Strong Ciphers to use with Postfix

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Strong Ciphers to use with Postfix

Daniel Bareiro
Hi all!

I'm using Debian GNU/Linux Jessie 8.7 with Postfix 2.11.3-1.

I would like to know what you think of the security settings suggested
here [1] for Postfix.

I have tested it against this [2] site, but it seems that fails to
discard other ciphers; on "Weak ciphers" I get "supported
RSA_WITH_RC4_128_SHA".



Thanks in advance.

Kind regards,
Daniel

[1] https://cipherli.st
[2] https://ssl-tools.net/mailservers


signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Strong Ciphers to use with Postfix

Fazzina, Angelo
Hi,
Here is how I am dealing with "weak ciphers"
You may be able to do the same type of config ?


In /etc/postfix/main.cf


# -ALF 2016-09-07
# disable RC4 ciphers with TLS connections.
#smtpd_tls_exclude_ciphers = RC4, aNULL
# -ALF 2017-01-09
# disable weak ciphers, and RC4 ciphers
smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL
#-ALF 2107-01-09
# disable SWEET32 ciphers, weak ciphers, and RC4 ciphers
#smtpd_tls_exclude_ciphers = IDEA-CBC-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL



-Angelo Fazzina
Operating Systems Programmer / Analyst
University of Connecticut,  UITS, SSG, Server Systems
860-486-9075

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Daniel Bareiro
Sent: Friday, February 17, 2017 9:40 AM
To: Postfix users <[hidden email]>
Subject: Strong Ciphers to use with Postfix

Hi all!

I'm using Debian GNU/Linux Jessie 8.7 with Postfix 2.11.3-1.

I would like to know what you think of the security settings suggested
here [1] for Postfix.

I have tested it against this [2] site, but it seems that fails to
discard other ciphers; on "Weak ciphers" I get "supported
RSA_WITH_RC4_128_SHA".



Thanks in advance.

Kind regards,
Daniel

[1] https://cipherli.st
[2] https://ssl-tools.net/mailservers

Reply | Threaded
Open this post in threaded view
|

Re: Strong Ciphers to use with Postfix

Dominic Raferd
On 17 February 2017 at 14:43, Fazzina, Angelo <[hidden email]> wrote:

> Hi,
> Here is how I am dealing with "weak ciphers"
> You may be able to do the same type of config ?
>
>
> In /etc/postfix/main.cf
>
>
> # -ALF 2016-09-07
> # disable RC4 ciphers with TLS connections.
> #smtpd_tls_exclude_ciphers = RC4, aNULL
> # -ALF 2017-01-09
> # disable weak ciphers, and RC4 ciphers
> smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL
> #-ALF 2107-01-09
> # disable SWEET32 ciphers, weak ciphers, and RC4 ciphers
> #smtpd_tls_exclude_ciphers = IDEA-CBC-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL
>
>
>
> -Angelo Fazzina
> Operating Systems Programmer / Analyst
> University of Connecticut,  UITS, SSG, Server Systems
> 860-486-9075
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Daniel Bareiro
> Sent: Friday, February 17, 2017 9:40 AM
> To: Postfix users <[hidden email]>
> Subject: Strong Ciphers to use with Postfix
>
> Hi all!
>
> I'm using Debian GNU/Linux Jessie 8.7 with Postfix 2.11.3-1.
>
> I would like to know what you think of the security settings suggested
> here [1] for Postfix.
>
> I have tested it against this [2] site, but it seems that fails to
> discard other ciphers; on "Weak ciphers" I get "supported
> RSA_WITH_RC4_128_SHA".
>

As I have learned from here, if your MTA is receiving from the world
or sending to the world there is little point in enforcing
super-strong ciphers on the corresponding connection (smtpd or smtp).
If you refuse all unencrypted communication, and only permit
super-strong ciphers, you may not be able to receive or send some
emails, because not all (even genuine) MTAs will support this; but
otherwise if you only permit super-strong ciphers you will just get
more unencrypted communication. Of course it is usually
pointless/unwise to permit broken ciphers, but these are anyway
disabled by default in postfix.
Reply | Threaded
Open this post in threaded view
|

Re: Strong Ciphers to use with Postfix

Daniel Bareiro
In reply to this post by Fazzina, Angelo

On 17/02/17 11:43, Fazzina, Angelo wrote:

> Hi,

Hi, Angelo.

