mxroute.com - A new inexpensive email hosting

[jarland]

Quote:

Originally Posted by dodgeball

Thank you for checking it out.

I manually checked a few settings with openssl s_client and the only
thing I saw was RC4 is still enabled.

openssl s_client -connect mx1.mxroute.com:25 -starttls smtp -tls1 -cipher RC4-SHA
openssl s_client -connect mx1.mxroute.com:25 -starttls smtp -tls1 -cipher RC4-MD5

Also a subdomain mentioned in an earlier comment has SSL3 enabled.
https://www.ssllabs.com/ssltest/anal...ng.mxroute.com

But the mx1.mxroute.com looked fine on ssllabs.com.

Thanks for catching that. That's on today's schedule now

Edit: Fixed!

[FredOnline]

Quote:

Originally Posted by jarland

Been a long time coming... Sieve filtering to be implemented this Friday.

And I'm looking forward to trying it out!

[jarland]

Quote:

Originally Posted by FredOnline

And I'm looking forward to trying it out!

Implemented earlier than planned. All set on everything but the unbranded server. Documentation will follow a bit later. It's Filters under Settings in webmail

[dodgeball]

Quote:

Originally Posted by jarland

Thanks for catching that. That's on today's schedule now

Edit: Fixed!

I see that billing.mxroute.com no longer shows SSL3, but I can still connect
with RC4 (and MD5!) to mx1.mxroute.com:25 with openssl s_client.

openssl s_client -connect mx1.mxroute.com:25 -starttls smtp -tls1 -cipher RC4-SHA
openssl s_client -connect mx1.mxroute.com:25 -starttls smtp -tls1 -cipher RC4-MD5

Thanks.

[jarland]

Quote:

Originally Posted by dodgeball

I see that billing.mxroute.com no longer shows SSL3, but I can still connect
with RC4 (and MD5!) to mx1.mxroute.com:25 with openssl s_client.

openssl s_client -connect mx1.mxroute.com:25 -starttls smtp -tls1 -cipher RC4-SHA
openssl s_client -connect mx1.mxroute.com:25 -starttls smtp -tls1 -cipher RC4-MD5

Thanks.

MD5 was disabled in Apache but I went ahead and disabled in Nginx for kicks. You wouldn't have experienced successful SSL activity using MD5. You can't reasonably drop RC4 from a public production server.

https://community.qualys.com/blogs/s...orward-secrecy

[dodgeball]

Quote:

Originally Posted by jarland

MD5 was disabled in Apache but I went ahead and disabled in Nginx for kicks. You wouldn't have experienced successful SSL activity using MD5. You can't reasonably drop RC4 from a public production server.

https://community.qualys.com/blogs/s...orward-secrecy

Ok, but RC4-MD5 is still working with port 25 and 587 on mx1.mxroute.com.

[jarland]

Quote:

Originally Posted by dodgeball

Ok, but RC4-MD5 is still working with port 25 and 587 on mx1.mxroute.com.

MD5 disabled on Dovecot and Exim.

[walesrob]

Looks like something is broken in IMAP, TBird gives this error:


Error: An error occurred during a connection to mx1.mxroute.com:993.

The server rejected the handshake because the client downgraded to a lower TLS version than the server supports.

(Error code: ssl_error_inappropriate_fallback_alert)

Aquamail email app also reporting same.

Both using SSL:993:Normal Password

[jarland]

Quote:

Originally Posted by walesrob

Looks like something is broken in IMAP, TBird gives this error:


Error: An error occurred during a connection to mx1.mxroute.com:993.

The server rejected the handshake because the client downgraded to a lower TLS version than the server supports.

(Error code: ssl_error_inappropriate_fallback_alert)

Aquamail email app also reporting same.

Both using SSL:993:Normal Password

Walked back the SSL settings I just changed on it. Working better now from your end? Will do some more testing before removing ciphers on Dovecot. It's not like it's a huge deal, people with up to date software should be using secure ciphers anyway, people need to remember SSL is a two part deal and server only plays half of it

[walesrob]

Quote:

Originally Posted by jarland

Walked back the SSL settings I just changed on it. Working better now from your end? Will do some more testing before removing ciphers on Dovecot. It's not like it's a huge deal, people with up to date software should be using secure ciphers anyway, people need to remember SSL is a two part deal and server only plays half of it

Jarland, you are the best IMAP working great

[jarland]

Quote:

Originally Posted by walesrob

Jarland, you are the best IMAP working great

That or a terrible admin for removing ciphers without heavy testing first

Always happy to help and listen to ideas for improvement.

[dodgeball]

Quote:

Originally Posted by jarland

MD5 disabled on Dovecot and Exim.

Thank you!

[FredOnline]

Does anyone know if the Junk and Deleted Items folders in MXroute Roundcube have an auto purge after x days, and if so, how many days?

[jarland]

Quote:

Originally Posted by FredOnline

Does anyone know if the Junk and Deleted Items folders in MXroute Roundcube have an auto purge after x days, and if so, how many days?

They do not. I like to stay hands off on things like that.

[FredOnline]

MXroute policy revised. Two sections added to the bottom.

https://mxroute.com/tos.html