I need a dummy #RubyLang #IMAP server that can support #STARTTLS but otherwise treats most commands as no-ops. I couldn't find anything well-maintained via GitHub or Ruby Toolbox other than the gem from Ruby's #stdlib at:

https://ruby-doc.org/3.2.2/gems/net-imap/Net/IMAP.html

Rather than gutting Net::IMAP, is there already a gem out there that can be used to support fetch-before-send clients like Apple's Mail that won't send email before completing POP3 or IMAP4 authentication?

One of my #GitLab instances was no longer able to send e-mails. (It tried to send almost empty e-mails, but its smarthost discarded those.)

It was the one that used #nullmailer as its #MTA. GitLab recommends either #Sendmail or #Postfix as an MTA. Switching to Postfix solved this issue for me.

Making sure that Postfix uses the #StartTLS capability of its smarthost took longer than expected.

It's also rather annoying that on Debian systems, postfix by default accepts connections from anywhere on the Internet even though I asked debconf to set up a “satellite system”.

When using Nullmailer, I just had to put the line “smtp.domain.tld smtp --port=25 --starttls” in /etc/nullmailer/remotes.

For Postfix, I need this:
inet_interfaces = loopback-only
smtp_tls_security_level = encrypt

Your mileage may vary.

RT @juncotic
Más de 40 vulnerabilidades en la implementación de la función STARTTLS en los clientes y servidores de correo (via Alex Millà)

https://www.alexmilla.net/mas-de-40-vulnerabilidades-en-la-implementacion-de-la-funcion-starttls-en-los-clientes-y-servidores-de-correo/

#ssl #tls #starttls #smtp #imap #pop #email

#Verschlüsselung
Sicherheitsrisiko #STARTTLS
von Hanno Böck

https://www.golem.de/news/verschluesselung-sicherheitsrisiko-starttls-2108-158714.html

People using #qmail have been carefully applying patches for _decades_ to get #STARTTLS, #AUTH, and other basics.

This will change.

How should notqmail be shaped so that modern features like these are easy to land? I've collected some thoughts: https://github.com/notqmail/notqmail/wiki/Designs

Critical bug in Thunderbird.

CVE-2020-12398: Security downgrade with IMAP STARTTLS leads to information leakage

https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398

#mozilla #thunderbird #STARTTLS #security