Olly 👾Jan 9, 2025

Over 3 Million Mail Servers without Encryption exposed to Sniffing Attacks.

As scans from the IT-security threat monitoring platform Shadowserver show, 3.3 million hosts are running POP3/IMAP services without TLS encryption enabled and expose usernames & passwords in plain text when transmitted over the Internet.

https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-pop3-report/

#pop3 #imap #mailservers #exposed #sniffing #tls #it #security #privacy #engineer #media #tech #news

HIGH: Vulnerable POP3 Report | The Shadowserver Foundation

This report identifies hosts that have a POP3 service running on port 110/TCP or 995/TCP without TLS support. This means that passwords used for mail access may be intercepted by a network sniffer. Additionally, service exposure may enable password guessing attacks against the server.

ADMIN magazineApr 5, 2024
ADMIN #80 is available now! In this issue, we look at threat management strategies and tools. Get your copy today! https://bit.ly/ADMIN-library #security #containers #MailServers #Azure #scripting #chatbot #MySQL #Kubernetes #Microsoft #Bicep #cloud #ransomware #Kubescape #RustDesk
ADMIN Print Issues | Linux New Media Shop

Linux New Media Shop
Joerg Jaspert Jan 2, 2024

Hrm. When you have #dmarc setup for your #mailservers, getting reports is nice.

Then you get the idea that you could also have your tools send out #reports. Ok, sure, easy to setup, just a cronjob.

But then, umm, it seems I am missing something.
Sending dmarc reports for mails that clearly had been spam (#rspamd sorted them out correctly), seems like an idiotic idea to me?! "Heyho, I got your mail all fine, here is a report, come on, send more" seems to not be the wisest move available.

But there also doesn't appear to be an option to skip on such things. Except for setting either exclude_domains or only_domains.
For the first I would need to know which domains spammers send from. So nope, out.
For the second I limit myself to just a few domains to send to. Which would be the known big ones usually, and that's not much interesting.

Meh, so for now, no report sending.

Show threadKevin Karhan Aug 7, 2023

@Annalee

Exactly!
Because whilst #OpenBSD is propably the safest Operating System that one can hook up to the Internet out-of-the-box, noone's gonna yeet all their #Linux boxes out and force themselves to migrate everything to it.

Just because I know people who earned their living doing #Mailservers on #OpenBSD doesn't mean it's something I'd recommend to anyone even if on paper that's the "most secure option"...

Show threadKevin Karhan Aug 7, 2023

@Annalee OR you could just choose a #ManagedHosting provider where someone is being paid for keeping stuff updated and secure.

Just like with #Mailservers, #Wordpress or whatever application one wants hosted.

It's not as if #SelfHosting is without alternative and choosing a #FLOSS solution that multiple providers offer as #managed / #SaaS offering is my go-to recommendation espechally for SMEs and Users that can't afford personnel hours needed to properly #SelfHost!

Kevin Karhan May 8, 2023

@freakazoid @dansup well, #ActivityPub - just like #XMPP & #SMTP + #IMAP - #eMail is an #open, #MultiVendor / #MultiProvider standard and thus jist like with #Webservers, #Browsers, #Mailservers & -Clients, #Mastodon not only can but will be superseded by better alternatives over time...

Just like #Linux overtook #Minix and why #FreeBSD is sometimes being used instead of #Linux and why we'll see #Windows dying a slow and painful death...

https://mstdn.social/@kkarhan/110330778109678586

Kevin Karhan :verified: (@[email protected])

@[email protected] amd that's why I won't go back to :birdsite: or even :twitter: 2.0 aka. :bluetooth: :skype: ... The only thing that works are #consequences.

Mastodon 🐘
Jesse SchooffJan 13, 2023

I have had a couple of incidents recently of important customer communications not getting through in part because said customers' SPF records were not correctly set up.

In both cases, the blocked emails were from a mail solution/service that was not listed in the customer's SPF networks/includes – and the SPF record ended with a dash-all (ie: hard fail for others). It boggles my mind that admins aren't setting up these records correctly in 2022.

If you administrate a mailsystem, I urge you to read up on SPF. It is an essential part of your mail domain's validation and reputation and is relatively easy to set up. #SPF #mailservers

https://support.google.com/a/answer/10683907

Define your SPF record—Advanced setup - Google Workspace Admin Help

Protect against spoofing & phishing, and help prevent messages from being marked as spam Who this article is for This article is for IT professionals and people who have experience setting u

LightmeterMar 31, 2021
Lightmeter 1.5 is out: now you can monitor remote #mailservers using either sockets or sync'ing! (#Logstash users: we've got you covered 😉). Also past delivery performance now gets analysed and Insights created, producing a handy digest of found issues 📜 https://lightmeter.io/lightmeter-1-5-historical-insights-and-logstash-support/
Lightmeter 1.5: Historical Insights and Logstash support - Lightmeter

Monitoring remote mailservers via sockets (including Elastic Logstash) and Rsync is now supported and past performance data is analysed

Lightmeter
ITSEC NewsSep 10, 2019
Critical TLS flaw opens Exim servers to remote compromise - A ‘critical’ security vulnerability has been discovered in the Exim mail server that requires admi... more: https://nakedsecurity.sophos.com/2019/09/10/critical-tls-flaw-opens-exim-servers-to-remote-compromise/ #servernameindication #securitythreats #bufferoverflow #cve-2019-10149 #cve-2019-15846 #vulnerability #cve-2018-6789 #emailsecurity #mailservers #https #exim #rce #tls
Critical TLS flaw opens Exim servers to remote compromise

Naked Security