Mailing List Archive

On 23/03/2023 15:30, Olaf Hopp (SCC) via Exim-users wrote:
> router_A:
>     domains: +domainlist-with-TLS-Domains
>     transport: tlssmtp
> router_B:
>     domains: *
>     transport: smtp
>
> tlssmtp:
>     hosts_require_tls = *
>     driver = smtp
> smtp:
>     driver smtp
>
>
> in reality two routers and transports are much more complicated but almost
> identical. The same is true for the transports.
>
> Is it somehow possible to consolidate this into one router and one transport

allsmtp:
driver = smtp
hosts_require_tls = ${if match_domain{$domain}{+domainlist-with-TLS-Domains} {*}{}}
multi_domain = false

--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 23/03/2023 16:01, Jeremy Harris via Exim-users wrote:
> allsmtp:
>  driver = smtp
>  hosts_require_tls = ${if match_domain{$domain}{+domainlist-with-TLS-Domains} {*}{}}
>  multi_domain = false

Actually, better have
max_rcpt = 1
rather than the multi_domain; I'm not certain that there's coding in
the transport to check for all-same-domain when expanding $domain.

Note that there's a cost here in efficiency, which the separate
routers & transports solution does not have.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 3/23/23 17:19, Jeremy Harris via Exim-users wrote:
> On 23/03/2023 16:01, Jeremy Harris via Exim-users wrote:
>> allsmtp:
>>   driver = smtp
>>   hosts_require_tls = ${if match_domain{$domain}{+domainlist-with-TLS-Domains} {*}{}}
>>   multi_domain = false
>
> Actually, better have
>     max_rcpt = 1
> rather than the multi_domain; I'm not certain that there's coding in
> the transport to check for all-same-domain when expanding $domain.
>
> Note that there's a cost here in efficiency, which the separate
> routers & transports solution does not have.

Hi Jeremy,
thanks a lot for that.
Since this our main router handling ~200k mails per day
the "max_rcpt = 1" sounds a bit too "expensive"
Do you think "multi_domain = false" is not worth for trying ?
Regards, Olaf

--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Dipl.-Geophys. Olaf Hopp

Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe

Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@kit.edu
Web: www.scc.kit.edu

Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe

KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft

On 24/03/2023 12:28, Olaf Hopp (SCC) via Exim-users wrote:
> Do you think "multi_domain = false" is not worth for trying ?
Corrrect.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 3/24/23 13:42, Jeremy Harris via Exim-users wrote:
> On 24/03/2023 12:28, Olaf Hopp (SCC) via Exim-users wrote:
>> Do you think "multi_domain = false" is not worth for trying ?
> Corrrect.

But seems to work:

<= OlafHopp@kit.edu
=> foo@example.com ... X=TLS... example.com is the Domain with "require TLS"
=> bar@foo.org ... (no TLS) Testhost where I disabled TLS
=> one@domain.com ... X=TLS...
-> two@domain.com ... X=TLS... domain.com is a "normal" Domain which offers TLS
Completed

all of them are sent via the same router and transport

Am I missing something ?
Of course, when using "max_recpts = 1" the "->" becomes "=>"

Regards, Olaf

--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Dipl.-Geophys. Olaf Hopp

Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe

Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@kit.edu
Web: www.scc.kit.edu

Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe

KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft

On 24/03/2023 14:45, Olaf Hopp (SCC) via Exim-users wrote:
> Am I missing something ?

The behaviour defined in the docs does not cover your use.
The actual implementation, and behaviour, could change underneath you.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2023-03-23, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
> On 23/03/2023 16:01, Jeremy Harris via Exim-users wrote:
>> allsmtp:
>>  driver = smtp
>>  hosts_require_tls = ${if match_domain{$domain}{+domainlist-with-TLS-Domains} {*}{}}
>>  multi_domain = false
>
> Actually, better have
> max_rcpt = 1
> rather than the multi_domain; I'm not certain that there's coding in
> the transport to check for all-same-domain when expanding $domain.

It did check the last time that I looked, if they do not becomes empty.

--
Jasen.
???????? ????? ???????

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D?a 27. 3. o 10:49 Jasen Betts via Exim-users napísal(a):
> On 2023-03-23, Jeremy Harris via Exim-users <exim-users@exim.org> wrote:
>> rather than the multi_domain; I'm not certain that there's coding in
>> the transport to check for all-same-domain when expanding $domain.
>
> It did check the last time that I looked, if they do not becomes empty.

Docs (4.94) about multi_domain tells exactly:

This is useful if you want to use $domain in an expansion for the
transport, because it is set only when there is a single domain
involved in a remote delivery.

regards

--
Slavko


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Hi Olaf,

I had a similar problem several years ago, but had to ensure TLS in and
TLS out to potentially hundreds of domains so implemented in in our mail
relay servers using a MySQL database:

CREATE TABLE `tls_force_remote_domains` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `domain` varchar(100) NOT NULL,
  `active` tinyint(1) unsigned NOT NULL DEFAULT 0,
  `description` varchar(250) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `domain` (`domain`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8mb4
COLLATE=utf8mb4_general_ci COMMENT='Domains for which TLS must be used
for sending and receiving email'

and domain_lists:

TLS_FORCE_REMOTE_DOMAINS = SELECT domain FROM tls_force_remote_domains
WHERE active=1;
domainlist tls_force_remote_domains = ${lookup
mysql{TLS_FORCE_REMOTE_DOMAINS}{${sg{$value}{\\n}{ : }} }}

TLS_FORCE_LOCAL_DOMAINS = SELECT domain FROM domains WHERE active=1 AND
force_tls=1;
domainlist tls_force_local_domains = ${lookup
mysql{TLS_FORCE_LOCAL_DOMAINS}{${sg{$value}{\\n}{ : }} }}


I put this snippet at the bottom of acl_check_mail:

        #
        # TLS during MAIL command
        #

        #
        # first, log the connection status
        #
        warn    log_message = MAIL: TLS-STATUS Sender
domain=$sender_address_domain Host=$sender_fullhost using TLS
cipher=$tls_in_cipher
                encrypted = *

        warn    log_message = MAIL: TLS-STATUS Sender
domain=$sender_address_domain Host=$sender_fullhost NOT using TLS
                ! encrypted = *

        #
        # second, log if a specific sender domain is in force TLS list
        #
        warn    log_message = MAIL: TLS-REQUIRED Domain
$sender_address_domain requires a TLS connection
                sender_domains = +tls_force_remote_domains

        #
        # next, accept all MAIL commands for which the connection is
encrypted with TLS
        #
        accept  log_message = MAIL: TLS-ACCEPT encrypted session -
cipher=$tls_in_cipher
                encrypted = *

        #
        # now, check for domains that must use TLS and might not be - in
        # which case we should reject
        #
        deny    log_message = MAIL: TLS-REJECT mail from domain
$sender_address_domain requires a TLS connection
                message = TLS encryption required for mail from this domain
                sender_domains = +tls_force_remote_domains
                ! encrypted = *

        #
        # finally, accept everything else without TLS
        #
        accept  log_message = MAIL: NON-TLS-ACCEPT Accept unencrypted
email from: $sender_address host: $sender_fullhost


and made this my last-but-one router:

#
# if the destination domain is in the tls_force_remote_domains list then set
# the transport to remote_smtp_force_tls to force the selection of TLS
#
outbound_force_tls:
        driver = dnslookup
        domains = +tls_force_remote_domains
        transport = remote_smtp_force_tls


before:

#
# if we fall through to here then we're not forcing TLS on a listed domain,
# so do a normal delivery for all non-local domains. This may still use TLS
# if advertised but its not forced.
#
outbound_lookup:
        driver = dnslookup
        domains = ! +local_domains
        transport = remote_smtp
        ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
        no_more


and then this in my transports:

#
# This transport is used for delivering messages over SMTP connections
# where TLS is optional (not forced), so no hosts require TLS (but it may be
# negotiated if the far end advertises STARTTLS) and no cipher suite is
# specified.
#
remote_smtp:
  driver = smtp

#
# This transport is used for delivering messages over SMTP connections
# where TLS is mandatory (forced) with high cipher strength.  NB. this
# transport is selected based on the destination domain, so the hosts that
# at this point the host(s) that require TLS are 'any' (wildcard) because we
# don't care who we're talking to it must use TLS.
#
remote_smtp_force_tls:
  driver = smtp
  hosts_require_tls = *
  hosts_try_fastopen = !*.l.google.com
  tls_require_ciphers = HIGH:!SRP:!PSK:!SHA:@STRENGTH


My approach is a bit long-winded and not condensed as you ask, but it
lets me control forced TLS in either direction (if I want to) with only
a minor tweek and I don't case too much about what is under the hood as
I simply add or remove domains to/from the "tls_force_remote_domains"
MySQL table and Exim and this config takes care of it.


Mike




On 23/03/2023 15:30, Olaf Hopp (SCC) via Exim-users wrote:
> Hi,
> for legal reasons I have a list of domains, where I *must* send via TLS
> Currently, I have two routers and transports:
>
> router_A:
>     domains: +domainlist-with-TLS-Domains
>     transport: tlssmtp
> router_B:
>     domains: *
>     transport: smtp
>
> tlssmtp:
>     hosts_require_tls = *
>     driver = smtp
> smtp:
>     driver smtp
>
>
> in reality two routers and transports are much more complicated but
> almost
> identical. The same is true for the transports.
>
> Is it somehow possible to consolidate this into one router and one
> transport
> and lets have in the transport "something like"
>
>  domains_require_tls = +domainlist-with-TLS-Domains
>
> I now that this option does not exist, but is it possible to configure
> one router and one transport that act like that ?
>
> Regards, Olaf
>
>


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

I understand it might help a little bit to require TLS, but without
verficiation that a certificate is valid, TLS requirement is not such
a big win, is it?

I too have a transport that would require TLS for certain sending
domains, but I haven't yet required TLS verification, because it often
breaks.... So there we are...

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> I understand it might help a little bit to require TLS, but without
> verficiation that a certificate is valid, TLS requirement is not such
> a big win, is it?

Depends on your aims. Pure encryption is one level of security,
protection against MitM attacks is another level.

> I too have a transport that would require TLS for certain sending
> domains, but I haven't yet required TLS verification, because it often
> breaks.... So there we are...

Probably you haven't yet clear understanding of your own needs.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

• Evgeniy Berdnikov via Exim-users [2023-03-29 11:22]:
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
> > I understand it might help a little bit to require TLS, but without
> > verficiation that a certificate is valid, TLS requirement is not such
> > a big win, is it?
>
> Depends on your aims. Pure encryption is one level of security,
> protection against MitM attacks is another level.

Exactly. The former preventing passive data collection, the later --
active. Still, if *I* were to state a legal requirement that certain
domains use TLS, I'd also ask for verification either via TLS or
DANE, because just TLS is a very small win.

> > I too have a transport that would require TLS for certain sending
> > domains, but I haven't yet required TLS verification, because it often
> > breaks.... So there we are...
>
> Probably you haven't yet clear understanding of your own needs.

I was just doing an experiment setting up a domain that would require
TLS for receiving and TLS for sending, and ideally I'd want
verification when sending, but we aren't there yet.

K.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 3/28/23 15:59, Mike Tubby via Exim-users wrote:
> Hi Olaf,
>
>
> outbound_force_tls:
>         driver = dnslookup
>         domains = +tls_force_remote_domains
>         transport = remote_smtp_force_tls
>
>
> outbound_lookup:
>         driver = dnslookup
>         domains = ! +local_domains
>         transport = remote_smtp
>         ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>         no_more
>
>
> and then this in my transports:
> remote_smtp:
>   driver = smtp
>
> remote_smtp_force_tls:
>   driver = smtp
>   hosts_require_tls = *
>   hosts_try_fastopen = !*.l.google.com
>   tls_require_ciphers = HIGH:!SRP:!PSK:!SHA:@STRENGTH
>
>

Hi Mike,
thanks for your code. But my question was not how to implement "domains-with-force-TLS"
This is already solved and I ended up with two almost identical routers
and two almost identical transports. Your config also uses 2 routers and 2 transports.
In my case these routers and transports are lengthy and also do all of the DKIM signing stuff.
And my question was to rid of the second router and transport and to consolidate my code.

Jeremys proposal sounded promising at first look, but after his correction
that I have to use "max_rcpts = 1" and that these are my main routers / transports
handling ~200k Mails per day I decided still to live with 2 pairs of routers and transports
and keep in mind, when I change one of them, I have to change the other one as well.
"max_rcpts = 1" seems to "expensive" in my use case.

Regards , Olaf


--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Dipl.-Geophys. Olaf Hopp

Zirkel 2
Gebäude 20.21, Raum 316
76131 Karlsruhe

Telefon: +49 721 608-48009
E-Mail: Olaf.Hopp@kit.edu
Web: www.scc.kit.edu

Sitz der Körperschaft:
Kaiserstraße 12, 76131 Karlsruhe

KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft

D?a 29. 3. o 10:22 Evgeniy Berdnikov via Exim-users napísal(a):
> On Wed, Mar 29, 2023 at 09:40:16AM +0200, Kirill Miazine via Exim-users wrote:
>> I understand it might help a little bit to require TLS, but without
>> verficiation that a certificate is valid, TLS requirement is not such
>> a big win, is it?
>
> Depends on your aims. Pure encryption is one level of security,
> protection against MitM attacks is another level.

I leave this to receiver decision. Nowadays it is not problem to setup
DANE, if receiver did it i (as sender) will know, that it requires TLS
and the cert have to be validated (even in more secure way than with PKI
if DANE-EE is chosen). I do not bother with other receivers -- try TLS,
then fallback to plaintext...

I am in (slowly) process to implement DANE-EE for itself now...

Encryption of email provides only transport security (on hop by hop
base), if privacy of message really matter, IMO one have to use PGP (or
so) for it.

regards

--
Slavko


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D?a 29. 3. o 10:56 Olaf Hopp (SCC) via Exim-users napísal(a):
> On 3/28/23 15:59, Mike Tubby via Exim-users wrote:

> Jeremys proposal sounded promising at first look, but after his correction
> that I have to use "max_rcpts = 1" and that these are my main routers /
> transports
> handling ~200k Mails per day I decided still to live with 2 pairs of
> routers and transports
> and keep in mind, when I change one of them, I have to change the other
> one as well.
> "max_rcpts = 1" seems to "expensive" in my use case.

And what about include common transport parts from separate file in
both? I never did it in transport, but i use it in ACL to not touch
(very mutch) debian's default config.

regards

--
Slavko


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

The subject line caught my interest.

My mail domain is DNSSEC Signed and I have SSL/TLS Certificates (Let's
Encrypt - which I've automated) that cover it - and have implemented
TLSA records for my mail server a few years back. So if the recipient
SMTP server also happens to have a TLSA DNS record - I see no reason to
have a database record that includes it and would think the only
"Domains I must use TLS with" are domains that do not have a TLSA
record. This would reduce the size of your Database table - which one
day could be of Zero size. Wouldn't that be a target to strive for?


On 2023/03/29 10:56, Olaf Hopp (SCC) via Exim-users wrote:
> On 3/28/23 15:59, Mike Tubby via Exim-users wrote:
>> Hi Olaf,
>>
>>
>> outbound_force_tls:
>>          driver = dnslookup
>>          domains = +tls_force_remote_domains
>>          transport = remote_smtp_force_tls
>>
>>
>> outbound_lookup:
>>          driver = dnslookup
>>          domains = ! +local_domains
>>          transport = remote_smtp
>>          ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
>>          no_more
>>
>>
>> and then this in my transports:
>> remote_smtp:
>>    driver = smtp
>>
>> remote_smtp_force_tls:
>>    driver = smtp
>>    hosts_require_tls = *
>>    hosts_try_fastopen = !*.l.google.com
>>    tls_require_ciphers = HIGH:!SRP:!PSK:!SHA:@STRENGTH
>>
>>
>
> Hi Mike,
> thanks for your code. But my question was not how to implement
> "domains-with-force-TLS"
> This is already solved and I ended up with two almost identical routers
> and two almost identical transports. Your config also uses 2 routers
> and 2 transports.
> In my case these routers and transports are lengthy and also do all of
> the DKIM signing stuff.
> And my question was to rid of the second router and transport and to
> consolidate my code.
>
> Jeremys proposal sounded promising at first look, but after his
> correction
> that I have to use "max_rcpts = 1" and that these are my main routers
> / transports
> handling ~200k Mails per day I decided still to live with 2 pairs of
> routers and transports
> and keep in mind, when I change one of them, I have to change the
> other one as well.
> "max_rcpts = 1" seems to "expensive" in my use case.
>
> Regards , Olaf
>
>
>
--

Mark James ELKINS  -  Posix Systems - (South) Africa
mje@posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 29/03/2023 10:40, Slavko via Exim-users wrote:
> D?a 29. 3. o 10:56 Olaf Hopp (SCC) via Exim-users napísal(a):
>> decided still to live with 2 pairs of routers and transports
>> and keep in mind, when I change one of them, I have to change the other one as well.
>
> And what about include common transport parts from separate file in both? I never did it in transport, but i use it in ACL to not touch (very mutch) debian's default config.

Alternatively, using macros for the common bits across the pairs would get you partway.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
Kirill Miazine via Exim-users <km@krot.org>
is rumored to have said:

> Exactly. The former preventing passive data collection, the later --
> active. Still, if *I* were to state a legal requirement that certain
> domains use TLS, I'd also ask for verification either via TLS or
> DANE, because just TLS is a very small win.

No, it's a huge win. All you get from demanding certificate verification
is "protection" from sending mail as securely as possible to systems
that are trivially misconfigured in ways that have been deemed tolerable
for the whole history of encrypted mail transport.

Passive collection attacks are much easier and hence much less targeted
than active collection, so requiring TLS without requiring certificate
name validation moves your mail transport traffic from collectable by
accidental big-net collection to requiring an attacker to know that they
want YOUR traffic.

You also need to understand that requiring verification as a
prerequisite for encryption has unintended consequences. If you only
allow encryption with verification, you will either break deliverability
entirely for some mail OR fall back to transport in the clear, *to the
same unverifiable host* which cannot be anything but less safe.

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Wed, Mar 29, 2023 at 12:24:22PM -0400, Bill Cole via Exim-users wrote:

> On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
> Kirill Miazine via Exim-users <km@krot.org> is rumored to have said:
>
> > Exactly. The former preventing passive data collection, the later --
> > active. Still, if *I* were to state a legal requirement that certain
> > domains use TLS, I'd also ask for verification either via TLS or
> > DANE, because just TLS is a very small win.
>
> You also need to understand that requiring verification as a
> prerequisite for encryption has unintended consequences. If you only
> allow encryption with verification, you will either break deliverability
> entirely for some mail OR fall back to transport in the clear, *to the
> same unverifiable host* which cannot be anything but less safe.

Sure, when doing ordinary opportunistic TLS, it is silly to fall back to
cleartext when/if authentication fails.

However, if TLS is *mandatory* as a matter of local policy (with no
cleartext fallback) to a *specific* set of destination domains, then it
may well make sense to also require authentication if expected to work
for the destinations in question. This of course doesn't scale, it is
only something one might configure for a small set of "special" peers.

Opportunistic DANE TLS is a scalable alternative, in which the remote
domain's MX hosts signal the expectation of support for authenticated
transport in a downgrade-resistant manner (via DNSSEC TLSA records).
This makes it possible to get "zero-conf" authentication, to a large set
of generic destinations (currently ~3.75 million domains), which may or
may not include the "special" peer domains one really cares about.

It is (at least in Postfix) also possible to configure some of one's
"special" peer domains for required DANE authentication, rather than
required trusted X.509 CA authentication. Also supported are local
"fingerprint" pins or per-destination trust-anchor CA certs or public
keys. Once local policy enters the fray, there's a large spectrum of
possibilies.

--
Viktor.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D?a 29. marca 2023 16:24:22 UTC používate? Bill Cole via Exim-users <exim-users@exim.org> napísal:
>On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
>Kirill Miazine via Exim-users <km@krot.org>
>is rumored to have said:
>
>> Exactly. The former preventing passive data collection, the later --
>> active. Still, if *I* were to state a legal requirement that certain
>> domains use TLS, I'd also ask for verification either via TLS or
>> DANE, because just TLS is a very small win.
>
>No, it's a huge win. All you get from demanding certificate verification is "protection" from sending mail as securely as possible to systems that are trivially misconfigured in ways that have been deemed tolerable for the whole history of encrypted mail transport.

The main problem here and not limited to SMTP is PKI, which
i consider as (false) feel of security (in contrast of real security).

Why in hell the certificate signed by same (anonymous for me)
group (understand CA) is considered as secure, but certificate
signed by my own CA is not ? Only because someone (anonymous
for me again) decided that these "public" CA are "good" and added
to list of system's CAs... And what are these "root CAs"? They are
the same self-signed certs as anyone other can generate.

How do you can know, that these "public CAs" did not sign rogue
certificate? (search net to examples) And are you aware of which
CAs are "secure" in your system? Did you review that system's list
recently (or at all)? Do you know all?

Verifying name in case of SMTP has another problem -- which
name to verify? Recipient's domain name? Name from MX? Or
frpm PTR? You know they often differs, at least in that that MX
is subdomain or even totally different domain. Anyway, how to
know that PTR/MX's name, obtained via DNS, is not forged?

And one can continue... Verifying cert name is worth of near
nothing in SMTP security. You do not verifies, that name match
to what you (or user) typed samowhere, as at time to write
recipient address nobody know which server will handle it
nor which name it will have at time of delivery. Thus one
verifies, that "something" matches with "something" other.

And finally, it seems that you expect, that cert will match
name of MTA. OK, we can use name from MX, but what
with systems which provides MTAs for thousands domains?
Do you expect that all these domains have to use
the same name in MX? Or do you expect thousands certs
on that MTA? Or one cert with thousands names in SAN?
Some of these options are unmanageable and some
impossible (a lot of SANs can affect clients in bad way)...

Not verifying that name is not misconfiguration, it only
reveals problems of using PKI and its false security. Using
self-signed certificate is simple at +/- the same level
of security as PKI.

Be slowly when you name these problems misconfigutation,
they can be carefully choosen with (real) security in mind.

regards


--
Slavko
https://www.slavino.sk/

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 29/03/2023 17:59, Viktor Dukhovni via Exim-users wrote:
> It is (at least in Postfix) also possible

Please note that this mailing list is not focussed on Postfix.
--
Cheers,
Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Wed, Mar 29, 2023 at 06:59:42PM +0000, Slavko via Exim-users wrote:

> Verifying name in case of SMTP has another problem -- which
> name to verify? Recipient's domain name? Name from MX? Or
> frpm PTR? You know they often differs, at least in that that MX
> is subdomain or even totally different domain. Anyway, how to
> know that PTR/MX's name, obtained via DNS, is not forged?

FWIW, DANE SMTP (rfc7672) answers that question. The name to verify
(when validation is via DANE-TA(2) TLSA records) is any of:

- The TLSA base domain, or (typically same as),
- The MX hostname or
- The nexthop domain

> And finally, it seems that you expect, that cert will match
> name of MTA. OK, we can use name from MX, but what
> with systems which provides MTAs for thousands domains?

Makes little difference, one.com uses a modest pool of (tens of) MX
hosts for 1.2 million hosted domains. Other hosting providers use
per-domain MX hosts, but the same underlying public key and matching
"3 1 1" TLSA record. TLSA records can also be CNAMEs.

> Do you expect that all these domains have to use
> the same name in MX? Or do you expect thousands certs
> on that MTA?

Either will work, but a single MX hostname is simpler to operate.

> Or one cert with thousands names in SAN?

That's what SNI is for, but once again a shared MX hostname is better.

> Slavko
> https://www.slavino.sk/

--
Viktor.

P.S. By the way, your domain is DNSSEC-signed, you could with very modest
effort deploy DANE:

https://stats.dnssec-tools.org/explore/?slavino.sk

But, if so, make it robust. First implement monitoring, and a cert/key
rollover process that avoids intermittent outages during key changes
by pre-publishing overlapping TLSA records that match both the old
and new key for a few TTLs before the new cert is deployed:

https://mail.sys4.de/pipermail/dane-users/2018-February/000440.html

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Wed, Mar 29, 2023 at 06:59:42PM +0000, Slavko via Exim-users wrote:
> Why in hell the certificate signed by same (anonymous for me)
> group (understand CA) is considered as secure, but certificate
> signed by my own CA is not ? Only because someone (anonymous
> for me again) decided that these "public" CA are "good" and added
> to list of system's CAs... And what are these "root CAs"? They are
> the same self-signed certs as anyone other can generate.

One can generate self-signed certs, paying 2 cents, but you can't generate
trust for such amount of money. Trust to public CAs can be measured by cost
of related risks and business, starting from hundreds of thousands dollars.

> How do you can know, that these "public CAs" did not sign rogue
> certificate? (search net to examples)

Such questions are pointless while cost of your data is less then cost of
trust to public CAs. Nobody wants to sign "rogue cert" for your 2 cents.

If you don't trust public CAs, use your own for peer-to-peer communication.
But you can't force other people to change their minds, leasing 2 cents.
--
Eugene Berdnikov

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

D?a 29. marca 2023 20:27:30 UTC používate? Viktor Dukhovni via Exim-users <exim-users@exim.org> napísal:
>On Wed, Mar 29, 2023 at 06:59:42PM +0000, Slavko via Exim-users wrote:

>> Do you expect that all these domains have to use
>> the same name in MX? Or do you expect thousands certs
>> on that MTA?
>
>Either will work, but a single MX hostname is simpler to operate.

Perhaps, but question is not if it will work, but if it is
manageable. And it can be, if people cannot change their
MX, othervise they can (and soon or later will) do strange
things... And this will happen despite of thousand or
one common name.

I recently have to solve not receiving mails from o365,
because one smart IT man decide to setup our domain
in o365, including emails. In process of solving that, he
come to me with requirement to change our MX to MS
ones, just because he find that somewhere in o365 help,
he know nothing what that change mean, nor what MX
Is for, but o365 says that, thus it must be right... People
will do strange things, if they can...

>> Or one cert with thousands names in SAN?
>
>That's what SNI is for, but once again a shared MX hostname is better.

SNI or not SNI, a lot of SANs will harm.

regards


--
Slavko
https://www.slavino.sk/

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/