Results 1 to 4 of 4

Thread: STARTTLS and Postfix

  1. #1
    whatisee1 is offline Junior Member
    Join Date
    Mar 2008
    Posts
    8
    Rep Power
    7

    Default STARTTLS and Postfix

    Hello folks!

    As you may see postings from Wietse Venema - there are some issues with STARTTLS and Postfix:

    US-CERT Vulnerability Note VU#555316
    Plaintext command injection in multiple implementations of STARTTLS (CVE-2011-0411)


    Now, on my systems I see this:

    % telnet 0 25
    220 myzimbra ESMTP Postfix
    starttls
    220 2.0.0 Ready to start TLS

    % telnet 0 587
    220 myzimbra ESMTP Postfix
    starttls
    220 2.0.0 Ready to start TLS


    What is the best way to disable STARTTLS on Zimbra?


    Thanks,
    W.S.

  2. #2
    whatisee1 is offline Junior Member
    Join Date
    Mar 2008
    Posts
    8
    Rep Power
    7

    Default

    Hmmm...seems like this Postfix exploit is not a big thing...

  3. #3
    cmccormick is offline Junior Member
    Join Date
    Nov 2008
    Location
    Madison
    Posts
    7
    Rep Power
    6

    Default

    My Senior Sys. Admin. thinks it is a big deal and would like to know if there is a fix planned. Anyone have any ideas on this? He sent me to this link:

    CVE - CVE-2011-0411 (under review)

  4. #4
    lytledd is offline Elite Member
    Join Date
    Dec 2009
    Location
    Michigan
    Posts
    453
    Rep Power
    5

    Default

    I'd suggest that you search the bugs page to see if there is a ticket open on it, if you don't find one, then open a ticket with the information that you've got.

    Doug
    Ben Franklin quote:

    "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. 530 5.7.0 Must issue a STARTTLS command first
    By kharmander in forum Administrators
    Replies: 3
    Last Post: 05-05-2013, 09:44 AM
  2. [SOLVED] Inbound external mail, STARTTLS offered?
    By batfastad in forum Administrators
    Replies: 4
    Last Post: 12-12-2010, 05:49 PM
  3. 5.0.2 upgrade Tip (STARTTLS: -11: Connect error)
    By kimery in forum Installation
    Replies: 1
    Last Post: 03-05-2008, 10:34 AM
  4. Postfix error after upgrade from 4.5.9 to 5.0.1
    By alextsa in forum Installation
    Replies: 4
    Last Post: 01-22-2008, 12:13 PM
  5. Replies: 13
    Last Post: 01-15-2008, 08:35 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •