[Novalug] Thunderbird

Victor Elmir umberdraconis@gmail.com
Mon Jun 24 11:02:32 EDT 2019


On 6/24/19 10:53 AM, Peter Larsen via Novalug wrote:
> On 6/24/19 10:47 AM, Victor Elmir via Novalug wrote:
>> On 6/24/19 10:16 AM, Stuart D. Gathman via Novalug wrote:
>>> o If you are servicing smartphones (meaning you have to allow logins
>>> from any public IP4), run fail2ban to limit password guessing.
>> If you're accessing mail from your smart phone out in the wild, then I'd
>> say it's even more important to be using a VPN. Most, if not all, of the
>> major VPN solutions offer smartphone apps.
> Why not SSL/TLS? What does the VPN layer add on top of that?

Given that most mail servers don't actually validate SSL certs (for 
example, the defaults and most documentation for Postfix and Dovecot use 
system self-signed certs), man-in-the-middle attacks using fake certs 
can be used to intercept your traffic.

Using a VPN on your smartphone is a good idea in general, since it 
provides hardening for all of the network transmissions from your phone. 
For example, if and when you connect to public wi-fi, using a VPN would 
prevent other users from easily sniffing your traffic. WPA2's encryption 
layer on a wi-fi network only prevents external users from seeing what's 
going on inside - users inside the network see all traffic in the clear. 
This is fixed in WPA3 that's included in the Wi-Fi 6 standards being 
rolled out soon.




More information about the Novalug mailing list