #TLS for #IMAP (but actually for some reason uses both ports). Apple Product Security doesn't see a reason for immediate action.
My bottom line: a) Apple doesn't take security as relevant as they say b) there are probably lots of users like I was who have STARTTLS configured and don't know that.
I recommend to check whether you're affected. If so I'd configure that as recommended above and change your passwords.
#Apple #Mail.app and #Notes.app still use STARTTLS IMAP protocol as a default? Just did a "lsof -i Pn" on my macbook to learn that Apple Mail used for two providers of mine both port 143 (insecure *) #STARTTLS #IMAP) and port 993 (IMAP over #TLS) which I wouldn't have expected in 2020ies from a company which claims to put security and privacy first. For sure I didn't explicitly configure this. Turns out the checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" (German: Verbindungseinstellungen automatisch verwalten" ) is the culprit. If one unchecks that port 143 was configured. And if you uncheck that and choose 993 instead, restart the Mail.app (and Notes.app) everything is fine. How about your settings? Still using IMAP+STARTTLS on your #Mac? *) STARTTLS is a plaintext protocol which is known for 10++ years prone to MitM attacks
#Apple #Mail.app + #Notes.app still use #STARTTLS #IMAP protocol as a default?
Did a "lsof -i Pn" on my Macbook to learn that Mail used for my providers both port 143 (insecure STARTTLS) + port 993 (#TLS). For sure I didn't explicitly configure this.
The checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" is the culprit. Unchecking that, choose port 993 instead of 143 , restart the Mail.app (and Notes.app) everything is fine.
@ Apple : #wtf ?
Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.
#MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT
Das BSI hat eine Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" veröffentlicht. Diese richtet sich an alle Unternehmen, die E-Mails mit einer eigenen Domain senden und empfangen.
now also available in English:
Four modern mail systems for self-hosting -- Universal support for mail security standards
https://www.sidn.nl/en/news-and-blogs/four-modern-mail-systems-for-self-hosting
An increasing number of mail software packages are now available that offer out-of-box support for all security standards, and are easy to set up as well. In this article, we consider four modern open-source packages for self-hosting: #Mox, #Chasquid, #Stalwart and #Maddy.
#SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity
Modern security standards are crucial for a well-functioning mail infrastructure. We discuss 4 modern open-source mail packages, which support all security standards and are easy to set up: Mox, Chasquid, Stalwart and Maddy.
op SIDN.nl:
Vier moderne mail-systemen voor self-hosting -- Beveiligingsstandaarden voor mail universeel ondersteund
https://www.sidn.nl/nieuws-en-blogs/vier-moderne-mailsystemen-voor-self-hosting
Inmiddels zijn er meerdere software-pakketten beschikbaar die én alle beveiligingsstandaarden out-of-the-box ondersteunen én makkelijk op te zetten zijn. In dit artikel bespreken we vier moderne open-source mail-pakketten voor self-hosting: #Mox, #Chasquid, #Stalwart en #Maddy.
#SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity
Moderne beveiligingsstandaarden zijn cruciaal voor een goed werkende mailinfra. We bespreken 4 moderne open-sourcemailpakketten, die alle beveiligingsstandaarden ondersteunen én makkelijk op te zetten zijn.: Mox, Chasquid, Stalwart en Maddy.
Letzte Woche fand das erste Treffen mit Mail-Providern zum E-Mail-Sicherheits-Jahr 2025 statt. Mit dabei war auch die Präsidentin des BSI, Claudia Plattner. Ich kann mich den Worten von Fabian Bock nur anschließen und freue mich schon auf die vielen weiteren Treffen und Aktionen, die wir für das Jahr geplant haben 
https://mail.de/de/blog/2025-03-unsere-teilnahme-am-e-mail-sicherheits-jahr-2025
#MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE
Analyst207
testssl.sh 
Khürt Williams
Matthew Vernon
d0rk ✅
Florian Bierhoff
Adrian Offerman