Page 1 of 1

Ooma notification emails sent without TLS

Posted: Wed Apr 07, 2021 5:47 am
by koehn
I noticed that Ooma's email notifications are sent without use of TLS (I would expect to see `with ESMTPS` on the `Received` headers). This is insecure, and on most mail servers can easily be fixed with a configuration setting. Would whomever manages Ooma's SMTP servers be willing to change this setting?

Code: Select all

Return-Path: <notify-[redacted]@ooma.com>
Delivered-To: [redacted]
Received: from virtmailprod1.ooma.com (virtmailprod1.ooma.com [208.83.246.254])
	by mail.koehn.com (Postfix) with ESMTP id 4A1C66003F
	for <[redacted]>; Tue,  6 Apr 2021 22:03:57 +0000 (UTC)
Authentication-Results: mail.koehn.com;
	dkim=pass (1024-bit key; unprotected) header.d=ooma.com header.i=@ooma.com header.b="qR5Y/PHX";
	dkim-atps=neutral
Received: from ooma.com (vmwebs3-eqix-sv5.ooma.internal [172.22.9.197])
	by virtmailprod1.ooma.com (Postfix) with ESMTP id E83E93003FA0
	for <[redacted]>; Tue,  6 Apr 2021 22:03:55 +0000 (GMT)