home.social

#starttls — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #starttls, aggregated by home.social.

  1. Exim Flaw Exposes Servers to Remote Code Execution

    A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

    osintsights.com/exim-flaw-expo

    #RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls

  2. Exim Flaw Exposes Servers to Remote Code Execution

    A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

    osintsights.com/exim-flaw-expo

    #RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls

  3. Anyone know why #Amazon has started insisting on #STARTTLS before it'll send you emails? I discover the reason why I'm no longer getting some emails (e.g. from a charity I'm a member of) is because:

    Diagnostic-Code: smtp; 550 5.1.1 Remote MTA does not support STARTTLS. Message can be delivered only over a TLS connection.

    This seems an odd decision to have made :(

  4. Anyone know why #Amazon has started insisting on #STARTTLS before it'll send you emails? I discover the reason why I'm no longer getting some emails (e.g. from a charity I'm a member of) is because:

    Diagnostic-Code: smtp; 550 5.1.1 Remote MTA does not support STARTTLS. Message can be delivered only over a TLS connection.

    This seems an odd decision to have made :(

  5. Anyone know why #Amazon has started insisting on #STARTTLS before it'll send you emails? I discover the reason why I'm no longer getting some emails (e.g. from a charity I'm a member of) is because:

    Diagnostic-Code: smtp; 550 5.1.1 Remote MTA does not support STARTTLS. Message can be delivered only over a TLS connection.

    This seems an odd decision to have made :(

  6. Anyone know why #Amazon has started insisting on #STARTTLS before it'll send you emails? I discover the reason why I'm no longer getting some emails (e.g. from a charity I'm a member of) is because:

    Diagnostic-Code: smtp; 550 5.1.1 Remote MTA does not support STARTTLS. Message can be delivered only over a TLS connection.

    This seems an odd decision to have made :(

  7. Anyone know why #Amazon has started insisting on #STARTTLS before it'll send you emails? I discover the reason why I'm no longer getting some emails (e.g. from a charity I'm a member of) is because:

    Diagnostic-Code: smtp; 550 5.1.1 Remote MTA does not support STARTTLS. Message can be delivered only over a TLS connection.

    This seems an odd decision to have made :(

  8. Don't know whether anybody of you guys uses #Apple Mail but I'd rather be careful:

    linkedin.com/feed/update/urn:l

    TL;DR: UI prefers #STARTTLS over #TLS for #IMAP (but actually for some reason uses both ports). Apple Product Security doesn't see a reason for immediate action.

    My bottom line: a) Apple doesn't take security as relevant as they say b) there are probably lots of users like I was who have STARTTLS configured and don't know that.

    I recommend to check whether you're affected. If so I'd configure that as recommended above and change your passwords.

  9. Don't know whether anybody of you guys uses #Apple Mail but I'd rather be careful:

    linkedin.com/feed/update/urn:l

    TL;DR: UI prefers #STARTTLS over #TLS for #IMAP (but actually for some reason uses both ports). Apple Product Security doesn't see a reason for immediate action.

    My bottom line: a) Apple doesn't take security as relevant as they say b) there are probably lots of users like I was who have STARTTLS configured and don't know that.

    I recommend to check whether you're affected. If so I'd configure that as recommended above and change your passwords.

  10. Don't know whether anybody of you guys uses #Apple Mail but I'd rather be careful:

    linkedin.com/feed/update/urn:l

    TL;DR: UI prefers #STARTTLS over #TLS for #IMAP (but actually for some reason uses both ports). Apple Product Security doesn't see a reason for immediate action.

    My bottom line: a) Apple doesn't take security as relevant as they say b) there are probably lots of users like I was who have STARTTLS configured and don't know that.

    I recommend to check whether you're affected. If so I'd configure that as recommended above and change your passwords.

  11. Don't know whether anybody of you guys uses #Apple Mail but I'd rather be careful:

    linkedin.com/feed/update/urn:l

    TL;DR: UI prefers #STARTTLS over #TLS for #IMAP (but actually for some reason uses both ports). Apple Product Security doesn't see a reason for immediate action.

    My bottom line: a) Apple doesn't take security as relevant as they say b) there are probably lots of users like I was who have STARTTLS configured and don't know that.

    I recommend to check whether you're affected. If so I'd configure that as recommended above and change your passwords.

  12. Don't know whether anybody of you guys uses #Apple Mail but I'd rather be careful:

    linkedin.com/feed/update/urn:l

    TL;DR: UI prefers #STARTTLS over #TLS for #IMAP (but actually for some reason uses both ports). Apple Product Security doesn't see a reason for immediate action.

    My bottom line: a) Apple doesn't take security as relevant as they say b) there are probably lots of users like I was who have STARTTLS configured and don't know that.

    I recommend to check whether you're affected. If so I'd configure that as recommended above and change your passwords.

  13. #Apple #Mail.app + #Notes.app still use #STARTTLS #IMAP protocol as a default?

    Did a "lsof -i Pn" on my Macbook to learn that Mail used for my providers both port 143 (insecure STARTTLS) + port 993 (#TLS). For sure I didn't explicitly configure this.

    The checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" is the culprit. Unchecking that, choose port 993 instead of 143 , restart the Mail.app (and Notes.app) everything is fine.

    @ Apple : #wtf ?

  14. #Apple #Mail.app + #Notes.app still use #STARTTLS #IMAP protocol as a default?

    Did a "lsof -i Pn" on my Macbook to learn that Mail used for my providers both port 143 (insecure STARTTLS) + port 993 (#TLS). For sure I didn't explicitly configure this.

    The checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" is the culprit. Unchecking that, choose port 993 instead of 143 , restart the Mail.app (and Notes.app) everything is fine.

    @ Apple : #wtf ?

  15. #Apple #Mail.app + #Notes.app still use #STARTTLS #IMAP protocol as a default?

    Did a "lsof -i Pn" on my Macbook to learn that Mail used for my providers both port 143 (insecure STARTTLS) + port 993 (#TLS). For sure I didn't explicitly configure this.

    The checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" is the culprit. Unchecking that, choose port 993 instead of 143 , restart the Mail.app (and Notes.app) everything is fine.

    @ Apple : #wtf ?

  16. #Apple #Mail.app + #Notes.app still use #STARTTLS #IMAP protocol as a default?

    Did a "lsof -i Pn" on my Macbook to learn that Mail used for my providers both port 143 (insecure STARTTLS) + port 993 (#TLS). For sure I didn't explicitly configure this.

    The checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" is the culprit. Unchecking that, choose port 993 instead of 143 , restart the Mail.app (and Notes.app) everything is fine.

    @ Apple : #wtf ?

  17. #Apple #Mail.app + #Notes.app still use #STARTTLS #IMAP protocol as a default?

    Did a "lsof -i Pn" on my Macbook to learn that Mail used for my providers both port 143 (insecure STARTTLS) + port 993 (#TLS). For sure I didn't explicitly configure this.

    The checkbox in Accounts => Advanced and then ~"configure connection preferences automatically" is the culprit. Unchecking that, choose port 993 instead of 143 , restart the Mail.app (and Notes.app) everything is fine.

    @ Apple : #wtf ?

