TLS Handshake Problems

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS Handshake Problems

Nikolaos Milas
Hello,

I have just started using in production a mail server running Postfix
3.2.4 on CentOS 7.4 (fully patched) with openssl 1.0.2k.

This is a new server, replacing an old CentOS 5.11 with Postfix 2.6.11
and OpenSSL 0.9.8e.

On the new server I see errors on particular servers as follows; the
mail is finally delivered but with delay, after being deferred:

Nov 28 12:55:43 vmail2 postfix/submission/smtpd[31782]: 4623A80004F2F:
client=zeus.admin.noa.gr[195.251.204.18], sasl_method=login,
sasl_username=elke.rescom
Nov 28 12:55:43 vmail2 postfix/cleanup[30388]: 4623A80004F2F:
message-id=<[hidden email]>
Nov 28 12:55:43 vmail2 opendkim[4708]: 4623A80004F2F: DKIM-Signature
field added (s=default, d=noa.gr)
Nov 28 12:55:43 vmail2 postfix/qmgr[6529]: 4623A80004F2F:
from=<[hidden email]>, size=747, nrcpt=1 (queue active)
Nov 28 12:55:43 vmail2 postfix/smtp[782]: SSL_connect error to
rcs12.rc.auth.gr[155.207.51.12]:25: lost connection
Nov 28 12:55:43 vmail2 postfix/smtp[782]: 4623A80004F2F: Cannot start
TLS: handshake failure
Nov 28 12:55:43 vmail2 postfix/smtp[782]: SSL_connect error to
rcs13.rc.auth.gr[155.207.144.13]:25: lost connection
Nov 28 12:55:43 vmail2 postfix/smtp[782]: 4623A80004F2F: Cannot start
TLS: handshake failure
Nov 28 12:55:44 vmail2 postfix/smtp[782]: 4623A80004F2F: host
mailsrv1.ccf.auth.gr[155.207.1.1] said: 450 4.7.1 try again later (in
reply to DATA command)
Nov 28 12:55:45 vmail2 postfix/smtp[782]: 4623A80004F2F:
to=<[hidden email]>, relay=mailsrv2.ccf.auth.gr[155.207.1.2]:25,
delay=2.4, delays=0.096/0.001/1
.8/0.52, dsn=4.7.1, status=deferred (host
mailsrv2.ccf.auth.gr[155.207.1.2] said: 450 4.7.1 try again later (in
reply to DATA command))
...
Nov 28 13:01:22 vmail2 postfix/qmgr[6529]: 4623A80004F2F:
from=<[hidden email]>, size=747, nrcpt=1 (queue active)
Nov 28 13:01:22 vmail2 postfix/smtp[782]: SSL_connect error to
rcs12.rc.auth.gr[155.207.51.12]:25: lost connection
Nov 28 13:01:22 vmail2 postfix/smtp[782]: 4623A80004F2F: Cannot start
TLS: handshake failure
Nov 28 13:01:22 vmail2 postfix/smtp[782]: 4623A80004F2F:
to=<[hidden email]>, relay=rcs12.rc.auth.gr[155.207.51.12]:25,
delay=340, delays=339/0.002/0.15/0.35, dsn=2.6.0, status=sent (250 2.6.0
<[hidden email]> Queued mail for delivery)
Nov 28 13:01:22 vmail2 postfix/qmgr[6529]: 4623A80004F2F: removed

On the older server, I didn't see such errors.

Can you please help me understand why this happens and if I can resolve
it by using specific settings?

Here is postconf -n:

# postconf -n
alias_database = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases
alias_maps = hash:/etc/aliases
allowed_gein = check_client_access
cidr:/etc/postfix/gein_admin_ips.cidr,reject
allowed_iaasars = check_client_access
cidr:/etc/postfix/iaasars_admin_ips.cidr,reject
allowed_list1 = check_sasl_access
hash:/etc/postfix/allowed_groupmail_users,reject
allowed_list2 = permit_sasl_authenticated,reject
allowed_meteo = check_client_access
cidr:/etc/postfix/meteo_admin_ips.cidr,reject
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
controlled_senders = check_sender_access hash:/etc/postfix/blocked_senders
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 25
delay_logging_resolution_limit = 3
deliver_lock_attempts = 40
gwcheck = reject_unverified_recipient, reject_unauth_destination
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_header_rewrite_clients = static:all
mail_name = IC-XC-NI-KA
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 41943040
meta_directory = /etc/postfix
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = noa.gr
myhostname = vmail2.noa.gr
mynetworks = 195.251.204.0/24, 195.251.202.0/23, 194.177.194.0/23,
127.0.0.0/8, 10.201.0.0/16, [2001:648:2011::]/48, 83.212.5.24/29,
[2001:648:2ffc:1115::]/64, 62.217.124.0/29, [2001:648:2ffc:126::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
parent_domain_matches_subdomains =
postfwdcheck = check_policy_service inet:127.0.0.1:10040
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix3-3.2.4/README_FILES
recipient_canonical_maps = hash:/etc/postfix/domainrecipientmap
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix3-3.2.4/samples
sender_canonical_maps = hash:/etc/postfix/domainsendermap
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_tls_security_level = may
smtpd_client_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
smtpd_delay_reject = yes
smtpd_end_of_data_restrictions = check_client_access
cidr:/etc/postfix/postfwdpolicy.cidr
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_destinations permit_sasl_authenticated
reject_unverified_recipient reject_unauth_destination
smtpd_restriction_classes =
controlled_senders,allowed_list1,allowed_list2,
allowed_iaasars,allowed_meteo,allowed_gein,postfwdcheck,gwcheck
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/DigiCertCA.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/star_noa_gr-1243437.crt
smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128
smtpd_tls_key_file = /etc/pki/tls/private/star_noa_gr-1243437.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases,
proxy:ldap:/etc/postfix/ldap-alias-vacation.cf,
proxy:ldap:/etc/postfix/ldap-aliases.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /home/vmail/
virtual_mailbox_domains = $mydomain, space.$mydomain, admin.$mydomain,
nestor.$mydomain, gein.$mydomain, meteo.$mydomain, technet.$mydomain,
astro.$mydomain, hesperia-space.eu
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-users.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:500
postconf: warning: /etc/postfix/main.cf: unused parameter:
127.0.0.1:10040_time_limit=3600

Thanks in advance,
Nick


Reply | Threaded
Open this post in threaded view
|

Re: TLS Handshake Problems

Viktor Dukhovni
On Tue, Nov 28, 2017 at 09:27:49PM +0200, Nikolaos Milas wrote:

> Nov 28 12:55:43 vmail2 postfix/smtp[782]: SSL_connect error to rcs12.rc.auth.gr[155.207.51.12]:25: lost connection
> Nov 28 12:55:43 vmail2 postfix/smtp[782]: 4623A80004F2F: Cannot start TLS: handshake failure
> Nov 28 12:55:43 vmail2 postfix/smtp[782]: SSL_connect error to rcs13.rc.auth.gr[155.207.144.13]:25: lost connection
> Nov 28 12:55:43 vmail2 postfix/smtp[782]: 4623A80004F2F: Cannot start TLS: handshake failure
> Nov 28 12:55:44 vmail2 postfix/smtp[782]: 4623A80004F2F: host mailsrv1.ccf.auth.gr[155.207.1.1] said: 450 4.7.1 try again later (in reply to DATA command)
> Nov 28 12:55:45 vmail2 postfix/smtp[782]: 4623A80004F2F: to=<[hidden email]>, relay=mailsrv2.ccf.auth.gr[155.207.1.2]:25, delay=2.4, delays=0.096/0.001/1.8/0.52, dsn=4.7.1, status=deferred (host mailsrv2.ccf.auth.gr[155.207.1.2]
> said: 450 4.7.1 try again later (in reply to DATA command))
>...
> Nov 28 13:01:22 vmail2 postfix/smtp[782]: SSL_connect error to rcs12.rc.auth.gr[155.207.51.12]:25: lost connection
> Nov 28 13:01:22 vmail2 postfix/smtp[782]: 4623A80004F2F: Cannot start TLS: handshake failure
> Nov 28 13:01:22 vmail2 postfix/smtp[782]: 4623A80004F2F: to=<[hidden email]>, relay=rcs12.rc.auth.gr[155.207.51.12]:25, delay=340, delays=339/0.002/0.15/0.35, dsn=2.6.0, status=sent (250 2.6.0
> <[hidden email]> Queued mail for delivery)

This is expected.  The first two MX hosts are ancient Microsoft
Exchange servers, probably on Windows 2003, where the TLS stack
is rather crippled.  Their only working TLS ciphersuite is RC4,
and they only see the first 64 ciphersuites in the TLS HELLO.

The third uses greylisting to force a later retry.

    $ dig +short -t mx rc.auth.gr | sort -n | awk '{print $NF}' | sed 's/\.$//'
    rcs12.rc.auth.gr
    rcs13.rc.auth.gr
    mailsrv1.ccf.auth.gr
    mailsrv2.ccf.auth.gr

    $ for mx in $(dig +short -t mx rc.auth.gr | sort -n | awk '{print $NF}' | sed 's/\.$//')
      do
        posttls-finger -c -Lsummary,ssl-debug "[$mx]"; echo
      done
    posttls-finger: SSL_connect:before/connect initialization
    posttls-finger: SSL_connect:SSLv2/v3 write client hello A
    posttls-finger: SSL_connect error to rcs12.rc.auth.gr[155.207.51.12]:25: lost connection

    posttls-finger: SSL_connect:before/connect initialization
    posttls-finger: SSL_connect:SSLv2/v3 write client hello A
    posttls-finger: SSL_connect error to rcs13.rc.auth.gr[155.207.144.13]:25: lost connection

    posttls-finger: SSL_connect:before/connect initialization
    ...
    posttls-finger: Untrusted TLS connection established to mailsrv1.ccf.auth.gr[155.207.1.1]:25: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)

    posttls-finger: SSL_connect:before/connect initialization
    ...
    posttls-finger: Untrusted TLS connection established to mailsrv2.ccf.auth.gr[155.207.1.2]:25: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)

> On the older server, I didn't see such errors.

If you want to use TLS with these long past their use-by date
Exchange servers, you need to disable a bunch of unnecessary
ciphers that push RC4 out of the first 64 slots:

    smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5

With that, you'll be able to complete a TLS handshake even with
the first two MX hosts:

    $ for mx in $(dig +short -t mx rc.auth.gr | sort -n | awk '{print $NF}' | sed 's/\.$//')
      do
        posttls-finger -o "tls_medium_cipherlist=$(postconf -hd tls_medium_cipherlist):"'!MD5:!aDSS:!kECDH:!kDH:!SEED:!IDEA:!RC2:!RC5' -c -lmay -Lsummary "[$mx]"
      done
    posttls-finger: Untrusted TLS connection established to rcs12.rc.auth.gr[155.207.51.12]:25: TLSv1 with cipher RC4-SHA (128/128 bits)
    posttls-finger: Untrusted TLS connection established to rcs13.rc.auth.gr[155.207.144.13]:25: TLSv1 with cipher RC4-SHA (128/128 bits)
    posttls-finger: Untrusted TLS connection established to mailsrv1.ccf.auth.gr[155.207.1.1]:25: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)
    posttls-finger: Untrusted TLS connection established to mailsrv2.ccf.auth.gr[155.207.1.2]:25: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)

Disabling the above cipher classes is harmless, they should not be
needed in practice.  This is only needed for TLS with an increasingly
rare set of peer servers, those still stuck running long unsupported
14-year old Windows software.  With a bit of luck these will be
replaced some day soon, they probably have multiple unpatched security
issues.

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: TLS Handshake Problems

Nikolaos Milas
On 28/11/2017 9:57 μμ, Viktor Dukhovni wrote:

> This is expected.
> ...

Thank you Viktor for the detailed analysis and for your time.

I appreciate it very much.

All the best,
Nick