On Mon, May 25, 2015 at 02:35:38PM +0200, DTNX Postmaster wrote:
> No, not for submission, where clients will submit their authentication
> details, allowing them to bypass most of the restrictions that are in
> place for MTA to MTA communication.
No, even for the MSA, disable all the deprecated choices that are
no longer used by your clients, and by all means preempt the client
cipher preference. However, among sufficiently modern ciphersuites,
do not explicitly hard-code ad-hoc cipherlists. There's no need
to lock out future progress. Disable "export" and "low" and possibly
"RC4" if you can get away with that now (otherwise plan to do that
later).
However, DO NOT freeze today's list of strong ciphers into your
configuration. This is likely to stay that way until the next
crisis, and in the mean time not take advantage of progress with
new bulk ciphers and ECDH curves, ...
We're no going to agree on this, and Postfix deliberately discourages
delving down to the level of OpenSSL cipherlist specs, which are
are rather subtle interface that many users don't understand and
mistconfigure.
Work with Postfix ciphergrades, modulo sensible exclusions. This
interface can be understood by mortals. Set a floor, and add
excluions to handle interop issues.
Thus for the MSA
master.cf:
587 inet ... smtpd
-o tls_preempt_cipherlist=yes
-o smtpd_tls_ciphers=$msa_tls_ciphers
-o smtpd_tls_exclude_ciphers=$msa_tls_exclude_ciphers
-o smtpd_tls_protocols=$msa_tls_protocols
-o smtpd_tls_dh1024_param_file=$msa_tls_dh1024_param_file
main.cf:
msa_tls_ciphers = medium
# Adjust as necessary:
msa_tls_exclude_ciphers = MD5, RC4, 3DES
msa_tls_protocols = !SSLv2, !SSLv3
# See FORWARD_SECRECY_README
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
Notice the complete lack of an explicit cipherlist, while weak
options are disabled. Choosing explicit strong ciphers is unnecessary,
error prone and locks in choices that become stale over time.
--
Viktor.
