Loading ...
Sorry, an error occurred while loading the content.

TLS Encription and server verification

Expand Messages
  • Luigi Rosa
    ... Hash: SHA1 My goal is to use self-issued certificates to encrypt the communications between two Postfix MTAs and validate their identities Per
    Message 1 of 8 , Sep 8, 2013
    • 0 Attachment
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      My goal is to use self-issued certificates to encrypt the communications
      between two Postfix MTAs and validate their identities

      Per http://www.postfix.org/postconf.5.html#smtpd_tls_policy_maps if I use
      fingerprint in smtp_tls_policy_maps "there are no trusted certificate
      authorities. The certificate trust chain, expiration date, ... are not checked"

      So I generated the keys on both servers and configured them in both Postfix
      with smtpd_tls_key_file and smtpd_tls_cert_file

      On the originating server I have:

      smtp_tls_security_level = may
      smtp_tls_note_starttls_offer = yes
      smtp_tls_fingerprint_digest = sha1
      smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
      smtp_tls_loglevel = 1
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      smtp_tls_session_cache_timeout = 3600s

      tls policy is:

      domain.com fingerprint
      match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d
      mail.domain.com fingerprint
      match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d


      On the receiving server I have

      smtpd_tls_security_level = may
      smtpd_tls_key_file = /etc/ssl/mail.domain.com.key
      smtpd_tls_cert_file = /etc/ssl/mail.domain.com.crt
      smtpd_tls_received_header = yes
      smtpd_tls_loglevel = 1
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtpd_tls_session_cache_timeout = 3600s
      tls_random_source = dev:/dev/urandom



      When I try to send an email on the originatig server I have this log entries:

      postfix/smtp[5360]: setting up TLS connection to xxxx[x.x.x.x]:25
      postfix/smtp[5360]: certificate verification failed for
      mail.domain.com[x.x.x.x]:25: self-signed certificate
      Untrusted TLS connection established to mail.domain.com[x.x.x.x]:25: TLSv1
      with cipher DHE-RSA-AES256-SHA (256/256 bits)
      postfix/smtp[5360]: A4A6320004D: Server certificate not verified

      even if "fingerprint" should not verify the certificate path.


      What I am missing?




      Ciao,
      luigi

      - --
      /
      +--[Luigi Rosa]--
      \

      The NYT reports that Mark Papermaster, Apple's man in charge of iPhone
      hardware, has left the company. He will be replaced by Nigel Antennamaster.
      --boingboing.com
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.12 (GNU/Linux)
      Comment: Using GnuPG with undefined - http://www.enigmail.net/

      iEYEARECAAYFAlIsSdAACgkQ3kWu7Tfl6ZQLDACfV9PR+no6RTqKmLWVeM0YPRGM
      suMAnjHbzj+XwQBosieulNkx4wMBdrsv
      =6tTp
      -----END PGP SIGNATURE-----
    • Patrick Ben Koetter
      ... You don t tell Postfix where to find the CA file that holds all CAs you trust. Without a CA cert Postfix cannot verify a server cert. p@rick -- [*] sys4 AG
      Message 2 of 8 , Sep 8, 2013
      • 0 Attachment
        * Luigi Rosa <lists@...>:
        > My goal is to use self-issued certificates to encrypt the communications
        > between two Postfix MTAs and validate their identities
        >
        > Per http://www.postfix.org/postconf.5.html#smtpd_tls_policy_maps if I use
        > fingerprint in smtp_tls_policy_maps "there are no trusted certificate
        > authorities. The certificate trust chain, expiration date, ... are not checked"
        >
        > So I generated the keys on both servers and configured them in both Postfix
        > with smtpd_tls_key_file and smtpd_tls_cert_file
        >
        > On the originating server I have:
        >
        > smtp_tls_security_level = may
        > smtp_tls_note_starttls_offer = yes
        > smtp_tls_fingerprint_digest = sha1
        > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
        > smtp_tls_loglevel = 1
        > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
        > smtp_tls_session_cache_timeout = 3600s
        >
        > tls policy is:
        >
        > domain.com fingerprint
        > match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d
        > mail.domain.com fingerprint
        > match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d
        >
        >
        > On the receiving server I have
        >
        > smtpd_tls_security_level = may
        > smtpd_tls_key_file = /etc/ssl/mail.domain.com.key
        > smtpd_tls_cert_file = /etc/ssl/mail.domain.com.crt
        > smtpd_tls_received_header = yes
        > smtpd_tls_loglevel = 1
        > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
        > smtpd_tls_session_cache_timeout = 3600s
        > tls_random_source = dev:/dev/urandom