  18. Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.

    bsi.bund.de/DE/Service-Navi/Pr

    #MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT

  19. Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.

    bsi.bund.de/DE/Service-Navi/Pr

    #MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT

  20. Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.

    bsi.bund.de/DE/Service-Navi/Pr

    #MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT

  21. Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.

    bsi.bund.de/DE/Service-Navi/Pr

    #MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT

  22. Die kürzlich veröffentlichte Cyber-Sicherheitsempfehlung "Upgrade für die E-Mail-Sicherheit" ist ein Paradebeispiel für die lösungsorientierte Zusammenarbeit zwischen verschiedenen Abteilungen im BSI. Nur so konnten wir praxisnahe Empfehlungen aussprechen, die auf Beobachtungen der echten Welt da draußen beruhen. Oft können Unternehmen, die E-Mails über eine eigene Domain senden und empfangen, nämlich schon mit überschaubaren Aufwand ihre Sicherheit deutlich verbessern.

    bsi.bund.de/DE/Service-Navi/Pr

    #MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE #MTASTS #TLSRPT

  23. now also available in English:
    Four modern mail systems for self-hosting -- Universal support for mail security standards
    sidn.nl/en/news-and-blogs/four

    An increasing number of mail software packages are now available that offer out-of-box support for all security standards, and are easy to set up as well. In this article, we consider four modern open-source packages for self-hosting: #Mox, #Chasquid, #Stalwart and #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  24. now also available in English:
    Four modern mail systems for self-hosting -- Universal support for mail security standards
    sidn.nl/en/news-and-blogs/four

    An increasing number of mail software packages are now available that offer out-of-box support for all security standards, and are easy to set up as well. In this article, we consider four modern open-source packages for self-hosting: #Mox, #Chasquid, #Stalwart and #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  25. now also available in English:
    Four modern mail systems for self-hosting -- Universal support for mail security standards
    sidn.nl/en/news-and-blogs/four

    An increasing number of mail software packages are now available that offer out-of-box support for all security standards, and are easy to set up as well. In this article, we consider four modern open-source packages for self-hosting: #Mox, #Chasquid, #Stalwart and #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  26. op SIDN.nl:
    Vier moderne mail-systemen voor self-hosting -- Beveiligingsstandaarden voor mail universeel ondersteund
    sidn.nl/nieuws-en-blogs/vier-m

    Inmiddels zijn er meerdere software-pakketten beschikbaar die én alle beveiligingsstandaarden out-of-the-box ondersteunen én makkelijk op te zetten zijn. In dit artikel bespreken we vier moderne open-source mail-pakketten voor self-hosting: #Mox, #Chasquid, #Stalwart en #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  27. op SIDN.nl:
    Vier moderne mail-systemen voor self-hosting -- Beveiligingsstandaarden voor mail universeel ondersteund
    sidn.nl/nieuws-en-blogs/vier-m

    Inmiddels zijn er meerdere software-pakketten beschikbaar die én alle beveiligingsstandaarden out-of-the-box ondersteunen én makkelijk op te zetten zijn. In dit artikel bespreken we vier moderne open-source mail-pakketten voor self-hosting: #Mox, #Chasquid, #Stalwart en #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  28. op SIDN.nl:
    Vier moderne mail-systemen voor self-hosting -- Beveiligingsstandaarden voor mail universeel ondersteund
    sidn.nl/nieuws-en-blogs/vier-m

    Inmiddels zijn er meerdere software-pakketten beschikbaar die én alle beveiligingsstandaarden out-of-the-box ondersteunen én makkelijk op te zetten zijn. In dit artikel bespreken we vier moderne open-source mail-pakketten voor self-hosting: #Mox, #Chasquid, #Stalwart en #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  29. op SIDN.nl:
    Vier moderne mail-systemen voor self-hosting -- Beveiligingsstandaarden voor mail universeel ondersteund
    sidn.nl/nieuws-en-blogs/vier-m

    Inmiddels zijn er meerdere software-pakketten beschikbaar die én alle beveiligingsstandaarden out-of-the-box ondersteunen én makkelijk op te zetten zijn. In dit artikel bespreken we vier moderne open-source mail-pakketten voor self-hosting: #Mox, #Chasquid, #Stalwart en #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  30. op SIDN.nl:
    Vier moderne mail-systemen voor self-hosting -- Beveiligingsstandaarden voor mail universeel ondersteund
    sidn.nl/nieuws-en-blogs/vier-m

    Inmiddels zijn er meerdere software-pakketten beschikbaar die én alle beveiligingsstandaarden out-of-the-box ondersteunen én makkelijk op te zetten zijn. In dit artikel bespreken we vier moderne open-source mail-pakketten voor self-hosting: #Mox, #Chasquid, #Stalwart en #Maddy.

