Wireshark-users: [Wireshark-users] MiTM launched that tricks Getmail and Maildrop?

From: Miroslav Rovis <miro.rovis@xxxxxxxxxxxxxxxxx>
Date: Wed, 13 Dec 2017 20:51:23 +0000

I've prepared a page with the info:

"bad message from server!" and 144 msgs truncated

I'm also asking about this devs at Getmail and Courier Maildrop Mailing lists.

I'll be greatful for any expert insight, opinion, advice about this.

To me it looks like the attackers have used Tor, which has been running as
"daemon" which is the Debian/Devuan style, to launch and MiTM, nothing
necessarily clever, but it did ruin lots of my emails which I will never get
nor know which emails those were...

Of course I can't decrypt those conversations... so will never know...

Or is there any more to it?

NOTE: I also note in that page how the bug that I had reported really was bug,
because it is now fixed in my Devuan Ceres Wireshark 2.2.6:
Filtering on (negated) frame.time_relative filters out wrong frame.number
(but this paragraph is a digression)

Thanks for any insight from the more knowledgeable! Regards!

Miroslav Rovis
Zagreb, Croatia

Attachment: signature.asc
Description: PGP signature