![]() ![]() I've even tried creating a policy that open just port 587 and is set to use 'Any' Network and 'Any' Application. Source and Destination networks are set to 'Any', Source and Destination ports are set to 'Any'. The key here that I understand is that if you have these 'applications' listed in your outbound direction and marked as allow, this traffic is allowed to pass out of the network?!?! yes? Then on the Policy page I have setup all the applications I need in the LAN-WAN direction.ĭns, icmp, ntp, snmp, time, http, https, smtp, imap, secure-imap, pop3, secure-pop3, submission (587), and more. ![]() Dialer1 is in the WAN zone and Vlan1 is in the LAN Zone. So in the Security page of CCPe I have setup the zones. I am getting better at CLI though which I am proud of as I was forced to to get this router working. #Surgemail port 587 how tothis is mainly due to the fact I don't know how to setup the firewall properly in CLI. I have don't the 'trickery' in CLI and the rest of the config has been done in the new CCP Express 3.1 GUI. as per plenty of googleing I am doing this buy setting up a vlan to do the PPPOE authentication and use the dialer interface to actually establish the connection. ![]() I am doing something with this router that is supposedly not quite what its intended purpose is, but I am running a WAN via an Ethernet port rather than ADAL or VDSL. The server on the train seems to not accept mail by the way, I get “500 Unknown command” all the time.īy the way, I just tested this: The Wi-Fi of ÖBB’s competitor “Westbahn” does the same thing: If I use the Westbahn’s Wi-Fi to contact my own mail server on port 25, it greets me with “220 ESMTP Postfix (Debian/GNU)”.īut also here: Switching to port 587 solves the problem.I am having trouble getting port 587 open on my 887VA router. You shouldn’t use port 25 anyway, use the “submission” port 587 (according to RFC 2476!) and you don’t have any problems. I assume they don’t want you to use their Wi-Fi for spam. Not sure, what they are trying to do here. In Austria, IT Security | 2 Comments 2 Comments So keep an eye on your SMTP/IMAP configuration and make sure you’re forcing TLS/SSL otherwise someone in the same train is seeing your data. Organisationsname: OeBB Telekom Service GmbH Block port 25 if you have fear of spammers, but don’t force unencrypted traffic over a open wifi.Īnyway whats that profinet.at stuff …. ![]() Someone is intercepting my SMTP traffic and if my mail clients would use the default setting (use TLS if possible) I would now send my login data (which is for most people the same as for fetching mails) in the clear over an unprotected WiFi. #Surgemail port 587 softwareIts not my IP address and its sure not the mail server software I use. Server: 220 profinet.at SurgeSMTP (Version 6.3c2-2) I switched to Wireshark (which is running all the time … Ok, I launched it □ ) and looked at the traffic: I did a SSH to a server of mine and checked typed the same command and got my server certificate complete with chain. Hey, my server does not support STARTTLS? I’m sure it does. $ openssl s_client -connect :25 -starttls smtpĭidn't found starttls in server response, try anyway. I used a openssl client to check various SSL and TLS connections to my servers, and when I called following: I believe its even more problematic as it concerns the mail system. Today I’m traveling back to Tirol again with a Railjet and I found something other disturbing. Yesterday I wrote about the the information leak at the Railjet Wifi. OeBB Railjet WiFi second, even bigger security problem ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |