subject:"Re\: \[mailop\] Google rejects a TLS connection saying it needs TLS..."

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

2017-03-16 Thread Dave Warren

On Thu, Mar 16, 2017, at 07:37, Paul Smith wrote:

> On 16/03/2017 14:18, Kevin Huxham wrote:

>> they probably sell fax machines. 

> 

> Their response is a bit like someone sending them credit card details
> on a postcard, and them tearing it up (because you shouldn't send
> confidential information on postcards) and asking the sender to send
> the details again, but put them in an envelope next time.
> 

>  It's totally ignoring the fact that it's too late by then... (and the
>  fact that the envelope will be opened by the mail boy (Google in this
>  case) so the confidential information will still be visible by
>  unspecified eyes after arrival).
> 

While all of that may be true, it's still worth doing because it will
encourage better behaviour in the future.

You can make a rule against sending credit cards by email, but if
customer service reps know it works they might still encourage a
customer to do it as it's faster and easier than other options (fax,
mail) and when Something Bad Happens, the customer will rightly blame
the company.

By enforcing rules at a technical level you won't stop someone creative
from sending a credit card number, even if they have to go Craigslist
Style ("this 4000 is  my  credit  card"), but it will slow
people down and make doing it properly suddenly seem more attractive.

It's an imperfect world. 
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

2017-03-16 Thread Brandon Long via mailop

So, yes, requiring TLS after the message was already sent in plaintext is
less perfect than the alternative, it does have the benefit of informing
and usually getting things fixed.

Ie, if you assume that it corrects future failures, than its still useful.

It's also a fallback, you can enforce certain senders are encrypted before
they send content, but if you also enforce it for say content containing
SSN or CC numbers, it'll inform and find other bad senders.

Still no clue what this particular policy is, though.

Brandon

On Mar 16, 2017 7:44 AM, "Paul Smith"  wrote:

> On 16/03/2017 14:18, Kevin Huxham wrote:
>
> they probably sell fax machines.
>
>
> Their response is a bit like someone sending them credit card details on a
> postcard, and them tearing it up (because you shouldn't send confidential
> information on postcards) and asking the sender to send the details again,
> but put them in an envelope next time.
>
> It's totally ignoring the fact that it's too late by then... (and the fact
> that the envelope will be opened by the mail boy (Google in this case) so
> the confidential information will still be visible by unspecified eyes
> after arrival).
>
>
>
> -K
>
> On Thu, Mar 16, 2017 at 1:50 AM, Brandon Long via mailop <
> mailop@mailop.org> wrote:
>
>> That's a custom rejection message set by that GSuite customer, no clue
>> what policy they set.
>>
>> Brandon
>>
>> On Mar 15, 2017 9:35 PM, "Seth Mattinen"  wrote:
>>
>>> Here's one I'm hoping someone can tell me I'm missing something obvious:
>>> Google is rejecting a TLS connection with an error saying to use TLS, but
>>> the connection is indeed using TLS.
>>>
>>>
>>> 2017-03-15T21:03:15.960985-07:00 smtpauth postfix/smtp[14716]: Trusted
>>> TLS connection established to aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25:
>>> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>>>
>>> 2017-03-15T21:03:17.241821-07:00 smtpauth postfix/smtp[14716]:
>>> E6AB62800049: to= , 
>>> relay=aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25,
>>> delay=5.3, delays=3.1/0/0.93/1.2, dsn=5.7.1, status=bounced (host
>>> aspmx.l.google.com[2607:f8b0:400e:c06::1a] said: 550-5.7.1 Your email
>>> has been rejected because it violates X X 550-5.7.1 security policy.
>>> Potential sensitive data was found in the email 550-5.7.1 and/or attachment
>>> and your email server does not support TLS 550-5.7.1 encryption. Please use
>>> and alternate method of delivery such as fax 550 5.7.1 or a different email
>>> provider that supports TLS. - gcdp X.124 - gsmtp (in reply to end of DATA
>>> command))
>>>
>>>
>>> What am I missing other than the suggested fax?
>>>
>>> ~Seth
>>>
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org
>>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
>
>
> ___
> mailop mailing 
> listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

2017-03-16 Thread Ken O'Driscoll

On Thu, 2017-03-16 at 10:18 -0400, Kevin Huxham wrote:
> they probably sell fax machines.

