From 30885bcc8a35a95f904adbe0cc7ed09ba469e93f Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Mon, 20 Jan 2020 05:50:52 -0500 Subject: [PATCH] Downgrade TLS settings for port 25, partially reverting f53b18ebb9b1c4c9aba95b3a26bee2be85f8002f Port 25 now is aligned with Mozilla's "Old" recommendations at https://ssl-config.mozilla.org/#server=postfix&server-version=3.3.0&config=old&openssl-version=1.1.1. See #1705 --- setup/mail-postfix.sh | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/setup/mail-postfix.sh b/setup/mail-postfix.sh index 695884ea..0a66cb0f 100755 --- a/setup/mail-postfix.sh +++ b/setup/mail-postfix.sh @@ -80,7 +80,7 @@ tools/editconf.py /etc/postfix/main.cf \ # OpenDKIM milter only. See dkim.sh. # * Even though we dont allow auth over non-TLS connections (smtpd_tls_auth_only below, and without auth the client cant # send outbound mail), don't allow non-TLS mail submission on this port anyway to prevent accidental misconfiguration. -# By putting this setting here we leave opportunistic TLS on incoming mail at default cipher settings (any cipher is better than none). +# Setting smtpd_tls_security_level=encrypt also triggers the use of the 'mandatory' settings below. # * Give it a different name in syslog to distinguish it from the port 25 smtpd server. # * Add a new cleanup service specific to the submission service ('authclean') # that filters out privacy-sensitive headers on mail being sent out by @@ -106,25 +106,34 @@ cp conf/postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_f sed -i "s/PRIMARY_HOSTNAME/$PRIMARY_HOSTNAME/" /etc/postfix/outgoing_mail_header_filters sed -i "s/PUBLIC_IP/$PUBLIC_IP/" /etc/postfix/outgoing_mail_header_filters -# Enable TLS on these and all other connections (i.e. ports 25 *and* 587) and -# require TLS before a user is allowed to authenticate. This also makes -# opportunistic TLS available on *incoming* mail. -# Set stronger DH parameters, which via openssl tend to default to 1024 bits. -# Use Mozilla's "Intermediate" TLS recommendations from https://ssl-config.mozilla.org/#server=postfix&server-version=3.3.0&config=intermediate&openssl-version=1.1.1 -# (but use and override the "high" cipher list so we don't conflict with the -# more permissive settings for outgoing mail). +# Enable TLS on incoming connections. It is not required on port 25, allowing for opportunistic +# encryption. On port 587 it is mandatory (see above). Shared and non-shared settings are +# given here. Shared settings include: +# * Require TLS before a user is allowed to authenticate. +# * Set the path to the server TLS certificate and 2048-bit DH parameters for old DH ciphers. +# For port 25 only: +# * Disable extremely old versions of TLS and extremely unsafe ciphers, but some mail servers out in +# the world are very far behind and if we disable too much, they may not be able to use TLS and +# won't fall back to cleartext. So we don't disable too much. smtpd_tls_exclude_ciphers applies to +# both port 25 and port 587, but because we override the cipher list for both, it probably isn't used. +# Use Mozilla's "Old" recommendations at https://ssl-config.mozilla.org/#server=postfix&server-version=3.3.0&config=old&openssl-version=1.1.1 +# For port 587 (via the 'mandatory' settings): +# * Use Mozilla's "Intermediate" TLS recommendations from https://ssl-config.mozilla.org/#server=postfix&server-version=3.3.0&config=intermediate&openssl-version=1.1.1 +# using and overriding the "high" cipher list so we don't conflict with the more permissive settings for port 25. tools/editconf.py /etc/postfix/main.cf \ smtpd_tls_security_level=may\ smtpd_tls_auth_only=yes \ smtpd_tls_cert_file=$STORAGE_ROOT/ssl/ssl_certificate.pem \ smtpd_tls_key_file=$STORAGE_ROOT/ssl/ssl_private_key.pem \ smtpd_tls_dh1024_param_file=$STORAGE_ROOT/ssl/dh2048.pem \ - smtpd_tls_protocols="!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \ + smtpd_tls_protocols="!SSLv2,!SSLv3" \ + smtpd_tls_ciphers=medium \ + tls_medium_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA \ + smtpd_tls_exclude_ciphers=aNULL,RC4 \ smtpd_tls_mandatory_protocols="!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \ - smtpd_tls_ciphers=high \ smtpd_tls_mandatory_ciphers=high \ - smtpd_tls_exclude_ciphers= \ tls_high_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 \ + smtpd_tls_mandatory_exclude_ciphers=aNULL,DES,3DES,MD5,DES+MD5,RC4 \ tls_preempt_cipherlist=no \ smtpd_tls_received_header=yes @@ -150,7 +159,7 @@ tools/editconf.py /etc/postfix/main.cf \ # Since we'd rather have poor encryption than none at all, we use Mozilla's # "Old" recommendations at https://ssl-config.mozilla.org/#server=postfix&server-version=3.3.0&config=old&openssl-version=1.1.1 # for opportunistic encryption but "Intermediate" recommendations when DANE -# is used (see next and above). +# is used (see next and above). The cipher lists are set above. # DANE takes this a step further: # Postfix queries DNS for the TLSA record on the destination MX host. If no TLSA records are found, @@ -166,8 +175,7 @@ tools/editconf.py /etc/postfix/main.cf \ tools/editconf.py /etc/postfix/main.cf \ smtp_tls_protocols=\!SSLv2,\!SSLv3 \ smtp_tls_ciphers=medium \ - tls_medium_cipherlist=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA \ - smtp_tls_exclude_ciphers= \ + smtp_tls_exclude_ciphers=aNULL,RC4 \ smtp_tls_security_level=dane \ smtp_dns_support_level=dnssec \ smtp_tls_mandatory_protocols="!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \