RE: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
RE: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
- Subject: RE: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
- From: "Valentine, Colin M." <email@hidden>
- Date: Thu, 4 Mar 2010 14:19:09 -0500
- Acceptlanguage: en-US
- Thread-topic: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
That's why I run a VPN server at home..... I use it when connecting from any untrusted* network with my personal laptop.
If using a work laptop, I VPN back to the mother ship.
* untrusted == any network I don't manage
Colin
>-----Original Message-----
>From: fed-talk-bounces+val=email@hidden [mailto:fed-talk-
>bounces+val=email@hidden] On Behalf Of Danziger, Alan D.
>Sent: Thursday, March 04, 2010 11:33
>To: Mueller, David S CIV SPAWARSYSCEN-PACIFIC, 55620; Dan Morrison;
>Joel Esler
>Cc: Fed Talk
>Subject: Re: [Fed-Talk] Mail.app ignores the "Verify Certificate"
>dialog?
>
>I totally agree with David's last point.
>
>The concern & issue is that by the time you're "encountering situations
>like
>this", you _MAY_ have already compromised your password.
>
>I still believe (as I emailed Dan off-list, and as Tim Miller has said
>on-list) that the likelihood is the error message is imprecise, and it
>was
>the "connection didn't validate" rather than that the password was
>actually
>transmitted and rejected, which caused the dialog box to appear... But
>belief is not validation.
>
>So I wonder if it's worth, as a best practice, to do the port-specific
>traceroute before trying to access email etc. from public internet
>sites.
>:-/ What a pain... :-)
>
>
>On 3/4/10 11:27 AM, "Mueller, David S CIV SPAWARSYSCEN-PACIFIC, 55620"
><email@hidden> wrote:
>
>> My guess if the traceroute is working is that they're intercepting
>> outbound SMTP (port 25/465) traffic and redirecting it to their
>server.
>> Since traceroute normally uses high-numbered UDP destination ports,
>it's
>> not getting redirected. Try using "traceroute -P tcp -p 465
>> smtp.gmail.com" (or whatever port you have configured for
>smtp.gmail.com
>> in Mail.app) and see what happens.
>>
>> While I understand possible reasons for doing this, it does present a
>> problem. Services that use SPF (Sender Policy Framework, RFC 4408)
>in
>> their spam filter (like Gmail) are more likely to dump your messages
>> into the spam folder, since mail10.wildflower.net likely isn't listed
>as
>> a permitted sender for gmail.com.
>>
>> I'd suggest sticking with Gmail's web interface (over https of
>course)
>> when encountering situations like this.
>>
>> - David
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list (email@hidden)
>Help/Unsubscribe/Update your Subscription:
>
>This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden