RE: SMTP Filter STARTTLS Issue
- From: "Mark Hippenstiel" <M.Hippenstiel@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 14 Jun 2003 12:45:04 +0200
Hi guys,
I'm picking up this thread yet again. My provider tries a STARTTLS when
delivering mails, and I have a case where the mail recipient's ISA logs
an error. So here's another request for secure SMTP ;)
I discovered that the STARTTLS command is missing in the SMTP filter on
my installation. So the problem seems to have been "fixed" by removing
the command from the filter by MS.
Just one more question: why is secure SMTP not working? What exactly
happens?
Mark
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Friday, January 10, 2003 2:25 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: SMTP Filter STARTTLS Issue
>
>
> http://www.ISAserver.org
>
>
> Hi Tim,
>
> I believe they did know that it didn't work. But you know how
> allocation of resources goes. Need to triage things, and
> things like support for SecurID, link translation, OWA Wizard
> support, outbound RPC and inbound RPC encryption enforcement
> were more popular requests among their customers. I agree
> that support for secure SMTP would be great, especially now
> that SMTP auth is supported. But you seemed to be the only
> one who said anything about it in the last couple of years
> (in a public forum), and I guess not too many partners
> mentioned this either. I agree that a fix for this would be
> an ideal candidate for a hotfix or next SP.
>
> Tom
>
> -----Original Message-----
> From: Deus, Attonbitus [mailto:Thor@xxxxxxxxxxxxxxx]
> Sent: Thursday, January 09, 2003 11:19 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: SMTP Filter STARTTLS Issue
>
>
> http://www.ISAserver.org
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 08:20 AM 1/9/2003, you wrote:
> >http://www.ISAserver.org
> >
> >
> >Hi Edward,
> >
> >Really? I was asked about this feature and how popular it is. I
> searched
> >the mailing list archives (since I know it never appeared on the Web
> >site), and there was a single small thread almost two years ago.
> Because
> >of that, I figured it wasn't something anyone was interested
> in! If a
> >feature is missing or broken, let someone know, let everyone know.
> >Squeaky wheels get greased more often :-)
>
>
> It was probably mine... I remember asking about the STARTTLS
> a while back...
>
> I would agree that it is probably a little used feature- as
> Secure SMTP is
> a little used feature in the first place- I can see the
> combination of
> SMTPS with the ISA SMTP filter is probably something that
> very few people
> have ever tried to use... But hey, the filter has STARTTLS
> in it, so it
>
> should support it. It should have been tested thoroughly.
> In fact, it
> kind of worries me that a command is in there and supported,
> but it was
> obviously never tested. What else was never tested? I mean,
> here we are
> with ISA + SP1 + FP1 and it still doesn't work.
>
> I guess it could have been tested and found to be broken but
> ignored, which
> to me is just as bad, you know?
>
> What bothers me more than anything is that this specifically breaks a
> security measure. I can understand the NOOP length issue-
> that is just a
> setting. I would have liked to have seen the default length
> changed in
> FP1, but no biggie. The reality is that if I want to use the SMTP
> filter,
> I can't secure my SMTP traffic. Blah!
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.1
>
> iQA/AwUBPh2vFIhsmyD15h5gEQJt+ACg/Zrarf/Csoa7QqbOZuTmhfQJ6pUAn2Ac
> vlR3yJIT3du8uZcgs6swI4iI
> =ZW8Z
> -----END PGP SIGNATURE-----
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>
Other related posts:
