On Sat, 2010-09-25 at 03:31 +0200, Karsten Bräckelmann wrote: > On Fri, 2010-09-24 at 19:40 -0500, Chris wrote:
> > http://pastebin.com/LqVtvjgM > > OK, wait. That sample is really an example showing the DKIM headers, > sent by *you*. Right? It's authenticated. > Hmm, from your original pastebin: > > Authentication-Results: smtp03.embarq.synacor.com smtp.user=thewhedbees; > auth=pass (LOGIN) > Received: from [201.216.4.186] ([201.216.4.186:4248] helo=User) by > mailrelay.embarq.synacor.com (envelope-from <al...@embarqmail.com>) > (ecelerity 2.2.2.40 r(29895/29896)) with ESMTPA id DB/9E-17249-7F22B9C4; > Thu, 23 Sep 2010 05:54:58 -0400 ESMTPA. AUTH LOGIN. That's an authenticated submission. Not encrypted using SSL/TLS, but plain text. Using LOGIN authentication, which is base64 encoded. Equivalent to plain text. Anyone wonder how to steal those user passwords? (BTW, you did not use TLS either. :/) -- char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4"; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1: (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