        You don't tell Postfix where to find the CA file that holds all CAs you trust.
        Without a CA cert Postfix cannot verify a server cert.

        p@rick

        --
        [*] sys4 AG

        http://sys4.de, +49 (89) 30 90 46 64
        Franziskanerstraße 15, 81669 München

        Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
        Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
        Aufsichtsratsvorsitzender: Florian Kirstein
      • Luigi Rosa
        ... Hash: SHA1 ... But, according to documentation, setting smtp_tls_policy_maps to fingerprint should not check the CAs but only the fingerprint. So maybe
        Message 3 of 8 , Sep 8, 2013
        • 0 Attachment
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1

          Patrick Ben Koetter said the following on 08/09/2013 12:17:

          > You don't tell Postfix where to find the CA file that holds all CAs you
          > trust. Without a CA cert Postfix cannot verify a server cert.

          But, according to documentation, setting smtp_tls_policy_maps to "fingerprint"
          should not check the CAs but only the fingerprint.

          So maybe there is something in the configuration that does not tell Postfix do
          use smtp_tls_policy_maps




          Ciao,
          luigi

          - --
          /
          +--[Luigi Rosa]--
          \

          She offered her honor,
          He honored her offer.
          And all through the night,
          It was honor and offer.
          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v1.4.12 (GNU/Linux)
          Comment: Using GnuPG with undefined - http://www.enigmail.net/

          iEYEARECAAYFAlIsVKYACgkQ3kWu7Tfl6ZRuqACfYS+akPZwo29IIFjpJK3qphRK
          1KEAn0pYIDz1MErn7jDiii2SIItY2K0I
          =W0Dl
          -----END PGP SIGNATURE-----
        • Jerry
          ... Hash: SHA256 On Sun, 08 Sep 2013 12:42:46 +0200 ... Why don t you post the output of: postconf -n and then we could tell you. - -- Jerry ✌
          Message 4 of 8 , Sep 8, 2013
          • 0 Attachment
            -----BEGIN PGP SIGNED MESSAGE-----
            Hash: SHA256

            On Sun, 08 Sep 2013 12:42:46 +0200
            Luigi Rosa articulated:

            > Patrick Ben Koetter said the following on 08/09/2013 12:17:
            >
            > > You don't tell Postfix where to find the CA file that holds all CAs
            > > you trust. Without a CA cert Postfix cannot verify a server cert.
            >
            > But, according to documentation, setting smtp_tls_policy_maps to
            > "fingerprint" should not check the CAs but only the fingerprint.
            >
            > So maybe there is something in the configuration that does not tell
            > Postfix do use smtp_tls_policy_maps

            Why don't you post the output of: "postconf -n" and then we could tell
            you.

            - --
            Jerry ✌
            postfix-user@...
            _____________________________________________________________________
            TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
            TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
            -----BEGIN PGP SIGNATURE-----
            Version: GnuPG v2.0.21 (FreeBSD)

            iF4EAREIAAYFAlIsXmoACgkQTyDUVeAPhuCa6QEArfZAsXayV890kC1AF0KRSetx
            HzxP0DIQswipyTuMpYMA/RmM6qjVU3DnJS86PJsYIivXamhEMjbEHC0OnkociPq6
            =4h+J
            -----END PGP SIGNATURE-----
          • Luigi Rosa
            ... Hash: SHA1 ... alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases bounce_queue_lifetime = 2d command_directory = /usr/sbin config_directory
            Message 5 of 8 , Sep 8, 2013
            • 0 Attachment
              -----BEGIN PGP SIGNED MESSAGE-----
              Hash: SHA1

              Jerry said the following on 08/09/2013 13:24:

              >> So maybe there is something in the configuration that does not tell
              >> Postfix do use smtp_tls_policy_maps
              >
              > Why don't you post the output of: "postconf -n" and then we could tell
              > you.


              alias_database = hash:/etc/aliases
              alias_maps = hash:/etc/aliases
              bounce_queue_lifetime = 2d
              command_directory = /usr/sbin
              config_directory = /etc/postfix
              daemon_directory = /usr/libexec/postfix
              data_directory = /var/lib/postfix
              debug_peer_level = 2
              delay_warning_time = 2h
              disable_vrfy_command = yes
              html_directory = no
              inet_interfaces = all
              inet_protocols = ipv4
              mail_owner = postfix
              mailbox_size_limit = 0
              mailq_path = /usr/bin/mailq.postfix
              manpage_directory = /usr/share/man
              maximal_queue_lifetime = 2d
              message_size_limit = 0
              mydestination = $myhostname, localhost.$mydomain, localhost
              myhostname = oink.luigirosa.com
              mynetworks = 10.1.7.0/24, 127.0.0.0/8, [2001:470:1f09:203::]/64,
              [2001:470:6b9c::]/48, [::1]/128
              mynetworks_style = subnet
              newaliases_path = /usr/bin/newaliases.postfix
              queue_directory = /var/spool/postfix
              readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
              relay_clientcerts = hash:/etc/postfix/relay_clientcerts
              sample_directory = /usr/share/doc/postfix-2.6.6/samples
              sendmail_path = /usr/sbin/sendmail.postfix
              setgid_group = postdrop
              smtp_tls_CAfile = /etc/ssl/PositiveSSLCA2.crt
              smtp_tls_fingerprint_digest = sha1
              smtp_tls_loglevel = 1
              smtp_tls_note_starttls_offer = yes
              smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
              smtp_tls_security_level = may
              smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
              smtp_tls_session_cache_timeout = 3600s
              smtpd_client_event_limit_exceptions = static:all
              smtpd_helo_required = yes
              smtpd_recipient_restrictions = permit_mynetworks
              reject_invalid_hostname reject_non_fqdn_hostname
              reject_non_fqdn_sender reject_non_fqdn_recipient
              reject_unknown_sender_domain reject_unknown_recipient_domain
              reject_unauth_destination reject_rbl_client zen.spamhaus.org
              permit_mx_backup permit
              smtpd_tls_cert_file = /etc/ssl/luigirosa.com.crt
              smtpd_tls_key_file = /etc/ssl/luigirosa.com.key
              smtpd_tls_loglevel = 1
              smtpd_tls_received_header = yes
              smtpd_tls_security_level = may
              smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
              smtpd_tls_session_cache_timeout = 3600s
              strict_7bit_headers = yes
              strict_rfc821_envelopes = yes
              tls_random_source = dev:/dev/urandom
              unknown_local_recipient_reject_code = 550



              Ciao,
              luigi

              - --
              /
              +--[Luigi Rosa]--
              \

              When a man is tired of London, he is tired of life.
              --Samuel Johnson
              -----BEGIN PGP SIGNATURE-----
              Version: GnuPG v1.4.12 (GNU/Linux)
              Comment: Using GnuPG with undefined - http://www.enigmail.net/

              iEYEARECAAYFAlIsZ7QACgkQ3kWu7Tfl6ZRLpwCgi4sgEQPKhmPSV7TiGjLixvYB
              25YAn39lNwR8CsozYKzLNweBOfkrunxe
              =RmQb
              -----END PGP SIGNATURE-----
            • Viktor Dukhovni
              ... Yes, but you do have to configure Postfix correctly. ... Fine. ... You have failed to mention any related transport(5) settings. The SMTP TLS policy table
              Message 6 of 8 , Sep 8, 2013
              • 0 Attachment
                On Sun, Sep 08, 2013 at 11:56:32AM +0200, Luigi Rosa wrote:

