On October 13, 2018 12:06:03 AM UTC, pg...@dev-mail.net wrote:
>1st, this is -- for me -- a postix/mail-RELATED security question. But
>if it's too general, I'm happy to take it elsewhere; suggestions as to
>the appropriate forum, if not here, are welcome.
>
>A 'major financial institution', call 'em "FinCo", sends email to users
>on my server that arrives with 'invalid' dkim sig,
>
> dkim=invalid (unsupported algorithm rsa-sha1, 1024-bit rsa key sha1)
> Fri Oct 12 16:18:05 2018 authentication_milter_mx[7045]
> header.d=FINCO.com header.i=@FINCO.com header.b=xxxxxx
> Fri Oct 12 16:18:05 2018 authentication_milter_mx[7045]
>header.a=rsa-sha1 header.s=mail-dkim;
>
>and negotiates TLSv1
>
> postfix/postscreen-internal/smtpd[52027]: Anonymous TLS connection
>established from mta11.FINCO.com[xx.xx.xx.xx]: TLSv1 with cipher
>DHE-RSA-AES256-SHA (256/256 bits)
>
>I know that, generally, uses of TLSv1 & sha1 are, at least,
>fish-slap-worthy -- if not downright fully deprecated.
>
>What I don't know is if, in current practice, either is a concern --
>from viewpoint of general security, standards compliance, etc -- for
>*MAIL* security. Namely, DKIM sig and TLS negotation.
>
> What *IS* the current recommendation on these?
>
> IS it time, yet, to block TLSv1 negotation &/or sha1-signed DKIM sigs
>in mail flow?
>
>Applying blanket blocks for either, in Postfix setup, is trivial
>enough. Just a question for me of wheter it's "safe", or "sensical",
>to do it.
RFC 8301 removes rsa-sha1 from DKIM, so "FinCo" isn't wrong to consider the
signature invalid. It's a bit aggressive for my taste, be it's the receivers
call. The most I might do is ignore the signature. It's definitely not a
reason to block the message.
Scott K
