From owner-freebsd-questions@freebsd.org Fri Aug 14 05:57:11 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3782E3B55FB for ; Fri, 14 Aug 2020 05:57:11 +0000 (UTC) (envelope-from 4250.82.1d4c20008681dc1.93f2efa66d611ddaf065c67bb05db590@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BSXlB2p4Nz4HYR for ; Fri, 14 Aug 2020 05:57:10 +0000 (UTC) (envelope-from 4250.82.1d4c20008681dc1.93f2efa66d611ddaf065c67bb05db590@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1597384630; x=1599976630; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=2w9o8L+AOgCp+ms8r+MboaVUu0EJ3pZPv5RV1oCi5tk=; b=iOWKEpd0BRZc8BuMd+V7N34U7Szri2qLnzJ2pAmw3c9DcG2zYdu0WixEJx6xKi5KXIpMD96rnXX7bGRoY0G8suaVSmuUCaFRh+g1w6YMoWoojFmcC01kqXTwDGJJzY9k+GCVgbzgweX6dK3Fm86BCKjrKYWO6FxS7oo9GGffYQA= X-Thread-Info: NDI1MC45Mi4xZDRjMjAwMDg2ODFkYzEuZnJlZWJzZC1xdWVzdGlvbnM9ZnJlZWJzZC5vcmc= Received: from r1.us-west-2.aws.in.socketlabs.com (r1.us-west-2.aws.in.socketlabs.com [142.0.190.1]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Fri, 14 Aug 2020 01:57:06 -0400 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r1.us-west-2.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Fri, 14 Aug 2020 01:57:03 -0400 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.94 (FreeBSD)) (envelope-from ) id 1k6Si5-0007vT-ES; Fri, 14 Aug 2020 06:57:01 +0100 Date: Fri, 14 Aug 2020 06:57:01 +0100 From: Steve O'Hara-Smith To: Polytropon Cc: Aryeh Friedman , =?UTF-8?B?QW5kcsOp?= Boon , FreeBSD Mailing List Subject: Re: OT: Dealing with a hosting company with it's head up it's rear end Message-Id: <20200814065701.2b390145ac6d189161bc31b4@sohara.org> In-Reply-To: <20200814004312.bb0dd9f1.freebsd@edvax.de> References: <40xvq0.qf0q3x.1hge1ap-qmf@smtp.boon.family> <20200814004312.bb0dd9f1.freebsd@edvax.de> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4BSXlB2p4Nz4HYR X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=iOWKEpd0; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.82.1d4c20008681dc1.93f2efa66d611ddaf065c67bb05db590@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.82.1d4c20008681dc1.93f2efa66d611ddaf065c67bb05db590@email-od.com X-Spamd-Result: default: False [-0.84 / 15.00]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; NEURAL_HAM_SHORT(-0.61)[-0.615]; FORGED_SENDER(0.30)[steve@sohara.org,4250.82.1d4c20008681dc1.93f2efa66d611ddaf065c67bb05db590@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.82.1d4c20008681dc1.93f2efa66d611ddaf065c67bb05db590@email-od.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.03)[-1.029]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-0.99)[-0.994]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[142.0.176.198:from]; RWL_MAILSPIKE_VERYGOOD(0.00)[142.0.176.198:from]; FREEMAIL_CC(0.00)[gmail.com,andreboon.nl,freebsd.org]; SUSPICIOUS_RECIPS(1.50)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2020 05:57:11 -0000 On Fri, 14 Aug 2020 00:43:12 +0200 Polytropon wrote: > On Thu, 13 Aug 2020 16:12:18 -0400, Aryeh Friedman wrote: > > They have a whacko firewall config that will eat 443/decrypt it/forward > > it on as plain http via a proxy on the firewall > > So what you're saying is: They don't care about security, > in fact, they're making things worse, by being the "man in > the middle"?! Wow... It is a very common corporate firewall technique, and appropriate in that context. But for a hosting company it seems odd. > "Boohoohoo! SSH is so insecure, we must not allow that!" Again many corporate firewalls don't allow ssh out (or in directly) because tunnelling bypasses the firewalls. And again it seems odd for a hosting company. -- Steve O'Hara-Smith