I just spent a good 15 minutes or so trying to work out why my Thunderbird mail client stopped sending email. It came back with an error saying that it couldn't do a STARTTLS in order to encrypt email. I do this in order that people can't sniff my SMTP AUTH password when I'm on a random wireless network. Anyway, I first checked the Thunderbird Bugzilla to make sure that they hadn't broken SMTP TLS support in 1.5.0.6. They hadn't.
I next thought that the certificate for the TLS support in Postfix may have expired since it is about a year since I set the server up initially. I generated a new certificate. Still no luck. I noticed though that telnetting to port 25 locally on the server would show the STARTTLS capability in response to an EHLO, but when I did it from my DSL connection it wouldn't. I thought this was a bit strange too, so I was about to fire up Ethereal and do a protocol trace and see what was going on at that level, when I decided just to try issuing a STARTTLS command manually over telnet:
I was using Windows, which I don't often do nowadays. The antivirus I installed recently when the bundled Symantec nonsense expired was sitting between Thunderbird and my mail server. It was rewriting the SMTP session on the fly, and removing the encryption. So this is security?
220 mgdm.net ESMTP
ehlo firefly.mgdm.net
250-mgdm.net
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250 8BITMIME
starttls
500 TLS not supported by avast mail scanner
0 responses to “Anti-Virus”
Leave a Reply