Dear Postfix folks,
With Postfix 3.6.0-RC1 and
# postconf -n smtp_tls_security_level
smtp_tls_security_level = dane
the Postfix SMTP client logs several untrusted TLS connections for hosts
with a good TLS certificate setup.
It’s mainly German research organizations using the DFN-MailSupport, but
also the ones using the SMTP servers of bund.de.
postfix/smtp[27147]: Untrusted TLS connection established to
mx1.bund.de[77.87.224.131]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (4096 bits) server-digest SHA256
postfix/smtp[27147]: XXXXXXXXXXXXX: to=<x...@rki.de>,
relay=mx1.bund.de[77.87.224.131]:25, delay=0.29,
delays=0.04/0/0.07/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as
XXXsomehash)
posttls-finger works with level `verify`:
$ posttls-finger -c -l verify -P /etc/ssl/certs rki.de
posttls-finger: mx1.bund.de[77.87.224.131]:25: matched peername:
mx1.bund.de
posttls-finger: mx1.bund.de[77.87.224.131]:25:
subject_CN=mx1.bund.de, issuer_CN=TeleSec ServerPass Class 2 CA,
fingerprint=22:71:E5:D4:DB:06:07:74:0B:C5:D4:F9:7C:39:C1:C9,
pkey_fingerprint=39:6E:16:A6:B6:42:14:9A:64:07:D2:E0:F6:B1:86:CF
posttls-finger: Verified TLS connection established to
mx1.bund.de[77.87.224.131]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (4096 bits) server-digest SHA256
After a while of head scratching, I thought it might have to do with the
SMTP servers publishing TLSA records, but the domain in the email
address does not support DNSSEC.
Testing with level `dane` it indeed does mark the TLS connection as
untrusted:
$ posttls-finger -c -l dane -P /etc/ssl/certs rki.de
posttls-finger: MX RRset insecure: log verified as trusted
posttls-finger: mx1.bund.de[77.87.224.131]:25: Matched DANE EE
certificate at depth 0: 3 0 1
2E5543C7522EDC151C65602F4541DC14D66182B49EA687EE9EFA2F6E3990186E
posttls-finger: mx1.bund.de[77.87.224.131]:25:
subject_CN=mx1.bund.de, issuer_CN=TeleSec ServerPass Class 2 CA,
fingerprint=22:71:E5:D4:DB:06:07:74:0B:C5:D4:F9:7C:39:C1:C9,
pkey_fingerprint=39:6E:16:A6:B6:42:14:9A:64:07:D2:E0:F6:B1:86:CF
posttls-finger: Untrusted TLS connection established to
mx1.bund.de[77.87.224.131]:25: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519
server-signature RSA-PSS (4096 bits) server-digest SHA256
My naive assumption would have been, if no DNSSEC is set up for the
domain in the email address, that DANE would not be tried. The
DANE SMTP Validator [1] seems to use that ordering too.
Do you have suggestions how to deal with this issue?
Kind regards,
Paul
[1]: https://dane.sys4.de/
PS: Best would be, if the operators would set up DNSSEC, but
unfortunately, my attempts to convince them has been unsuccessful so far.
PPS: Postfix log for helmholtz-muenchen.de with `smtp_tls_loglevel=2`:
```
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]: setting up TLS
connection to c1491.mx.srv.dfn.de[194.95.238.86]:25
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
c1491.mx.srv.dfn.de[194.95.238.86]:25: TLS cipher list
"aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH:!RC4:!aNULL:!aNULL"
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
c1491.mx.srv.dfn.de[194.95.238.86]:25: SNI hostname: c1491.mx.srv.dfn.de
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]: SSL_connect:before
SSL initialization
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS write client hello
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS write client hello
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS read server hello
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS write change cipher spec
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS write client hello
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS write client hello
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS read server hello
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]: SSL_connect:TLSv1.3
read encrypted extensions
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
c1491.mx.srv.dfn.de[194.95.238.86]:25: depth=0 verify=1
subject=/C=DE/ST=Berlin/O=Verein zur F\xC3\xB6rderung eines Deutschen
Forschungsnetzes DFN-Verein/CN=mx
.srv.dfn.de
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS read server certificate
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]: SSL_connect:TLSv1.3
read server certificate verify
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS read finished
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS write finished
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
c1491.mx.srv.dfn.de[194.95.238.86]:25: Matched DANE EE certificate at
depth 0: 3 0 1
B85BD6FA275E5DE5748964BFBEBA198836ABAE5D6BF51A7D75756F888B3C08E7
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
c1491.mx.srv.dfn.de[194.95.238.86]:25: subject_CN=mx.srv.dfn.de,
issuer_CN=GEANT OV RSA CA 4,
fingerprint=67:AA:4B:C1:2C:4B:AF:BA:82:12:A9:0E:E5:50:74:C3, pkey
_fingerprint=98:E4:A8:E2:4C:C4:CA:3E:12:D8:77:B4:5C:4A:31:1B
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]: Untrusted TLS
connection established to c1491.mx.srv.dfn.de[194.95.238.86]:25: TLSv1.3
with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-
384) server-signature RSA-PSS (4096 bits) server-digest SHA256
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]: SSL_connect:SSL
negotiation finished successfully
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]: SSL_connect:SSL
negotiation finished successfully
2022-11-21T16:27:13+01:00 tldr postfix/smtp[10759]:
SSL_connect:SSLv3/TLS read server session ticket
```
