TLS v1.1 is labeled insecure, TLS v1.2 is current, TLS v1.3 is about to become current.
the (e)mail system from 1972 (slightly modified) is still the #1 communication channel, if one believes one’s surveys.
The current approved version of TLS is version 1.3, which is specified in:
The current standard replaces these former versions, which are now considered obsolete:
- RFC 2246: „The TLS Protocol Version 1.0“.
- RFC 4346: „The Transport Layer Security (TLS) Protocol Version 1.1“.
- RFC 5246: „The Transport Layer Security (TLS) Protocol Version 1.2“.
gentlemen, prepare your keys:
# via perl perl -MMIME::Base64 -e 'print encode_base64("\000username\@domain.com\000password")' # via bash echo -ne '\email@example.com\0password' | base64
now let’s connect:
# start TSL connection openssl s_client -connect smtp.hostname-of-mail-server.com:25 -starttls smtp CONNECTED(00000003) ... No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 2476 bytes and written 335 bytes Verification error: self signed certificate --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1567373167 Timeout : 7200 (sec) Verify return code: 18 (self signed certificate) Extended master secret: no --- 250 HELP EHLO there 250-hostname-of-mail-server.com Hello there [your.ip.123.123] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-AUTH PLAIN LOGIN 250-CHUNKING 250 HELP AUTH PLAIN 8903uldflkdz839ziufhdlhz3987r8zfidhfkjdhfkd== 334 235 Authentication succeeded mail from: firstname.lastname@example.org 250 OK rcpt to: email@example.com data subject: TestSubject 250 Accepted 354 Enter message, ending with "." on a line by itself
one can now enter a message like this:
Hello this is a telnet delivered test mail over a TSL encrypted connection - GoodDay Mate!
or test if spam and virus detectionis working:
===== SPAM-(SpamAssassin)Test: ===== To test the spam detection, we need to trigger an email that is detected as spam. This can be done by sending an email with the following in the mail content. (in upper case and with no white spaces and line breaks): XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X ===== VIRUS-(ClamAV)Test: ===== X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
to end it type a dot and hit enter:
. 50 OK id=1i3KPf-0002JW-0h quit 221 hostname-of-mail-server.com closing connection closed