On Mon, Aug 03, 2020 at 03:25:22PM -0700, Asai wrote:
> In trying to upstep our general security, we're trying to implement some
> of the recommendations on this list:
> https://access.redhat.com/articles/1468593
>
> It seems like the bulk of this is in raising the encryption on SMTP
> delivery.
You should be more explicit about whether you're asking about incoming
mail or outgoing mail. But you mentioned iOS clients, I will assume
you're only asking about inbound submission.
> One question I have is, if we implement some of these settings like,
> tls_auth_only, or tls_mandatory_protocls to exclude SSLv2 and SSLv3 will
> this break iOS (or any other) mobile operability?
- Yes, SASL auth should only be offered via STARTLS and only port 587
(and if applicable also 465).
- Yes, clients that were misconfigured to not use TLS might then not be
able to submit email, but they need to be configured correctly, rather
than neglected.
- Yes, on the *submission* ports serving mail clients, you SHOULD
disable all TLS versions older than TLSv1.2. This may break
some rather dated versions of Outlook. These should be upgraded,
rather than neglected. I would not expect any issues with iOS.
> Or, does anyone have any better general guidelines for hardening Postfix?
Be judicious, excessive hardening is often counterproductive. The
documentation and default settings are your best guides, more so that
something some guy said on the Internet.
On Thu, Aug 06, 2020 at 01:14:35AM +0200, Benny Pedersen wrote:
> > Thanks for your reply. We are already doing that. The main question
> > is just what will break if we allow TLS only. Do you have any
> > experience with this?
>
> nothing will break if TLSv1.1 is disabled, so end result is to not
> support SSLv2, SSLv3, TLSv1.1, all enabled is then TLSv1 and TLSv1.2
This is true inbound, but NOT true outbound, when you disable SSLv2,
SSLv3 and TLSv1.1, *all* you're left with is TLSv1. The TLS client
(Postfix outbound SMTP delivery agent) protocol range needs to be
contiguous. DO NOT "punch holes" in the protocol list.
Do NOT disable TLSv1.1 (even though largely unused, it does no harm, and
is not worse than TLSv1) unless you also disable all the older versions,
leaving only TLSv1.2 (and TLSv1.3 if your OpenSSL runtime is new
enough).
--
Viktor.
