> On Aug 14, 2018, at 11:05 PM, robac...@fastmail.us wrote:
>
> (2)
>
> Is it time -- in the real-world -- to force STARTTLS yet?
Google reports ~90% of email (volume) inbound/outbound to Gmail uses TLS.
That 10% by volume is probably a larger fraction by count of destination
domains. STARTTLS is now typical, but not yet nearly universal.
> What's the current advice for MTA-STS vs MTA-DANE? Which should we implement?
DANE is ready for adoption, with multiple fielded implementations and many
(312 thousand inbound plus some large ones still outbound only) live domains.
Outbound DANE is simple. Make sure you have a DNSSEC-validating resolver
running locally on the MTA (it can forward queries to an upstream cache
if you like), and set:
main.cf:
smtp_tls_security_level = dane
smtp_dns_support_level = dnssec
/etc/resolv.conf
# DNSSEC AD-bit only secure from loopback servers
# DO NOT list any remote servers here.
nameserver 127.0.0.1
If DNSSEC is not a major barrier for you, please consider
inbound DANE, but don't do it as a fashion statement, there are operational
requirements that must not be ignored. In particular your certificate
rotation needs to be coördinated correctly with TLSA record updates. The
two best strategies I've identified are explained in my ICANN61 talk slides
(and audio). See:
https://dane.sys4.de/common_mistakes
http://imrryr.org/~viktor/ICANN61-viktor.pdf
http://imrryr.org/~viktor/icann61-viktor.mp3
Postfix does not presently support MTA-STS outbound. MTA-STS inbound
does not involve Postfix, you just need to operate a suitably configured
web service at "mta-sts.example.com" (replace example.com with your domain),
and publish an _mta-sts.example.com TXT record that changes whenever (shortly
after) your MTA-STS policy changes. And of course you'll need certificates
from some suitably widely trusted public CA.
> (3)
>
> The TLS 1.3 has been officially released. I guess there will be a release of
> OpenSSL 1.1.1
> that has it coming pretty soon.
Likely some time in September.
> What if anything should we be doing with Postfix and TLS 1.3?
Nothing at present.
> I'm guessing it will be ABLE to use it.
It will be negotiated automatically if both ends support it, once you
deploy Postfix linked with OpenSSL 1.1.1. That said, best to not do
that yet. Let the browsers and web servers shake out the bugs. There
is are few compelling improvements in TLS 1.3 for SMTP, and some potential
interoperability issues.
I'd also like to fine-tune some session ticket-related issues in Postfix
for TLS 1.3, if all goes well in Postfix 3.4 coming out in 2019. Time
to start getting that into snapshots...
--
Viktor.