                > Per http://www.postfix.org/postconf.5.html#smtpd_tls_policy_maps if I use
                > fingerprint in smtp_tls_policy_maps "there are no trusted certificate
                > authorities. The certificate trust chain, expiration date, ...
                > are not checked"

                Yes, but you do have to configure Postfix correctly.

                > So I generated the keys on both servers and configured them in both Postfix
                > with smtpd_tls_key_file and smtpd_tls_cert_file.

                Fine.

                > On the originating server I have:
                >
                > smtp_tls_security_level = may
                > smtp_tls_note_starttls_offer = yes
                > smtp_tls_fingerprint_digest = sha1
                > smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
                > smtp_tls_loglevel = 1
                > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
                > smtp_tls_session_cache_timeout = 3600s

                You have failed to mention any related transport(5) settings. The
                SMTP TLS policy table lookup key is the transport nexthop.

                > tls policy is:
                >
                > domain.com fingerprint
                > match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d
                > mail.domain.com fingerprint
                > match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d

                Always good to check that the table actually returns these values
                when queried with the right lookup keys. Are these in fact the
                sha1 fingerprints of the *peer* certificate? How were they computed?

                > When I try to send an email on the originatig server I have this log entries:
                >
                > postfix/smtp[5360]: setting up TLS connection to xxxx[x.x.x.x]:25

                > Untrusted TLS connection established to mail.domain.com[x.x.x.x]:25: TLSv1
                > with cipher DHE-RSA-AES256-SHA (256/256 bits)
                > postfix/smtp[5360]: A4A6320004D: Server certificate not verified

                These log messages have been to heavily redacted. If you crank the log
                level to 2, Postfix will log the certificate and public key fingerprint
                of the remote server. You need to also post the relevant transport
                messages, and more complete log entries. Finally the version of Postfix.

                On Sun, Sep 08, 2013 at 12:17:55PM +0200, Patrick Ben Koetter wrote:
                >
                > You don't tell Postfix where to find the CA file that holds all CAs you trust.
                > Without a CA cert Postfix cannot verify a server cert.

                Irrelevant at the fingerprint security level.

                --
                Viktor.
              • Luigi Rosa
                ... Hash: SHA1 ... error I made was to put the server name instead the mail domain name (the recipient is on a different domain from the FQDN of the server).
                Message 7 of 8 , Sep 9, 2013
                • 0 Attachment
                  -----BEGIN PGP SIGNED MESSAGE-----
                  Hash: SHA1

                  Viktor Dukhovni said the following on 09/09/2013 00:33:

                  > Yes, but you do have to configure Postfix correctly.

                  :) I managed to solve the problem, the key was smtp_tls_policy_maps, the main
                  error I made was to put the server name instead the mail domain name (the
                  recipient is on a different domain from the FQDN of the server). As you
                  pointed out setting loglevel to 2 helped a lot.

                  We are talking about the latest version of Postfix compiled from source with
                  TLS enabled, no precompiled distro package.

                  This leads to few more questions regarding smtp_tls_policy_maps:

                  domain.com fingerprint
                  match=...

                  in this case domain.com is the domain name of the recipient (the text after
                  '@' in the mail address) and not the FQDN of the MTA, correct?

                  If domain.com has a backup MX without TLS how can I tell the
                  smtp_tls_policy_maps not to use TLS with backup MX?


                  > You have failed to mention any related transport(5) settings. The SMTP TLS
                  > policy table lookup key is the transport nexthop.

