lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <401847D7.3040202@tux.obix.com>
From: phil at tux.obix.com (Phil Brutsche)
Subject: Proposal: how to notify owners of compromised
 PC's

petard wrote:

> Sorry for a borderline off-topic reply, but I'm cc-ing the list so this
> is in the archives, in case any stupid ISP reads this and thinks it's a
> good idea. It isn't.

<sending this to the list as well, since not enough people are doing the 
proper research>

> I left my ISP about 9 months ago because they implemented this very
> policy. It entirely destroyed my ability to send email from my preferred
> address. Our SMTP setup at example.com relays mail from people
> claiming to be @example.com if and only if they have been authenticated
> using a client X.509 certificate issued by the example.com root
> certificate authority.

Then put SMTP on a different TCP port.  RFC 2476, which specifies TCP 
port 587 to be a message submission port for MUAs, was specifically 
created to address this issue.

-- 

Phil Brutsche
phil@....obix.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