Ooma notification emails sent without TLS
Posted: Wed Apr 07, 2021 5:47 am
I noticed that Ooma's email notifications are sent without use of TLS (I would expect to see `with ESMTPS` on the `Received` headers). This is insecure, and on most mail servers can easily be fixed with a configuration setting. Would whomever manages Ooma's SMTP servers be willing to change this setting?
Code: Select all
Return-Path: <notify-[redacted]@ooma.com> Delivered-To: [redacted] Received: from virtmailprod1.ooma.com (virtmailprod1.ooma.com [184.108.40.206]) by mail.koehn.com (Postfix) with ESMTP id 4A1C66003F for <[redacted]>; Tue, 6 Apr 2021 22:03:57 +0000 (UTC) Authentication-Results: mail.koehn.com; dkim=pass (1024-bit key; unprotected) header.d=ooma.com firstname.lastname@example.org header.b="qR5Y/PHX"; dkim-atps=neutral Received: from ooma.com (vmwebs3-eqix-sv5.ooma.internal [172.22.9.197]) by virtmailprod1.ooma.com (Postfix) with ESMTP id E83E93003FA0 for <[redacted]>; Tue, 6 Apr 2021 22:03:55 +0000 (GMT)