Re: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
Re: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
- Subject: Re: [Fed-Talk] Mail.app ignores the "Verify Certificate" dialog?
- From: Joel Esler <email@hidden>
- Date: Thu, 04 Mar 2010 14:23:19 -0500
Agreed. VPN ftw.
--
Joel Esler
Sent from my iPhone
On Mar 4, 2010, at 2:19 PM, "Valentine, Colin M." <email@hidden> wrote:
That's why I run a VPN server at home..... I use it when connecting
from any untrusted* network with my personal laptop.
If using a work laptop, I VPN back to the mother ship.
* untrusted == any network I don't manage
Colin
-----Original Message-----
From: fed-talk-bounces+val=email@hidden [mailto:fed-
talk-
bounces+val=email@hidden] On Behalf Of Danziger, Alan D.
Sent: Thursday, March 04, 2010 11:33
To: Mueller, David S CIV SPAWARSYSCEN-PACIFIC, 55620; Dan Morrison;
Joel Esler
Cc: Fed Talk
Subject: Re: [Fed-Talk] Mail.app ignores the "Verify Certificate"
dialog?
I totally agree with David's last point.
The concern & issue is that by the time you're "encountering
situations
like
this", you _MAY_ have already compromised your password.
I still believe (as I emailed Dan off-list, and as Tim Miller has
said
on-list) that the likelihood is the error message is imprecise, and
it
was
the "connection didn't validate" rather than that the password was
actually
transmitted and rejected, which caused the dialog box to appear...
But
belief is not validation.
So I wonder if it's worth, as a best practice, to do the port-
specific
traceroute before trying to access email etc. from public internet
sites.
:-/ What a pain... :-)
On 3/4/10 11:27 AM, "Mueller, David S CIV SPAWARSYSCEN-PACIFIC,
55620"
<email@hidden> wrote:
My guess if the traceroute is working is that they're intercepting
outbound SMTP (port 25/465) traffic and redirecting it to their
server.
Since traceroute normally uses high-numbered UDP destination ports,
it's
not getting redirected. Try using "traceroute -P tcp -p 465
smtp.gmail.com" (or whatever port you have configured for
smtp.gmail.com
in Mail.app) and see what happens.
While I understand possible reasons for doing this, it does
present a
problem. Services that use SPF (Sender Policy Framework, RFC 4408)
in
their spam filter (like Gmail) are more likely to dump your messages
into the spam folder, since mail10.wildflower.net likely isn't
listed
as
a permitted sender for gmail.com.
I'd suggest sticking with Gmail's web interface (over https of
course)
when encountering situations like this.
- David
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden