Hi Viktor,
> On Oct 20, 2017, at 6:14 PM, Viktor Dukhovni <[email protected]>
> wrote:
>
>> In the documentation I have noted that even if STARTTLS is enabled, mail
>> delivery will not be stopped even if the certificate at the other server
>> is invalid or is a self-signed certificate. As such, TLS encryption is
>> used but authentication of the remote server does not happen.
>
> Now you've switched to talking to about outbound mail (delivery from
> your system to other systems).
Oops. You are totally right - that terminology came from the smtp section of
the Postfix doc’s as it was the last section I read yesterday.
>> I have noticed in my logs today an entry:
>>
>> postfix/smtpd[1234]: Untrusted TLS connection established from
>> example.com[1.2.3.4]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256
>> bits)
>>
>> ...where example.com is not the real server name.
>
> And now you're looking at inbound mail again, and it seems that you've
> enabled receipt of client certificates, which is generally not a good
> idea on port 25 (the default is smtpd_tls_ask_ccert = no).
Yes, I checked my main.cf and saw I had smtpd_tls_ask_ccert = yes. I have
since corrected it.
>> When smtpd parsed the certificate before this log entry, I noticed that
>> the subject_CN of the certificate is the same as the issuer - for example:
>>
>> subject_CN=example
>> issuer=example
>>
>> ...where example is not a FQDN but the hostname of the remote server.
>> There is also no references to certificate authorities.
>
> Perfectly normal even for receiving server, but escpecially for SMTP
> client certificates CA-issued names are not especially meaningful.
> What would you do differently on port 25 when receiving inbound mail
> from a client with a given certificate?
Ok. So the certificate that smtpd was presented with was a CLIENT certificate
in this case. Was I right that it was a self-signed certificate ?
>> I am wondering two things:
>>
>> [1] Am I correct that the remote server has not been authenticated but
>> has used encryption ?
>
> The transmission channel is encrypted all the way from the remote
> server to any TLS man in the middle attacker, and again all the
> way from the man in the middle attacker to you. :-)
Ahhhhhh!
Just kidding - I am more concerned with passive wiretaps, as you mention below.
> More seriously, the channel is immune to passive wiretaps, but
> unless the client authenticated your server somehow, and would
> not have continued sans authenticated TLS, MiTM attacks cannot
> be excluded.
>
>> [2] Is it not authenticated in this case because the remote server
>> appears to be a self-signed certificate ?
Ok. In the context of smtpd (receiving mail), I note three states in the log:
Authenticated TLS ...
Untrusted TLS ...
Anonymous TLS ...
I am pretty sure what most of those are referring to, but not totally sure.
Thanks again,
- J
