On Thu, Apr 30, 2015 at 08:28:21PM -0700, Tom Johnson wrote:
> > That aside, even with the "wrong" MX host, I still get successful
> > connections. Perhaps you're behind some sort of firewall that
> > proxies TLS and disconnects when it does not like the peer certificate:
> >
> > $ posttls-finger -c -Ldebug "[mail.mlmatthews.com]"
> > posttls-finger: Untrusted TLS connection established to \
> > mail.mlmatthews.com[23.25.38.217]:25: TLSv1 with cipher RC4-MD5 (128/128
> > bits)
Notice I that with posttls-finger I'm connecting with "RC4-MD5",
when I disable RC4, I get connection problems.
> Yes, that's what's strange. I get the same result with posttls-finger.
Same, as in success with RC4? Have you disabled RC4? Or otherwise
changed the cipher-suite or procotol controls? Post the output of:
$ postconf -n | grep '^smtp_tls'
> I've also tried this, which works fine:
>
> # openssl s_client -starttls smtp -connect mail.mlmatthews.com:25
> Cipher : RC4-SHA
RC4-SHA this time.
> But postfix consistently gets those errors:
Postfix offers more ciphers when the security level is "may". When
I explicitly set the "posttls-finger" security level to "may". I
see your symptoms:
$ posttls-finger -c -lmay -o 'tls_medium_cipherlist=ALL:+RC4:@STRENGTH'
-Ldebug "[mail.mlmatthews.com]"
posttls-finger: initializing the client-side TLS engine
posttls-finger: setting up TLS connection to
mail.mlmatthews.com[23.25.38.217]:25
posttls-finger: mail.mlmatthews.com[23.25.38.217]:25: TLS cipher list
"ALL:+RC4:@STRENGTH:!eNULL"
posttls-finger: SSL_connect:before/connect initialization
posttls-finger: SSL_connect:SSLv2/v3 write client hello A
posttls-finger: SSL_connect error to mail.mlmatthews.com[23.25.38.217]:25:
lost connection
This is indeed an Exchange 2003 server which only supports RC4 and
a broken 3DES, but you must have a sufficiently recent OpenSSL
version where even 3DES (re-rated at 112-bit) is not in the first
64 cipherlist elements, and so the handshake fails early.
For this server, you need a more "compact" cipherlist as a work-around.
smtp_tls_exclude_ciphers =
#
# Disable MD5, DSA, SRP and PSK, and the "exotic" fixed DH
cipher suites.
#
MD5, SRP, PSK, aDSS, kECDH, kDH,
#
# Disable 256-bit ciphers, 128-bit is for now quite strong
enough.
# Also disable the largely unused SEED, IDEA, RC2, RC5, ...
# leaving just AES128, CAMELLIA128, RC4 and 3DES.
#
AES256, CAMELLIA256, SEED, IDEA, RC2, RC5
This is does not noticeably impact the security of connections to
other sites, but enables communication with Exchange 2003 servers
(it is rather sad that folks are still using these), without having
to configure a separate policy for each such site.
--
Viktor.
