Interesting discussion ... I am in a slightly different place on our
three public mail servers that handle circa 200,000 mails per day for
about 20-30 domains.
1. I use Devuan 3.1 (Beowulf) and compile Exim from source with OpenSSL
rather than GnuTLS. NB. No systemd here to fek with things!
2. For maximum compatibility I use a relatively permissive cipher list
and RSA-4096 for incoming connections as Microsoft Outlook servers
refused to talk to Exim with ECC certificates, hence this:
#
# Logging options
#
log_selector = +subject +tls_cipher +tls_peerdn
#
# Enable TLS with strong ciphers
#
MAIN_TLS_ENABLE = true
#
# OpenSSL options
#
openssl_options = -all +no_sslv2 +no_sslv3 +no_compression
+cipher_server_preference
#
# RSA 4096-bit certificate so that Microsoft can talk to us.... doh!
#
tls_certificate = /etc/ssl/thorcom/RSA/_star_.thorcom.net-bundle.crt
tls_privatekey = /etc/ssl/thorcom/RSA/_star_.thorcom.net.key
tls_dhparam = /etc/ssl/thorcom/RSA/dhparam.pem
# ensure we tell everyone that we do TLS
tls_advertise_hosts = *
#
# Better list of ciphers post debate on Exim mailing list
#
tls_require_ciphers = ALL:!LOW:!aDSS:!aNULL:!SSLv2:!PSK:!SRP:@STRENGTH
# advertise auth to TLS sessions only
auth_advertise_hosts = ${if eq {$tls_in_cipher}{}{}{*}}
on the basis that its better to receive email (with any encryption)
rather than have it delivered in the clear or not delivered at all...
I assume that my important customers (that require strong encryption
while sending to me) will step up to the mark and will initiate the use
of a decent cipher suite (there is nothing that prevents this).
3. For outgoing email I have to transports:
One called 'remote_smtp_force_tls' and one called 'remote_smtp'.
The first transport is called for important customers (based on a MySQL
query on the destination domain) where they expect (require) encryption
with a minimum strength or a failure to send - think government and
other agencies. It looks like this:
#
# This transport is used for delivering messages over SMTP connections
# where TLS is mandatory (forced) with high cipher strength. NB. this
# transport is selected based on the destination domain, so the
hosts that
# at this point the host(s) that require TLS are 'any' (wildcard)
because we
# don't care who we're talking to it must use TLS.
#
remote_smtp_force_tls:
driver = smtp
hosts_require_tls = *
tls_require_ciphers =
HIGH:!SRP:!PSK:!CHACHA20:!ARIA:!CAMELLIA128:!SHA:@STRENGTH
The other (not important) domains go out over the normal 'remote_smtp'
transport and use optimistic SSL/TLS but they are allowed to fall back
to plain.
Mike
On 18/09/2021 10:58, Sabahattin Gucukoglu via Exim-users wrote:
Debian always builds Exim against GnuTLS, in its “heavy” variation, but I’ve
always resisted by building against OpenSSL (and, incidentally, taken the time
to tweak it for me). On the face of it that’s fine, except …
Is there really a good reason? I do it chiefly because I like OpenSSL’s cipher
selection (I want very permissive, ordered by @STRENGTH, and TLS 1.3 would be
nice). There were also horror stories about RNG entropy starvation caused by
GnuTLS.
It’s tedious. I don’t put compilers on my server, and I don’t much enjoy
setting up a build environment just to compile Exim against stable libraries
and headers. It also makes upgrading much harder.
I appreciate that this is borderline a Debian question, but since there are
presumably experienced users of both libraries here, do you think Exim+GnuTLS
is actually viable and that if I were to switch to the prebuilt binaries and
adapt to GnuTLSisms it would be adequate for a quiet personal server?
Cheers,
Sabahattin
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/