    #SPF #DKIM #DMARC #DANE #STARTTLS #MTA-STS #InternetSecurity

    @stalwartlabs

  31. Letzte Woche fand das erste Treffen mit Mail-Providern zum E-Mail-Sicherheitsjahr 2025 statt. Mit dabei war auch die Präsidentin des BSI, Claudia Plattner. Ich kann mich den Worten von Fabian Bock nur anschließen und freue mich schon auf die vielen weiteren Treffen und Aktionen, die wir für das Jahr geplant haben :blobcheer:

    mail.de/de/blog/2025-03-unsere

    #MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE

  32. Letzte Woche fand das erste Treffen mit Mail-Providern zum E-Mail-Sicherheitsjahr 2025 statt. Mit dabei war auch die Präsidentin des BSI, Claudia Plattner. Ich kann mich den Worten von Fabian Bock nur anschließen und freue mich schon auf die vielen weiteren Treffen und Aktionen, die wir für das Jahr geplant haben :blobcheer:

    mail.de/de/blog/2025-03-unsere

    #MailSecurity #TeamBSI #SPF #DKIM #DMARC #STARTTLS #DNSSEC #DANE

  33. also available in English on SIDN.nl:
    Plenty of requirements about using security standards, but no enforcement or sanctions -- New powers for Authority for Digital Infrastructure may bring about change
    sidn.nl/en/news-and-blogs/plen

    Many municipal websites don't meet the security standards they're supposed to meet. The problem isn't a lack of regulation, but a lack of compliance and enforcement.

    #InternetSecurity #infosec #DNSSEC #DMARC #STARTTLS
    @internet_nl

  34. also available in English on SIDN.nl:
    Plenty of requirements about using security standards, but no enforcement or sanctions -- New powers for Authority for Digital Infrastructure may bring about change
    sidn.nl/en/news-and-blogs/plen

    Many municipal websites don't meet the security standards they're supposed to meet. The problem isn't a lack of regulation, but a lack of compliance and enforcement.

    #InternetSecurity #infosec #DNSSEC #DMARC #STARTTLS
    @internet_nl

  35. also available in English on SIDN.nl:
    Plenty of requirements about using security standards, but no enforcement or sanctions -- New powers for Authority for Digital Infrastructure may bring about change
    sidn.nl/en/news-and-blogs/plen

    Many municipal websites don't meet the security standards they're supposed to meet. The problem isn't a lack of regulation, but a lack of compliance and enforcement.

    #InternetSecurity #infosec #DNSSEC #DMARC #STARTTLS
    @internet_nl

  36. also available in English on SIDN.nl:
    Plenty of requirements about using security standards, but no enforcement or sanctions -- New powers for Authority for Digital Infrastructure may bring about change
    sidn.nl/en/news-and-blogs/plen

    Many municipal websites don't meet the security standards they're supposed to meet. The problem isn't a lack of regulation, but a lack of compliance and enforcement.

    #InternetSecurity #infosec #DNSSEC #DMARC #STARTTLS
    @internet_nl

  37. also available in English on SIDN.nl:
    Plenty of requirements about using security standards, but no enforcement or sanctions -- New powers for Authority for Digital Infrastructure may bring about change
    sidn.nl/en/news-and-blogs/plen

    Many municipal websites don't meet the security standards they're supposed to meet. The problem isn't a lack of regulation, but a lack of compliance and enforcement.

    #InternetSecurity #infosec #DNSSEC #DMARC #STARTTLS
    @internet_nl