On 5/20/2015 10:01 AM, Akimiya wrote:
> Hello,
>
> I want to make a secure but still public mail server and would like to ask
> if the following configuration (in regard of the cryptography used) would be
> alright? I am not too sure about how many servers currently support TLS or
> which security levels in general but I still want to be able to comunicate
> with most of them.
>
> smtpd_tls_mandatory_ciphers = high
> smtp_tls_mandatory_ciphers = high
> smtpd_tls_ciphers = high
> smtp_tls_ciphers = high
Probably better to leave the above at their default of medium. The
connection should negotiate the highest level available. If the
other end doesn't support a high level cipher, you would either get
plaintext or no mail.
> smtp_tls_security_level = may
> smtpd_tls_security_level = may
Yes, required for TLS.
>
> smtp_tls_protocols = !SSLv2, !SSLv3
> smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
> smtpd_tls_protocols = !SSLv2, !SSLv3
> smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
OK.
>
> smtp_tls_exclude_ciphers = aNULL, DES, RC4, MD5
> smtpd_tls_exclude_ciphers = aNULL, DES, RC4, MD5
> #hope this is enough since it is also added to the mandatory exclusions
> smtp_tls_exclude_ciphers = aNULL, DES, RC4, MD5
> smtpd_tls_exclude_ciphers = aNULL, DES, RC4, MD5
The above will prevent communication with some servers, particularly
old Exchange servers.
The current recommendation is
smtp_tls_exclude_ciphers =
MD5, SRP, PSK, aDSS, kECDH, kDH,
SEED, IDEA, RC2, RC5
smtpd_tls_exclude_ciphers = LOW, EXPORT, MD5
which should give maximum compatibility and reasonable security. If
you try to get too fancy you'll break interoperability for large
parts of the internet.
>
> Also what happens with the upper configuration if the other server does not
> support these standards?
When sending mail, postfix will attempt to reconnected via plain
text, but this is somewhat dependent on "how" TLS fails.
When receiving mail, you're dependent of the other end's ability to
fall back to plain text -- most likely you'll get no mail.
> If I understood it correctly the
> smtp(d)_tls_security_level = may option will jump back on even Plain Text if
> needed. But wouldn't that mean that if I could have gotten at least e.g. RC4
> instead of the Plain Text that it would have been better to not disable
> them? So what is the most secure configuration then without loosing too much
> compatibility with other *common* mail servers? (I'm kind of sure that there
> is no perfect solution but hope at least for opinions)
We're talking about opportunistic encryption; "any" is better than
"none", so the goal is to support the best widely-deployed ciphers.
Don't worry too much about someone intentionally using a weak
cipher since they could always just send in plain text.
If you've set up a secure channel to a trusted
peer/customer/partner, then you probably want the connection to fail
rather than use plaintext or weak encryption. That's controlled by
the *_mandatory_* settings.
http://www.postfix.org/TLS_README.html
>
> Background: It is for a security oriented company, with pretty high security
> standards BUT I also don't want any emails to get lost with this
> configuration. Is there some compromise in sight?
>
> I am also curious what the best options are for smtpd_recipient_restrictions
> as well as for sender and helo. I can post my main.cf with more details if
> needed.
That's kind of an open question depending on your goals. General
rules are:
- reject unknown recipients during SMTP (don't accept and bounce)
- use postscreen to reject zombies and known bad hosts
http://www.postfix.org/POSTSCREEN_README.html
-- Noel Jones
