I look after a few email servers and after implementing much stricter encryption settings at the start of the year, I noticed some emails were never making it to accounts - being rejected at the negotiation stage (where the remote server sending the email agrees an encryption protocol and cipher with the local server).
I was puzzled by this. TLS is hardly new, yet these servers were only ever attempting to use SSLv3 and then failing to 'upgrade' to TLS - not even TLS1.0. Poor show.
This isn't unique either - I periodically run a script which reports the spread of protocols and ciphers of incoming email connections; here's a sample from one server for the last hour...
151 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 1 TLSv1.2 with cipher DHE-RSA-AES128-SHA 1 TLSv1.2 with cipher DHE-RSA-AES256-SHA256 52 TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 69 TLSv1.2 with cipher AES128-SHA 86 SSLv3 with cipher DHE-RSA-AES256-SHA
WTF! OK, so the overwhelming number of sending MTAs are using TLS1.2 with a strong cipher, great. Note, NONE are using TLSv1.3. 🙁 But 86 MTAs still using SSLv3 with DHE-RSA-AES256-SHA?! Seriously...
If you run Postfix or equivalent MTA, this oneliner into a bash script will give you a nice tabulated output on demand[1]I typically filter 'unknown' connections as they're usually connecting clients. If you want to include those, remove the piped section where I grep -v (inverting a match). For the full output, only … Continue reading:
#!/bin/sh egrep "TLS connection established from.*with cipher" /var/log/maillog | grep -v -E "unknown\[" | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | sort | uniq -c | sort -
Please mailops, sort it out. SSLv3 needs to be dead already. I understand the pragmatic approach of supporting SSLv3 for incoming, but at some point we need to collectively draw a line in the sand.
Here's a handy list of ciphers and compatibility recommendations, and here's a quick guide for RHEL OSes on how to quickly disable SSLv2 and SSLv3 support in Postfix.
Bonus Postfix config excerpts
smtpd_tls_mandatory_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, DES, ADH, RC2, RC4, RC5, PSD, SRP, 3DES, eNULL, aNULL smtp_tls_mandatory_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, DES, ADH, RC2, RC4, RC5, PSD, SRP, 3DES, eNULL, aNULL smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA smtp_tls_exclude_ciphers = ${smtpd_tls_exclude_ciphers} smtp_tls_protocols = !TLSv1, !SSLv2, !SSLv3 smtpd_tls_protocols = !TLSv1, !SSLv2, # denying SSLv3 bars too many legit emails, so permitted for now. smtp_tls_ciphers = high smtpd_tls_ciphers = high smtpd_tls_mandatory_protocols = !TLSv1, !SSLv2 smtp_tls_mandatory_protocols = !TLSv1, !SSLv2, !SSLv3 smtp_tls_mandatory_ciphers = high smtpd_tls_mandatory_ciphers = high smtpd_tls_auth_only = yes tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128 -SHA:AES128-SHA
While not a complete config, hopefully it gives you some inspiration.
Further reading: better encryption and Postfix hardening
- https://access.redhat.com/articles/1468593 (a worthy read)
- https://serverfault.com/a/836687/32054
- https://ubuntuforums.org/showthread.php?t=1981839
- If you want to be ultra-strict, you'll have to bodge workarounds for some senders like GMail who still use weaker ciphers.
- https://blog.kruyt.org/postfix-and-tls-encryption/
- https://bettercrypto.org/static/applied-crypto-hardening.pdf
- http://www.postfix.org/postconf.5.html#reject_non_fqdn_helo_hostname
- https://www.linuxquestions.org/questions/linux-server-73/how-to-reject-addresses-by-tld-in-postfix-678757/
- https://www.howtoforge.com/virtual_postfix_antispam
- https://unix.stackexchange.com/questions/91749/helo-command-rejected-need-fully-qualified-hostname-error
Any thoughts / want to agree or disagree with anything I've said? Tweet or comment below, insight from others is always a good learning opportunity.
References
↑1 | I typically filter 'unknown' connections as they're usually connecting clients. If you want to include those, remove the piped section where I grep -v (inverting a match). For the full output, only run the first command in the chain. |
---|