[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: SMTP TLS delivery fallback
From:       Viktor Dukhovni <postfix-users () dukhovni ! org>
Date:       2020-08-19 16:08:43
Message-ID: 20200819160843.GE86346 () straasha ! imrryr ! org
[Download RAW message or body]

On Thu, Aug 20, 2020 at 01:33:16AM +1000, Nikolai Lusan wrote:

> Personally I have:
> 
> smtp_tls_security_level = may
> smtpd_tls_security_level = may
> smtp_tls_note_starttls_offer = yes

The last one one is redundant, unless you also have a policy table with
security level set to "none" for some destinatons.

> smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1 !TLSv1.1 TLSv1.2 TLSv1.3
> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 TLSv1.2 TLSv1.3

It is best to NOT list the inclusions, instead, list only the
exclusions.  With Postfix 3.6, the preferred syntax will be:

    smtp_tls_protocols = >=TLSv1.2
    smtp_tls_mandatory_protocols = >=TLSv1.2

Which is a lower-bound, you can alternatively/also set an upper bound,
for example:

    smtp_tls_protocols = >=TLSv1, <=TLSv1.2
    smtp_tls_mandatory_protocols = >=TLSv1.2, <=TLSv1.3

> smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, KDH, SEED, aNULL, RC4, PSD, \
> SRP, 3DES, RC2, aDSS, IDEA, kECDH, eNULL smtpd_tls_exclude_ciphers = MD5, DES, ADH, \
> KDH, SEED, aNULL, RC4,PSD, SRP, 3DES, RC2, aDSS, IDEA, kECDH, eNULL

This looks somewhat cargo-culted, in particular:

    - There was IIRC never any set of "PSD" ciphers, perhaps you meant "PSK"?

    - There was never any set of "KDH" ciphers, you likely meant "kDH",
      to go along with "kECDH", both are indeed deprecated, and by
      default no longer enabled in OpenSSL 1.1.1.

    - Why are you disabling aNULL?  Generally, when Postfix does
      opportunistic TLS (security level "may" or "encrypt"), the aNULL
      (i.e. ADH + AECDH) ciphers are left enabled.

    - Why are you disabling ADH?  It is a strict subset of aNULL.

    - There is no need to exclue "eNULL" (twice!), that exclusion is built-in.

> tls_high_cipherlist = \
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+C \
> AMELLIA256:+AES256:!CAMELLIA128:!AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!P \
> SK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:!CAMELLIA128-SHA:!AES128-SHA

This is not a good idea.  Go with the defaults.

-- 
    Viktor.


[prev in list] [next in list] [prev in thread] [next in thread]