Ooma notification emails sent without TLS

Got something else to discuss that is not covered by the previous forums? Post it here!
Joined:Tue Feb 10, 2009 10:57 am
Ooma notification emails sent without TLS

Post by koehn » Wed Apr 07, 2021 5:47 am

I noticed that Ooma's email notifications are sent without use of TLS (I would expect to see `with ESMTPS` on the `Received` headers). This is insecure, and on most mail servers can easily be fixed with a configuration setting. Would whomever manages Ooma's SMTP servers be willing to change this setting?

Code: Select all

Return-Path: <notify-[redacted]@ooma.com>
Delivered-To: [redacted]
Received: from virtmailprod1.ooma.com (virtmailprod1.ooma.com [])
	by mail.koehn.com (Postfix) with ESMTP id 4A1C66003F
	for <[redacted]>; Tue,  6 Apr 2021 22:03:57 +0000 (UTC)
Authentication-Results: mail.koehn.com;
	dkim=pass (1024-bit key; unprotected) header.d=ooma.com header.i=@ooma.com header.b="qR5Y/PHX";
Received: from ooma.com (vmwebs3-eqix-sv5.ooma.internal [])
	by virtmailprod1.ooma.com (Postfix) with ESMTP id E83E93003FA0
	for <[redacted]>; Tue,  6 Apr 2021 22:03:55 +0000 (GMT)

Post Reply