On 5/23/2015 10:01 AM, Grant wrote:
> Currently I have the following in main.cf:
>
> smtp_tls_exclude_ciphers = aNULL
> smtpd_tls_exclude_ciphers = aNULL
>
> According to weakdh.org/sysadmin.html, I should have this:
>
> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
> aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA
> smtpd_tls_dh1024_param_file = ${config_directory}/dhparams.pem
>
> Do I open myself to potential compatibility problems by making this change?
Note the "logjam" exploit requires a man-in-the-middle, which for a
server usually means a government-level attack. Seems like an SMTP
downgrade (and recorded in the log) is the least of your worries.
Yes. Older systems, particularly Exchange 2003, may not be able to
send you mail. Unfortunately, many companies are very slow
upgrading mail servers.
OTOH, these are fine main.cf override settings for your submission
service to protect your users that may be connecting via unsecured wifi.
>
> Should I make this change for smtp_tls_exclude_ciphers as well?
If you decide to use this setting for smtpd, it makes sense to use
it for both.
If the TLS handshake fails due to no common ciphers, postfix will
resend in plain text.
Current recommendations (From Viktor)
# Avoid "export" and "low" cipher suites.
#
smtp_tls_ciphers = medium
smtpd_tls_ciphers = medium
# Avoid obsolete protocol versions
#
smtpd_tls_protocols = !SSLv2, !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
# Avoid Exchange 2003 interop problems, by using only mainstream
ciphers
#
smtp_tls_exclude_ciphers =
#
# Disable MD5, DSA, SRP and PSK, and the "exotic" fixed DH
cipher suites.
#
MD5, aDSS, SRP, PSK, aECDH, aDH,
#
# Also disable the largely unused SEED, IDEA, RC2, RC5, ...
# leaving just AES, CAMELLIA, RC4 and 3DES.
#
SEED, IDEA, RC2, RC5
>
> Should I use the same dhparams.pem file that I use for nginx, or
> generate a new one for postfix?
Generate a new file. All it costs is a couple minutes.
>
> - Grant
>