Thanks for your prompt reply.

> Here is how I am dealing with "weak ciphers"
> You may be able to do the same type of config ?
>
>
> In /etc/postfix/main.cf
>
>
> # -ALF 2016-09-07
> # disable RC4 ciphers with TLS connections.
> #smtpd_tls_exclude_ciphers = RC4, aNULL
> # -ALF 2017-01-09
> # disable weak ciphers, and RC4 ciphers
> smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL
> #-ALF 2107-01-09
> # disable SWEET32 ciphers, weak ciphers, and RC4 ciphers
> #smtpd_tls_exclude_ciphers = IDEA-CBC-SHA, DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL
I tried this configuration and I get in the test that now it does not
found weak ciphers. Thanks for sharing!

So I think this would replace this lines of https://cipherli.st:

------------------------------------------------------------------
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = AES128+EECDH:AES128+EDH
------------------------------------------------------------------

right? Or do you think some of those other lines should be included?


What do you think of the other lines mentioned?

------------------------------------------------------------------
smtpd_use_tls=yes
smtpd_tls_security_level = may (X)
smtpd_tls_auth_only = yes
smtpd_tls_cert_file=/etc/ssl/postfix.cert
smtpd_tls_key_file=/etc/ssl/postfix.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache (X)
------------------------------------------------------------------

Currently I have not configured the lines with an "X".

I'm using currently "smtpd_tls_security_level = may" that use TLS if
this is supported by the remote SMTP server, otherwise use plaintext.
But I'm not using "smtpd_tls_security_level = may". I see the default
value for this parameter is empty. Is that equivalent to "none"?


Thanks for your time.


Kind regards,
Daniel


signature.asc (188 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Strong Ciphers to use with Postfix

L.P.H. van Belle
In reply to this post by Dominic Raferd
Hai,

It all depends all in what you need and want.

After monitoring for about a year on with or without encryption.
I have 0 unecrypted mail servers found and a handfull of SSLv2 or V3.
Which i simply dont allow anymore. ( The sslv2/v3 )
Due to the dutch "Privacy laws" users are oblgated to have/use encrypted lines. And a lot should be encrypted.

So I preffer a high but compatible set.
A setup like this : https://tls.imirhil.fr/smtp/mail.van-belle.nl 
My prefered site to check ciphersets.  
Im also running debian jessie postfix 2.11.

And yes, there is always room for improvements, but my cipher check shows me the following and im happy with it.

      2 TLSv1 with cipher AES256-SHA
      6 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
     13 TLSv1.2 with cipher AES256-SHA
     27 TLSv1.1 with cipher ECDHE-RSA-AES256-SHA
     34 TLSv1.2 with cipher DHE-RSA-AES256-SHA256
    103 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA
    302 TLSv1 with cipher DHE-RSA-AES256-SHA
    772 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384
   2307 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
  11684 TLSv1 with cipher ECDHE-RSA-AES256-SHA


# Add these to log you ciphers used.
smtp_tls_loglevel=1
smtpd_tls_loglevel=1

# check encrypted connections with :
# grep "connection established from.*with cipher" /var/log/mail.log|awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' |sort|uniq -c| sort -n
# check for clear text connections:
# grep "connection established from" /var/log/mail.log | grep -v cipher| awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | sort | uniq -c | sort -n

# outgoing connections: smtp
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_ciphers = high
smtp_tls_exclude_ciphers = MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes

# incoming connections: smtpd
smtpd_use_tls = yes
smtpd_enforce_tls = no
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES
#, RSA+AES
smtpd_tls_eecdh_grade = ultra



Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: [hidden email] [mailto:[hidden email]]
> Namens Dominic Raferd
> Verzonden: vrijdag 17 februari 2017 16:05
> Aan: Postfix users
> Onderwerp: Re: Strong Ciphers to use with Postfix
>
> On 17 February 2017 at 14:43, Fazzina, Angelo <[hidden email]>
> wrote:
> > Hi,
> > Here is how I am dealing with "weak ciphers"
> > You may be able to do the same type of config ?
> >
> >
> > In /etc/postfix/main.cf
> >
> >
> > # -ALF 2016-09-07
> > # disable RC4 ciphers with TLS connections.
> > #smtpd_tls_exclude_ciphers = RC4, aNULL
> > # -ALF 2017-01-09
> > # disable weak ciphers, and RC4 ciphers
> > smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4,
> aNULL
> > #-ALF 2107-01-09
> > # disable SWEET32 ciphers, weak ciphers, and RC4 ciphers
> > #smtpd_tls_exclude_ciphers = IDEA-CBC-SHA, DES-CBC3-SHA, EDH-RSA-DES-
> CBC3-SHA, RC4, aNULL
> >
> >
> >
> > -Angelo Fazzina
> > Operating Systems Programmer / Analyst
> > University of Connecticut,  UITS, SSG, Server Systems
> > 860-486-9075
> >
> > -----Original Message-----
> > From: [hidden email] [mailto:owner-postfix-
> [hidden email]] On Behalf Of Daniel Bareiro
> > Sent: Friday, February 17, 2017 9:40 AM
> > To: Postfix users <[hidden email]>
> > Subject: Strong Ciphers to use with Postfix
> >
> > Hi all!
> >
> > I'm using Debian GNU/Linux Jessie 8.7 with Postfix 2.11.3-1.
> >
> > I would like to know what you think of the security settings suggested
> > here [1] for Postfix.
> >
> > I have tested it against this [2] site, but it seems that fails to
> > discard other ciphers; on "Weak ciphers" I get "supported
> > RSA_WITH_RC4_128_SHA".
> >
>
> As I have learned from here, if your MTA is receiving from the world
> or sending to the world there is little point in enforcing
> super-strong ciphers on the corresponding connection (smtpd or smtp).
> If you refuse all unencrypted communication, and only permit
> super-strong ciphers, you may not be able to receive or send some
> emails, because not all (even genuine) MTAs will support this; but
> otherwise if you only permit super-strong ciphers you will just get
> more unencrypted communication. Of course it is usually
> pointless/unwise to permit broken ciphers, but these are anyway
> disabled by default in postfix.


Reply | Threaded
Open this post in threaded view
|

Re: Strong Ciphers to use with Postfix

Viktor Dukhovni
In reply to this post by Daniel Bareiro
On Fri, Feb 17, 2017 at 12:44:35PM -0300, Daniel Bareiro wrote:

Do not confuse opportunistic TLS in SMTP with browser to webserver
TLS in HTTPS.  In the name of improving security such settings make
your MTA less secure.  There are still many systems that can only
do TLS 1.0 and not TLS 1.1 or TLS 1.2.  Other systems may not
support your rather narrow choice of ciphersuites.

In the absence of interoperable TLS capabilities, many systems will
send you email in the clear.  Is that an improvement?  Other systems
may not be able to send at all.  See RFC7435.

Postfix has sensible default TLS settings, despite what some clueless
checklist may suggest.

> So I think this would replace this lines of https://cipherli.st:
>
> ------------------------------------------------------------------
> smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
> smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
> smtpd_tls_mandatory_ciphers = medium
> tls_medium_cipherlist = AES128+EECDH:AES128+EDH
> ------------------------------------------------------------------

Better yet, ignore that site and its counterproductive advice.

> smtpd_use_tls=yes

Obsolete legacy setting.

> smtpd_tls_security_level = may (X)

Its current replacement.

> smtpd_tls_auth_only = yes
> smtpd_tls_cert_file=/etc/ssl/postfix.cert
> smtpd_tls_key_file=/etc/ssl/postfix.key

Good.

> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache (X)

With Postfix 2.11 and later, session tickets (stored by the client)
are preferred and a server-side cache is no longer recommended.
Leave empty unless running an older Postfix version.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Strong Ciphers to use with Postfix

Daniel Bareiro
In reply to this post by L.P.H. van Belle


On 17/02/17 12:46, L.P.H. van Belle wrote:
> Hai,

Hi, Louis.

> It all depends all in what you need and want.
>
> After monitoring for about a year on with or without encryption.
> I have 0 unecrypted mail servers found and a handfull of SSLv2 or V3.
> Which i simply dont allow anymore. ( The sslv2/v3 )
> Due to the dutch "Privacy laws" users are oblgated to have/use encrypted lines. And a lot should be encrypted.
>
> So I preffer a high but compatible set.
> A setup like this : https://tls.imirhil.fr/smtp/mail.van-belle.nl 
> My prefered site to check ciphersets.  
> Im also running debian jessie postfix 2.11.
I tried to test against tls.imirhil.fr, but the check ends with an error
saying that the process lasted more than 2 min. I'm not sure what might
be the cause of this. In mail.log I see the received connections to make
the checks.

