[tor-bugs] #6310 [TorBirdy]: Torbirdy warns about a possible unsafe connection over Port 143, when using STARTTLS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 19 05:42:16 UTC 2013
#6310: Torbirdy warns about a possible unsafe connection over Port 143, when using
STARTTLS
--------------------------+------------------------------------
Reporter: janssen | Owner: ioerror
Type: task | Status: closed
Priority: normal | Milestone:
Component: TorBirdy | Version:
Resolution: wontfix | Keywords: starttls 143 port imap
Actual Points: | Parent ID:
Points: |
--------------------------+------------------------------------
Changes (by sukhbir):
* status: reopened => closed
* resolution: => wontfix
Comment:
Replying to [comment:5 harrincourt]:
> I received the same message regarding unsafe (unencrypted) connection
over port 143 (STARTTLS). I did change manually the settings as the
mailaccount did not work with pop.
Yes, this is expected. Port 143 is for plain IMAP and you should not be
using that over Tor since you can leak your password and/or emails at the
exit node. Please see this for more information: https://www.eff.org/pages
/tor-and-https. To prevent this, TorBirdy enforces IMAP over SSL/TLS for
all existing and new accounts (port 993) and you ''should not'' change
this setting.
> Using TorBirdy 0.1.2., Thunderbird 24.1.0, Fedora 19 and an
openmailbox.org mailacccount.
You should ask openmailbox.org if they support SSL for their IMAP/POP/SMTP
accounts. If they do not, I don't recommend that you use Tor with this
account and you should change your password just to be sure.
Find an email provider that support SSL; most of them do these days. Then
revert the settings back to their default (uninstall and reinstall
TorBirdy) and then use the new account with SSL support.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6310#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list