Dear Bastian,
Thank you for your reply.
Am 11.07.23 um 19:43 schrieb Bastian Blank:
On Tue, Jul 11, 2023 at 05:47:12PM +0200, Paul Menzel via mailop wrote:
Testing the mail setup, I was surprised to have the key exchange parameters
flagged [1]:
a1241.mx.srv.dfn.de. DH-2048 insufficient
This test is for web or e-mail? MX or MSA?
Given that this host only reacts on port 25 but not on port 587, I
assume this is MX.
Correct, it’s an MX. (The DFN – Deutsche Forschungsnetz – offers a
MailSupport service, running MXes doing mostly spam filtering and
phishing, and then passes the messages on.)
Mozilla’s SSL Configuration Generator also suggests for *Intermediate* and
*Old* [3]:
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
# not actually 1024 bits, this applies to all DHE >= 1024 bits
smtpd_tls_dh1024_param_file = /path/to/dhparam
This generator is for web and other authenticated use. You are talking
about MX, which is unauthenticated in the absence of DANE.
The DFN-MailSupport supports DANE since September 2020 [6].
For unauthenticated MX use you want to allow as much encrypted
communication as possible. So don't disable TLS 1.0 or weak ciphers,
clients will otherwise just downgrade to plaintext and make it worse.
Agreed. That wasn’t my intention.
So if you are not ready to also cut off plaintext connections overall,
don't touch it too much. Clients will often restrict itself to more
modern settings anyway.
Indeed.
Have most of you moved to ECDHE? If not, are you using the predefined finite
field groups specified in RFC 7919 [5]?
Every current system supports ECDHE, so sure. The original DH is dead,
because it's just too slow.
With Postfix 3.6 and empty `smtpd_tls_dh1024_param_file` (equals to
auto) [7], Internet.nl shows DH 2048, but also ECDHE is supported.
Then I tried to configure the RFC 7219 ffdhe3072 parameters, but somehow
the Internet.nl email test still says DH 2048 is used.
# wget -O /project/mx/etc/ffdhe3072.pem
https://github.com/internetstandards/dhe_groups/blob/main/ffdhe3072.pem
# postconf -n smtpd_tls_dh1024_param_file
smtpd_tls_dh1024_param_file = /project/mx/etc/ffdhe3072.pem
# postfix reload
Viktor Dukhovni commented on postfix-users [8]:
This is misguided. If 2048-bit RSA root CAs are good enough for WebPKI,
system software updates, ... then 2048-bit DH parameters are also good
enough for opportunistic TLS in SMTP.
He recommended to ignore this test, which I will do, and set the
parameter `smtpd_tls_dh1024_param_file` to empty.
Kind regards,
Paul
[6]: https://www.mailsupport.dfn.de/news/aktivierung-der-tlsa-records
[7]: https://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file
[8]: https://www.mail-archive.com/postfix-users@postfix.org/msg99647.html
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop