Mailing List Archive

SSL forcing
ow can I force e-mail from the Internet At large to be only accepted
if and only if done by SSL/TLS methods?

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Australia avoiding voting for any Republican Candidates on 19 May 2019

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On 19/05/2019 14:31, The Doctor via Exim-users wrote:
> ow can I force e-mail from the Internet At large to be only accepted
> if and only if done by SSL/TLS methods?

ACL condition "encrypted".

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
Am 19.05.19 um 15:42 schrieb Jeremy Harris via Exim-users:
> On 19/05/2019 14:31, The Doctor via Exim-users wrote:
>> ow can I force e-mail from the Internet At large to be only accepted
>> if and only if done by SSL/TLS methods?
> ACL condition "encrypted".
>

Problem is, that even if tls_1.2 is out since 2008, a communication
partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
you will accept i

It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
and reject anything not 1.2 or 1.3.

If your in the EU, you need to consider this, as  §32 EU GDPR  states
"the used technique(Encryption) to proctect the transport of personal
data has to be state of the art" aka TLS 1.2 or 1.3 .


best regards,
Marius

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On Sun, 19 May 2019, The Doctor via Exim-users wrote:

> How can I force e-mail from the Internet At large to be only accepted
> if and only if done by SSL/TLS methods?

Jeremy suggested
ACL condition "encrypted"

Can I ask a supplementary question ?

TLS v1.0 and v1.1 are on the way out for https*;
how did you decide which versions to allow for mail ?

If you use the same certificate for smtp and pop, imap and/or https webmail
then using an old protocol leaves you open to cross-protocol downgrade
attacks (like DROWN but tls instead of ssl).

On the other hand, I see more effort put into updating encryption for web
than for mail.

* eg https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/

Thanks,

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On 19/05/2019 18:00, Cyborg via Exim-users wrote:
> Problem is, that even if tls_1.2 is out since 2008, a communication
> partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
> you will accept i
>
> It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
> and reject anything not 1.2 or 1.3.

If you are concerned about TLS versions, the easiest configuration
is using tls_require_ciphers (for GnuTLS, where it is a GnuTLS priority
string) or openssl_options (for OpenSSL).

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
> On May 19, 2019, at 1:00 PM, Cyborg via Exim-users <exim-users@exim.org> wrote:
>
> Problem is, that even if tls_1.2 is out since 2008, a communication
> partner may use SSLv3 or TLS 1.0/1.1 and using just "encrypted = *" ,
> you will accept it.

My advice is to avoid knee-jerk reactions to mostly HTTP-related
risks in SSL/TLS and adopt a crypto-maximalist posture with SMTP.

Unlike interactive web browsing, MTA-to-MTA SMTP has no user to
"click OK" when an unimportant site they're visiting (today's
weather, not their bank) has no SSL, an expired certificate, ...

Since LOGJAM and DROWN, the SMTP MTA "ecosystem" has moved on
from "export" ciphers and SSL2/SSL3. You can now without loss
of interoperability expect at least 128-bit ciphers and TLS 1.0.
Which are adequate for SMTP, and better than cleartext. I am
not aware of any cross-protocol attacks against TLS 1.2 via
servers that use the same certificate with TLS 1.0/1.1. And
you really don't have to and shouldn't use the same certificate
across multiple unrelated services.

> It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
> and reject anything not 1.2 or 1.3.
>
> If your in the EU, you need to consider this, as §32 EU GDPR states
> "the used technique(Encryption) to proctect the transport of personal
> data has to be state of the art" aka TLS 1.2 or 1.3 .

From the Gmail transparency report:

https://transparencyreport.google.com/safer-email/overview

we that some ~10% of email traffic is presently cleartext (not
even TLS 1.0). Some major sources and destinations that never
or only sometimes use TLS are:

Top domains (World): Inbound

Domain %
From: adobe.com via adobesystems.com 87%
From: aliexpress.com via alibaba.com 0%
From: cmail19.com via createsend.com 92%
From: cmail20.com via createsend.com 91%
From: costco.com 0%
From: cuenote.jp 90%
From: emergencyemail.org 0%
From: infusionmail.com 95%
From: secureserver.net 59%
From: timesjobs.com via tbsl.in 0%

Top domains (World): Outbound

Domain %
To: alice.it via aliceposta.it 0%
To: amazon.{...} 60%
To: bigpond.com 0%
To: btinternet.com via cpcloud.co.uk 0%
To: docomo.ne.jp 0%
To: ezweb.ne.jp 0%
To: nauta.cu via etecsa.net 0%
To: softbank.jp 0%
To: uol.com.br 0%
To: yahoo.co.jp 0%


For Europe the top non-TLS peers are:

Top domains (Europe): Inbound

Domain %
From: adidas.com via neolane.net 92%
From: bebee.com 0%
From: bloglovin.com 0%
From: gog.com 27%
From: kuponya.net 0%
From: mail-cdiscount.com 0%
From: meetic.com 87%
From: radar-de-novidades.com 0%
From: seniorplanet.fr 0%
From: useinsider.com 44%

Top domains (Europe): Outbound

Domain %
To: alice.it via aliceposta.it 0%
To: amazon.{...} 0%
To: btinternet.com via cpcloud.co.uk 0%
To: istruzione.it 0%
To: leboncoin.fr 0%
To: pole-emploi.net via prosodie.com 0%
To: sch.gr 0%
To: t-online.hu 0%
To: tin.it 0%
To: tiscali.it 0%

--
Viktor.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
Am 19.05.19 um 19:24 schrieb Jeremy Harris via Exim-users:
> On 19/05/2019 18:00, Cyborg via Exim-users wrote:
>> Problem is, that even if tls_1.2 is out since 2008, a communication
>> partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
>> you will accept i
>>
>> It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
>> and reject anything not 1.2 or 1.3.
> If you are concerned about TLS versions, the easiest configuration
> is using tls_require_ciphers (for GnuTLS, where it is a GnuTLS priority
> string) or openssl_options (for OpenSSL).
>
... and here reality kicks in :D  Let me explain ...

If you disable TLS < 1.2 for any tls host you get in contact with,
you may end with some important, but unfortunately created by
dump&dumper Corp (i.e. citrix),
and therefor without a working tls 1.2 or better mta equipped server,
which does not
transport personal, but vital system data.

Which sums up @ : we wanne check tls 1.2+ for "normal" connections, but
may need to receive tls < 1.2
for some special servers, but don't wanne make special cases in the
config file. We i.e. have the switches in
a db on a per case schema.

Am 19.05.19 um 19:13 schrieb Andrew C Aitchison via Exim-users:


/TLS v1.0 and v1.1 are on the way out for https*; //
//how did you decide which versions to allow for mail ? /

deny condition = ${if eq{${substr_0_7:$tls_cipher}}{TLSv1.2} {0}{1}}

ofcourse you need one for 1.3 too .


/If you use the same certificate for smtp and pop, imap and/or https
webmail //
//then using an old protocol leaves you open to cross-protocol
downgrade attacks (like DROWN but tls instead of ssl). //

/

Certs are not bound to protocols.

///
//On the other hand, I see more effort put into updating encryption
for web than for mail. //
/

Not really, it's basically the same.


best regards,
Marius


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On May 19, Jeremy Harris via Exim-users wrote
> On 19/05/2019 18:00, Cyborg via Exim-users wrote:
> > Problem is, that even if tls_1.2 is out since 2008, a communication
> > partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
> > you will accept i
> >
> > It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
> > and reject anything not 1.2 or 1.3.
>
> If you are concerned about TLS versions, the easiest configuration
> is using tls_require_ciphers (for GnuTLS, where it is a GnuTLS priority
> string) or openssl_options (for OpenSSL).

I added +tls_cipher to log_selector which adds an X= entry to the log
file entries for inbound TLS connections. In my case (for a low volume
personal mailserver which I enjoy spending *far* too much time
maintaining) I get this:

# egrep -o 'X=TLS[^ ]+' /var/log/exim4/mainlog | sort | uniq -c | sort -n | tail
82 X=TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128
167 X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256
272 X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256
289 X=TLS1.2:ECDHE_ECDSA_AES_128_CBC_SHA256:128
296 X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256
466 X=TLS1.2:ECDHE_ECDSA_CHACHA20_POLY1305:256
691 X=TLS1.2:ECDHE_ECDSA_AES_256_GCM_SHA384:256
727 X=TLS1.2:ECDHE_ECDSA_AES_128_GCM_SHA256:128
1053 X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
15878 X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256

Sadly I want to continue to receive some of those TLS1.0 inbound
connections. One of them is from the OWASP CRS mailing list. Of all
people!

HTH

Richard

--
junix.systems/privacy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
Am 19.05.19 um 20:17 schrieb Richard Jones via Exim-users:
> # egrep -o 'X=TLS[^ ]+' /var/log/exim4/mainlog | sort | uniq -c | sort
> -n | tail
> 82 X=TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128
> 167 X=TLS1.2:DHE_RSA_AES_256_GCM_SHA384:256
> 272 X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256
> 289 X=TLS1.2:ECDHE_ECDSA_AES_128_CBC_SHA256:128
> 296 X=TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256
> 466 X=TLS1.2:ECDHE_ECDSA_CHACHA20_POLY1305:256
> 691 X=TLS1.2:ECDHE_ECDSA_AES_256_GCM_SHA384:256
> 727 X=TLS1.2:ECDHE_ECDSA_AES_128_GCM_SHA256:128
> 1053 X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128
> 15878 X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
>
> Sadly I want to continue to receive some of those TLS1.0 inbound
> connections. One of them is from the OWASP CRS mailing list. Of all
> people!

You have no idea whos mailserver used TLS 1.1 in 2018: The Germany
Federal Security Agency :D

And tons of other update denier :D

Best regards,
Marius




--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On 19/05/2019 19:12, Cyborg via Exim-users wrote:
> Am 19.05.19 um 19:24 schrieb Jeremy Harris via Exim-users:
>> On 19/05/2019 18:00, Cyborg via Exim-users wrote:
>>> Problem is, that even if tls_1.2 is out since 2008, a communication
>>> partner may use SSLv3 or TLS 1.0/1.1 and  using just "encrypted = *" ,
>>> you will accept i
>>>
>>> It's better to check the protocol via $tls_cipher for tls 1.2 and 1.3 ,
>>> and reject anything not 1.2 or 1.3.
>> If you are concerned about TLS versions, the easiest configuration
>> is using tls_require_ciphers (for GnuTLS, where it is a GnuTLS priority
>> string) or openssl_options (for OpenSSL).
>>
> ... and here reality kicks in :D  Let me explain ...
>
> If you disable TLS < 1.2 for any tls host you get in contact with,
> you may end with some important, but unfortunately created by
> dump&dumper Corp (i.e. citrix),
> and therefor without a working tls 1.2 or better mta equipped server,
> which does not
> transport personal, but vital system data.
>
> Which sums up @ : we wanne check tls 1.2+ for "normal" connections, but
> may need to receive tls < 1.2
> for some special servers, but don't wanne make special cases in the
> config file. We i.e. have the switches in
> a db on a per case schema.

tls_require_ciphers is expanded, both main and transport versions.
openssl_options is not; anybody interested could raise an RFE.

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On Sun, May 19, 2019 at 02:42:56PM +0100, Jeremy Harris via Exim-users wrote:
> On 19/05/2019 14:31, The Doctor via Exim-users wrote:
> > ow can I force e-mail from the Internet At large to be only accepted
> > if and only if done by SSL/TLS methods?
>
> ACL condition "encrypted".
>

Getting a clue here. Will look up the docs.

> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Australia avoiding voting for any Republican Candidates on 19 May 2019

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On Sun, May 19, 2019 at 01:17:51PM -0600, The Doctor via Exim-users wrote:
> On Sun, May 19, 2019 at 02:42:56PM +0100, Jeremy Harris via Exim-users wrote:
> > On 19/05/2019 14:31, The Doctor via Exim-users wrote:
> > > ow can I force e-mail from the Internet At large to be only accepted
> > > if and only if done by SSL/TLS methods?
> >
> > ACL condition "encrypted".
> >
>
> Getting a clue here. Will look up the docs.
>

Or maybe I should qualify that question.

Using ACL

condition

accept encrypted = *

How does it not affect you localhost

but the rest of the net?

> > --
> > Cheers,
> > Jeremy
> >
> > --
> > ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> > ## Exim details at http://www.exim.org/
> > ## Please use the Wiki with this list - http://wiki.exim.org/
>
> --
> Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
> Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
> https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
> Australia avoiding voting for any Republican Candidates on 19 May 2019
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
https://www.empire.kred/ROOTNK?t=94a1f39b Look at Psalms 14 and 53 on Atheism
Australia avoiding voting for any Republican Candidates on 19 May 2019

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
Am 19.05.19 um 22:42 schrieb The Doctor via Exim-users:
> On Sun, May 19, 2019 at 01:17:51PM -0600, The Doctor via Exim-users wrote:
>> On Sun, May 19, 2019 at 02:42:56PM +0100, Jeremy Harris via Exim-users wrote:
>>> On 19/05/2019 14:31, The Doctor via Exim-users wrote:
>>>> ow can I force e-mail from the Internet At large to be only accepted
>>>> if and only if done by SSL/TLS methods?
>>> ACL condition "encrypted".
>>>
>> Getting a clue here. Will look up the docs.
>>
> Or maybe I should qualify that question.
>
> Using ACL
>
> condition
>
> accept encrypted = *
>
> How does it not affect you localhost
>
> but the rest of the net?

by using a condition like:

     !condition = ${if eq{$sender_host_name}{localhost} {1}}

(if it is not localhost)

Marius

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On Sun, 19 May 2019, Viktor Dukhovni via Exim-users wrote:

> Since LOGJAM and DROWN, the SMTP MTA "ecosystem" has moved on
> from "export" ciphers and SSL2/SSL3. You can now without loss
> of interoperability expect at least 128-bit ciphers and TLS 1.0.
> Which are adequate for SMTP, and better than cleartext. I am
> not aware of any cross-protocol attacks against TLS 1.2 via
> servers that use the same certificate with TLS 1.0/1.1. And
> you really don't have to and shouldn't use the same certificate
> across multiple unrelated services.

Executive summary:
Although it is not immediately obvious, "multiple unrelated services"
describes "email" *on its own*.

When DROWN happened, it took me a long time to figure out why I was
uncomfortable with the advice that it was not essential to drop SSL for SMTP.
Eventually I figured out that the experts were assuming that
{smtp,imap,pop,webmail}.example.org would be used, whereas a small
setup with a single server for SMTP and webmail might use mail.example.org
for both.

I am yet to be convinced that it is unnecessary to spell out that
sharing a hostname for different *email* services has security
implications.

--
Andrew C. Aitchison Cambridge, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On 2019-05-19 at 19:17 +0100, Richard Jones via Exim-users wrote:
> # egrep -o 'X=TLS[^ ]+' /var/log/exim4/mainlog | sort | uniq -c | sort -n | tail

That will include all the outbound, and also all the spammers whom you
ended up rejecting (because yes spammers use TLS nowaways).

$ pcregrep -ho1 '<= .+\b(X=\S+)' mainlog* | sort | uniq -c | sort -nr

These are the ones which matter for inbound TLS.

For me, the only pre-1.2 senders over the past few days are
lists.gnu.org, an anti-spam mailing-list, and the IPv6-Ops mailing-list.

-Phil

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
On 20 May 2019, at 19:22, Phil Pennock via Exim-users <exim-users@exim.org> wrote:
> For me, the only pre-1.2 senders over the past few days are
> lists.gnu.org, an anti-spam mailing-list, and the IPv6-Ops mailing-list.

Looking at the logs at work, in the last 7 days we have more than 700 hosts sending messages inbound still using TLSv1.

Some of these are what we might euphemistically term "corporate partners", which is a little disappointing.

Graeme
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: SSL forcing [ In reply to ]
Am 21.05.19 um 12:54 schrieb Graeme Fowler via Exim-users:
> On 20 May 2019, at 19:22, Phil Pennock via Exim-users <exim-users@exim.org> wrote:
>> For me, the only pre-1.2 senders over the past few days are
>> lists.gnu.org, an anti-spam mailing-list, and the IPv6-Ops mailing-list.
> Looking at the logs at work, in the last 7 days we have more than 700 hosts sending messages inbound still using TLSv1.
>
> Some of these are what we might euphemistically term "corporate partners", which is a little disappointing.
>
> Graeme
Some "Corporations"  answered the Question "Why arn't you using TLS on
your mailserver?" with "Because, all Secrets are exchanged via phone."

Yes!:.. Facepalm!

Best regards,
Marius

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/