nanog mailing list archives

Transparent hijacking of SMTP submission...


From: joel jaeggli <joelja () bogus com>
Date: Thu, 27 Nov 2014 11:54:15 -0800

I don't see this in my home market, but I do see it in someone else's...
I kind of expect this for port 25 but...

J@mb-aye:~$telnet 147.28.0.81 587
Trying 147.28.0.81...
Connected to nagasaki.bogus.com.
Escape character is '^]'.
220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
19:17:44 GMT
ehlo bogus.com
250-nagasaki.bogus.com Hello XXXXXXXXXXXXXXX.wa.comcast.net
[XXX.XXX.XXX.XXX], pleased to meet you
250 ENHANCEDSTATUSCODES

J@mb-aye:~$telnet 2001:418:1::81 587
Trying 2001:418:1::81...
Connected to nagasaki.bogus.com.
Escape character is '^]'.
220 nagasaki.bogus.com ESMTP Sendmail 8.14.9/8.14.9; Thu, 27 Nov 2014
19:18:33 GMT
ehlo bogus.com
250-nagasaki.bogus.com Hello
[IPv6:2601:7:2380:XXXX:XXXX:XXXX:c1ae:7d73], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP

that's essentially a downgrade attack on my ability to use encryption
which seems to be in pretty poor taste frankly.


Attachment: signature.asc
Description: OpenPGP digital signature


Current thread: