Closed Bug 1440935 Opened 6 years ago Closed 5 years ago

e.mozilla.org's MX has a very bad cipher list

Categories

(Infrastructure & Operations :: Infrastructure: Mail, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Mail
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jan, Unassigned)

References

Details

I got an email from Mozilla <Mozilla@e.mozilla.org> after signing up on https://foundation.mozilla.org/sign-up/.

If I would reply then I would contact:
https://www.hardenize.com/report/e.mozilla.org/1519492837#email_tls
* DHE must be at least 2048 bits
* remove EXPORT and ANON cipher suites

Compare with good examples:
https://www.hardenize.com/report/gmail.com/1519377454#email_tls
https://www.hardenize.com/report/terrax.net/1519181375#email_tls
Blocks: tls-everything
Still bad: https://www.hardenize.com/report/e.mozilla.org/1524705376#email_tls

And please fix DMARC: https://www.hardenize.com/report/e.mozilla.org/1524705376#email_dmarc
> $ dig TXT e.mozilla.org._report._dmarc.vali.email +short
> "v=DMARC1"

e.mozilla.org._report._dmarc.mozilla.com should have the same TXT record.
Received: from mta4.e.mozilla.org (mta4.e.mozilla.org [199.122.127.164])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx.h.terrax.net (Postfix) with ESMTPS id 44JjD23F76z1vQF

Thanks for fixing!

Status: NEW → RESOLVED
Closed: 5 years ago
Depends on: 1520639
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.