> And yes, there is always room for improvements, but my cipher check shows me the following and im happy with it.
>
>       2 TLSv1 with cipher AES256-SHA
>       6 TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384
>      13 TLSv1.2 with cipher AES256-SHA
>      27 TLSv1.1 with cipher ECDHE-RSA-AES256-SHA
>      34 TLSv1.2 with cipher DHE-RSA-AES256-SHA256
>     103 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA
>     302 TLSv1 with cipher DHE-RSA-AES256-SHA
>     772 TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384
>    2307 TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
>   11684 TLSv1 with cipher ECDHE-RSA-AES256-SHA
Very interesting statistics.

> # Add these to log you ciphers used.
> smtp_tls_loglevel=1
> smtpd_tls_loglevel=1
>
> # check encrypted connections with :
> # grep "connection established from.*with cipher" /var/log/mail.log|awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' |sort|uniq -c| sort -n
> # check for clear text connections:
> # grep "connection established from" /var/log/mail.log | grep -v cipher| awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | sort | uniq -c | sort -n

Thanks for sharing these scripts to total the connections with each cipher.

> # outgoing connections: smtp
> smtp_tls_protocols = !SSLv2,!SSLv3

I have not explicitly defined this variable, so I have the default value
that is:

smtp_tls_protocols = !SSLv2

So I think it may be advisable to add !SSLv3.

> smtp_tls_ciphers = high

I have not explicitly defined this variable, so I have the default value
that is "export".

I was reading the documentation [1] where reference is made to "minimum
TLS cipher grade", but I'm not clear how these degrees are defined.

> smtp_tls_exclude_ciphers = MD5,SRP,PSK,aDSS,kECDH,kDH,SEED,IDEA,RC2,RC5,RC4

> smtp_tls_security_level = may

Here for smtp_tls_security_level I also have the same configuration.

> smtp_tls_note_starttls_offer = yes

I have not explicitly defined this variable, so I have the default value
that is "no". I was reading the documentation about this and it says
"Log the hostname of a remote SMTP server that offers STARTTLS, when TLS
is not already enabled for that server". This is not clear to me or
maybe I'm missing something. If the remote server provides STARTTLS,
then is not TLS enabled on that server?

> # incoming connections: smtpd
> smtpd_use_tls = yes
> smtpd_enforce_tls = no

Here we agree. The smtpd_enforce_tls variable is not declared in my
main.cf, but the value "no" is the default.

> smtpd_tls_protocols = !SSLv2,!SSLv3

I have not declared specifically this variable in my main.cf, and I see
that it is empty:

# postconf | grep smtpd_tls_protocols
smtpd_tls_protocols =
tlsproxy_tls_protocols = $smtpd_tls_protocols

In the Postfix documentation [2] I see that the default value is
!SSLv2,!SSLv3. Maybe this has changed in recent versions? I'm using
Postfix 2.11.3-1 en Debian Jessie 8.7.

> smtpd_tls_ciphers = high

Here I have a question similar to the one I mentioned for
smtp_tls_ciphers. How are these cipher grades [3] defined? Here I am
also using the value "export", since I have not explicitly defined this
variable in main.cf.

> smtpd_tls_exclude_ciphers = eNULL, aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, CAMELLIA256, 3DES
> #, RSA+AES

Despite having smtpd_tls_protocols with a empty value, when testing on
ssl-tools.net, it shows that I am not using weak ciphers (it shows an
SSL3 that is crossed out). Is this related to the values in the
smtpd_tls_exclude_ciphers variable suggested by Angelo (DEA-CBC-SHA,
DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC4, aNULL)?

> smtpd_tls_eecdh_grade = ultra

Here I have the default value, which is "strong". It seems to be an
acceptable value from what I see in the documentation [4].


Thanks for your reply and your time.

Kind regards,
Daniel

[1] http://www.postfix.org/postconf.5.html#smtp_tls_ciphers
[2] http://www.postfix.org/postconf.5.html#smtpd_tls_protocols
[3] http://www.postfix.org/postconf.5.html#smtpd_tls_ciphers
[4] http://www.postfix.org/postconf.5.html#smtpd_tls_eecdh_grade


signature.asc (188 bytes) Download Attachment