![]() #DAVMAIL WITH MAILSPRING FREE#This will not impact Thunderbird’s day-to-day activities or mission: Thunderbird will still remain free and open source, with the same release schedule and people driving the project. This move has been in the works for a while as Thunderbird has grown in donations, staff, and aspirations. ![]() Jesus.As of today, the Thunderbird project will be operating from a new wholly owned subsidiary of the Mozilla Foundation, MZLA Technologies Corporation. Not to mention the pain of having to use 2FA every damn time I open the website! Same browser, same IP, same fucking day. #DAVMAIL WITH MAILSPRING ARCHIVE#Now I have to use Outlook web access, which is not designed for power users or people with lots of mail, and I won't be able to archive my mail in offline folders in Thunderbird anymore (a priceless resource when trying to figure out what happened in some discussion last year etc). Has there been some new, unpublished attack on cipher suites used in TLS 1.2 that the rest of the email industry doesn't know about? I told them straight up that this is security theater. ![]() #DAVMAIL WITH MAILSPRING PASSWORD#Now only "service accounts" (like those sending registration, password reset, RAID monitoring, backup status, etc emails from servers) are allowed to use SMTP, and only from whitelisted IP addresses!Īs if it wasn't enough that we change passwords every few months and use encrypted TLS to communicate with the damn servers via industry standard protocols?! I sent an email straight to the top to ask if our threat model-in a publicly-funded research organization-had suddenly changed from coffee shop snoopers to nation state actors. After a "security incident" on the organization's Active Directory a few weeks ago, our top ICT people forced thousands of staff to change their passwords and then they restricted access to IMAP and SMTP. But they just don't meet the security requirements that my employer has, and must therefore be disabled. I have no acrimony towards these protocols, and I probably know more about them than most here. So we have a policy which disables them for all accounts, and we only manually exempt certain service accounts for tools like the helpdesk software.Īnd thus our obligations to our clients, auditors and the US Government are fulfilled. But SMTP/POP3/IMAP represent a huge hole in that statement. If you're on Microsoft 365 it's easy to set up and enforce. We tell our clients - not to mention auditors and the US government via a SOX Compliance Report - that our services use MFA for login security. ![]() (Granted Nagios et al can do the checking, but it still needs to be configured.)īut to be honest we recently retired these protocols at work because it was required by our security policies. Providing access via these protocols isn't free, it increases the complexity of the environment, it has interesting edge cases, and certificates need to be checked and updated every year. I could make a case for not supporting it based on my workload. (If not this year then next year, anyway.) I think some of our graduate hires might actually be younger than my experience in this area. In my case it means "I know exactly how this works and I'm not supporting it." I was configuring SMTP, POP3 and IMAP in the late 90's. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |