203 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Who wants to try a Domino server addin that stops Lockey viruses?
Fri, Mar 11th 2016 3
WordDOC Macro Killer
Wed, Jan 6th 2016 3
Have you been targeted by Fraud emails?
Thu, Dec 18th 2014 1
Poodle + Domino SSL = Mail Problems
Wed, Oct 22nd 2014 1
IBM and Apple focus on the Enterprise
Wed, Jul 16th 2014 1
CryptorBit Virus
Mon, May 5th 2014 4
Time-lapse of Product Showcase Taken from my GoPro Camera
Tue, Feb 4th 2014 3
Top 10
CryptorBit Virus
Mon, May 5th 2014 4
Time-lapse of Product Showcase Taken from my GoPro Camera
Tue, Feb 4th 2014 3
Blocking EXE attachments is working great!
Fri, Dec 13th 2013 3
Increase in Virus Activity
Thu, Jan 9th 2014 3
WordDOC Macro Killer
Wed, Jan 6th 2016 3
Who wants to try a Domino server addin that stops Lockey viruses?
Fri, Mar 11th 2016 3
Refrigerators Now Send Spam as Well as Keeping it Cold
Mon, Jan 20th 2014 2
Virus Names translated from Chinese
Tue, Jan 7th 2014 2
IBM and Apple focus on the Enterprise
Wed, Jul 16th 2014 1
Poodle + Domino SSL = Mail Problems
Wed, Oct 22nd 2014 1


Poodle + Domino SSL = Mail Problems
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Frank Paolino    

If  you use Domino today, you effectively cannot use SSL for email (SMTP) until the promised IBM fix is available. Here is why: The fix vendors applied that patched the POODLE vulnerability broke communications with Domino servers that use SSL. These patched servers will start a secure (SSL) SMTP session but will not fall back to plain text. This means messages queued up in mail.box for sending outbound, or mail queued up at the sender that will not be received by you.


The best non-technical explanation that I can give is that the STARTTLS command that the two SMTP servers use to negotiate a secure connections cannot agree on a protocol and the negotiation fails, so the message transfer fails.


Vendors like ProofPoint (pphosted.com) would not fall back to plain text no matter what my Domino settings were. And I tried 10 different combinations. Once a session started with SSL, Domino offers (before the promised fix) no acceptable fallback path, so the session ends without a successful mail transfer.


The only option that works before the IBM fix is released is to disable SSL for Inbound and Outbound messages.

In summary, messages transfers that start out as plain text will be transferred. Messages that start out as secure will not be transferred.

This is suboptimal (like having a leg cut off is suboptimal) but messages will flow.





Tip:  We like to use this service called http://www.kloth.net/services/dig.php to check MX records for problems with message transfer:

A picture named M2







---------------------
http://blog.maysoft.org/blog.nsf/d6plinks/FPAO-9Q5R6P
Oct 22, 2014
2 hits



Recent Blog Posts




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition