Am 06.11.2014 um 17:00 schrieb Wietse Venema: > Otherwise, Postfix will use plaintext when the server does not > announce STARTTLS, or when the server announces STARTTLS but TLS > does not work for any reason.
Thank you, that (together with Victors answer below) answers my questions. > There currently is a draft design that gives more control. > > To give a very simple example: > > TLS without fallback: > > tls_security_levels = encrypt, none > > This uses plaintext only if the server does not announce STARTTLS. Sounds like an interesting idea. Great that you work on it. Am 06.11.2014 um 16:22 schrieb Viktor Dukhovni: > Opportunistic TLS in MTAs is vulnerable to active attack I am aware of that. > The Postfix SMTP client does not implement ANY fallback logic from > a higher TLS *protocol version* to a lower *protocol version*, nor > in fact makes two TLS handshake attempts with the same server for > any reason. As there is no "downgrade dance", it is of course clear that there should be no errors in connection with SCSV. Thank you for the explanation. Even though opportunistic TLS is inherently vulnerable to MITM I was just wondering if it could be addressed if something suspicious like that pops up on the server side. But the approach outlined by Wietse above is a cleaner approach than programming an exception just for this error. > Please post more detailed logging for this. Was this logged by > your postfix/smtpd SMTP server or by the postfix/smtp SMTP client? > Any idea what software the other end was using? ... > Logged by postfix SMTP server (I redacted specific system information): Nov 4 09:00:44 mailserver postfix/smtpd[5708]: connect from postur.example.com[93.184.216.119] Nov 4 09:00:44 mailserver postfix/smtpd[5708]: SSL_accept error from postur.example.com[93.184.216.119]: -1 Nov 4 09:00:44 mailserver postfix/smtpd[5708]: warning: TLS library problem: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback:ssl_lib.c:1505: Nov 4 09:00:44 mailserver postfix/smtpd[5708]: lost connection after STARTTLS from postur.example.com[93.184.216.119] Nov 4 09:00:44 mailserver postfix/smtpd[5708]: disconnect from postur.example.com[93.184.216.119] ... and he comes back: Nov 4 09:00:45 mailserver postfix/smtpd[5725]: connect from postur.example.com[93.184.216.119] Nov 4 09:00:58 mailserver postfix/policyd-weight[52317]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 CL_IP_EQ_FROM_MX=-3.1; etc... They use Kerio Connect 8.4.0 RC 1. According to Wikipedia (couldn't find any version information on their website): 8.3.4 OpenSSL library upgraded to version 1.0.1j to prevent MITM protocol downgrade to insecure SSL 3.0 protocol Lars ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------ Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------