Reminds me of a case many years ago when a client who ran courses on data
protection emailed (yes, emailed) all their credit card details to the
billing dept. because they weren't near a browser to pay online! And those
courses were not cheap.

Hard cases make bad law but you'll always find somebody trying to fix the
world, one policy at a time.

Ken.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

2017-03-16 Thread Kevin Huxham

they probably sell fax machines.

-K

On Thu, Mar 16, 2017 at 1:50 AM, Brandon Long via mailop 
wrote:

> That's a custom rejection message set by that GSuite customer, no clue
> what policy they set.
>
> Brandon
>
> On Mar 15, 2017 9:35 PM, "Seth Mattinen"  wrote:
>
>> Here's one I'm hoping someone can tell me I'm missing something obvious:
>> Google is rejecting a TLS connection with an error saying to use TLS, but
>> the connection is indeed using TLS.
>>
>>
>> 2017-03-15T21:03:15.960985-07:00 smtpauth postfix/smtp[14716]: Trusted
>> TLS connection established to aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25:
>> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>>
>> 2017-03-15T21:03:17.241821-07:00 smtpauth postfix/smtp[14716]:
>> E6AB62800049: to=, 
>> relay=aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25,
>> delay=5.3, delays=3.1/0/0.93/1.2, dsn=5.7.1, status=bounced (host
>> aspmx.l.google.com[2607:f8b0:400e:c06::1a] said: 550-5.7.1 Your email
>> has been rejected because it violates X X 550-5.7.1 security policy.
>> Potential sensitive data was found in the email 550-5.7.1 and/or attachment
>> and your email server does not support TLS 550-5.7.1 encryption. Please use
>> and alternate method of delivery such as fax 550 5.7.1 or a different email
>> provider that supports TLS. - gcdp X.124 - gsmtp (in reply to end of DATA
>> command))
>>
>>
>> What am I missing other than the suggested fax?
>>
>> ~Seth
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

2017-03-15 Thread Brandon Long via mailop

That's a custom rejection message set by that GSuite customer, no clue what
policy they set.

Brandon

On Mar 15, 2017 9:35 PM, "Seth Mattinen"  wrote:

> Here's one I'm hoping someone can tell me I'm missing something obvious:
> Google is rejecting a TLS connection with an error saying to use TLS, but
> the connection is indeed using TLS.
>
>
> 2017-03-15T21:03:15.960985-07:00 smtpauth postfix/smtp[14716]: Trusted
> TLS connection established to aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25:
> TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
>
> 2017-03-15T21:03:17.241821-07:00 smtpauth postfix/smtp[14716]:
> E6AB62800049: to=, 
> relay=aspmx.l.google.com[2607:f8b0:400e:c06::1a]:25,
> delay=5.3, delays=3.1/0/0.93/1.2, dsn=5.7.1, status=bounced (host
> aspmx.l.google.com[2607:f8b0:400e:c06::1a] said: 550-5.7.1 Your email has
> been rejected because it violates X X 550-5.7.1 security policy. Potential
> sensitive data was found in the email 550-5.7.1 and/or attachment and your
> email server does not support TLS 550-5.7.1 encryption. Please use and
> alternate method of delivery such as fax 550 5.7.1 or a different email
> provider that supports TLS. - gcdp X.124 - gsmtp (in reply to end of DATA
> command))
>
>
> What am I missing other than the suggested fax?
>
> ~Seth
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

Re: [mailop] Google rejects a TLS connection saying it needs TLS...

5 matches

Site Navigation

Mail list logo

Footer information