In message <20160409230701.5468245.39956....@lazygranch.com> li...@lazygranch.com writes: > > Would a guru comment on my "interpretation" of these documents?
Not a guru but ... > 1) It looks to me that starttls really only protects the path to the > first server. Classic case being sending email over the non-secure > coffee shop wifi. If you are using TLS to port 587 then that is protecting the first hop. If both your MUA (email app) and the MSA (mail submission agent) you are talking to insist on using TLS and have some means to mutually authenticate (such as either a client cert or mutual_auth in postfix on the MSA end), then this is subject to MITM. Postfix does not support validating the client cert (AFAIK - not a guru I said). There is really no name to validate the client cert against, other than the hostname provided in the EHLO. For the MSA that could be useful or the MSA could have a sender to name to validate mapping and CAfile to use. In principle, IMAP servers could do the same. But I don't think there is much demand for that. It would mean getting clients to put certs in the MUA. The point of the article is that unless both ends insist on TLS then MITM is possible. There is a lot of discussion of STARTTLS stripping. There was not discussion of TLS downgrade attacks but those are not as easy as STARTTLS stripping. The focus of the paper was on the use of TLS between the MSA and the MX of the destination domain (an MTA - mail transfer agent). That is usually the next hop. > 2) Mail between Google/yahoo servers will enforce TLS, but other > transit may not? My view of starttls email is this. At best, you > only protect the endpoints. Google, yahoo, and many others offer STARTTLS. None require that you use TLS or check a client cert. > The snail mail analogy is you leave a message in an envelope for the > mail carrier. That message makes it to the post office in the > envelope. As the mail transits between post offices, some of those > non-postal carriers may remove your envelope. The destination post > office, should it find your message lacking an envelope, puts your > message in another envelope, then delivers it. Sort of. More like if each post office always removed the envelope and put your mail in a new one before sending to the next post office, sometime a transparent envelope. > 3) I reviewed the DMARC. All my accounts have functional spf and > dkim. If I set DMARC to quarantine, will my email at least be > delivered? No. I will be held and you (or some email address that is indicated in the DMARC record) will be notified that mail for that domain is held - typically in a daily summary for the domain. > I've looked at dnssec, but it seems like I need a 2nd server to make > it work. If not, can someone provide what they consider a good link on > the topic? You need to sign you domain RRs and then go to your domain registrar and ask that a DS record be added for your domain. In that order. http://www.internetsociety.org/deploy360/dnssec/ http://www.internetsociety.org/deploy360/home/content-providers/dnssec/ http://dnssec-debugger.verisignlabs.com/ https://www.dnssec-tools.org/test/ The last one has a link to a tutorial. Also regarding DANE: http://www.internetsociety.org/deploy360/resources/dane/ http://dane.verisignlabs.com/ https://dane.sys4.de https://dane.sys4.de/common_mistakes > My understanding is only pgp or s/mime has end to end encryption. Correct. SMTP TLS is not end-to-end. Of course to encrypt using pgp or s/mime both ends must support pgp or s/mime which has been a problem. People within various communities of interest use pgp or s/mime (for example, the security community) but use is very sparse. Curtis > > Original Message > > From: Viktor Dukhovni > > Sent: Saturday, April 9, 2016 2:03 PM > > To: postfix-users@postfix.org > > Reply To: postfix-users@postfix.org > > Subject: Re: reality-check on 2016 practical advice re: requiring inbound > > TLS? > > > > On Sat, Apr 09, 2016 at 08:46:54AM -0700, jaso...@mail-central.com wrote: > > > > > I'm setting up mandatory TLS policy for a couple of private client > > > servers, using > > > > > > - smtpd_tls_security_level = may > > > + smtpd_tls_security_level = encrypt > > > > > > I started wondering whether it wouldn't be a bad thing to require > > > ALL email delivered to my server, from anywhere, to use TLS. > > > > Your server, your rules, but be prepared to refuse a lot of legitimate > > email. > > > > https://www.google.com/transparencyreport/saferemail/ > > https://www.ietf.org/proceedings/95/slides/slides-95-irtfopen-1.pdf > > https://www.elie.net/publication/neither-snow-nor-rain-nor-mitm-an-empirical-analysis-of-email-delivery-security > > > > -- > > Viktor.