                  I didn't set up anything in transport file, Postfix uses the DNS to deliver
                  the email. Should I put something in the transport file?

                  >> domain.com fingerprint
                  >> match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d
                  >> mail.domain.com fingerprint
                  >> match=09:e6:21:1b:92:86:67:f1:56:6b:a5:06:7f:00:7e:ab:c7:43:68:6d
                  >
                  > Always good to check that the table actually returns these values when
                  > queried with the right lookup keys. Are these in fact the sha1
                  > fingerprints of the *peer* certificate? How were they computed?

                  I computed them using the command line documented on
                  http://www.postfix.org/postconf.5.html#smtp_tls_fingerprint_digest
                  Too bad I did not read the line below "The Postfix SMTP server and client log
                  the peer (leaf) certificate fingerprint and public key fingerprint when the
                  TLS loglevel is 2 or higher." My fault for not reading the entire documentation.


                  Thank you for your help!



                  Ciao,
                  luigi

                  - --
                  /
                  +--[Luigi Rosa]--
                  \

                  Love? What does love have to do with marriage?
                  --Londo Mollari, "War Prayer"
                  -----BEGIN PGP SIGNATURE-----
                  Version: GnuPG v1.4.12 (GNU/Linux)
                  Comment: Using GnuPG with undefined - http://www.enigmail.net/

                  iEYEARECAAYFAlItc2gACgkQ3kWu7Tfl6ZQ0TACggNAHfp1pzDlXac1MmGbDzfe6
                  H+sAoJuHNgAi8YyasLLVk+8z5RAiBPm4
                  =oeW0
                  -----END PGP SIGNATURE-----
                • Viktor Dukhovni
                  ... The lookup key for TLS policy is the nexthop domain, which is by default the envelope recipient domain, but can be preempted via transport(5) mappings,
                  Message 8 of 8 , Sep 9, 2013
                  • 0 Attachment
                    On Mon, Sep 09, 2013 at 09:06:20AM +0200, Luigi Rosa wrote:

                    > > Yes, but you do have to configure Postfix correctly.
                    >
                    > :) I managed to solve the problem, the key was smtp_tls_policy_maps, the main
                    > error I made was to put the server name instead the mail domain name (the
                    > recipient is on a different domain from the FQDN of the server). As you
                    > pointed out setting loglevel to 2 helped a lot.

                    The lookup key for TLS policy is the nexthop domain, which is by
                    default the envelope recipient domain, but can be preempted via
                    transport(5) mappings, (including content_filter, default_transport,
                    relay_transport, ...).

                    > This leads to few more questions regarding smtp_tls_policy_maps:
                    >
                    > domain.com fingerprint
                    > match=...
                    >
                    > in this case domain.com is the domain name of the recipient (the text after
                    > '@' in the mail address) and not the FQDN of the MTA, correct?

                    It is the transport nexthop. If "example.com" has a transport entry:

                    example.com smtp:[smtp.example.net]:12345

                    then the lookup key is:

                    [smtp.example.net]:12345

                    > If domain.com has a backup MX without TLS how can I tell the
                    > smtp_tls_policy_maps not to use TLS with backup MX?

                    You can't. (There is a non-scalable approach with master.cf and
                    smtp_fallback_relay, but it is not worth the effort).

                    There's not much point in verified TLS security when the backup MX
                    is non-TLS. A man-in-the-middle attacker just drops connections to
                    the primary, and the traffic is in the clear.

                    Opportunistic TLS is sufficient when you can't secure all delivery
                    paths.

                    > > You have failed to mention any related transport(5) settings. The SMTP TLS
                    > > policy table lookup key is the transport nexthop.
                    >
                    > I didn't set up anything in transport file, Postfix uses the DNS to deliver
                    > the email. Should I put something in the transport file?

                    No. Rather, not explaining your configuration in detail makes it
                    difficult to help.

                    --
                    Viktor.
                  Your message has been successfully submitted and would be delivered to recipients shortly.