Hi, we run our outbound mailservers with DANE/DNSSEC enabled for quite some time now. Works great.
It looks like one of the two MX for the German government changed implementation yesterday, it now offers TLSv1.2 with ECDHE ciphers and a new certificate. They apparently forgot to update the TLSA record though, which makes smtp_tls_security_level=dane rightfully fail the connection and switch over to mx1.bund.de Nov 7 11:45:31 lxmhs51 postfix-postout/smtp[3655]: Untrusted TLS connection established to mx2.bund.de[77.87.224.131]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) Nov 7 11:45:31 lxmhs51 postfix-postout/smtp[3655]: 3jYytM0BhVzyQK: Server certificate not trusted Nov 7 11:45:31 lxmhs51 postfix-postout/smtp[3655]: Verified TLS connection established to mx1.bund.de[77.87.224.163]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) However, sometimes mx2.bund.de negotiates an Anonymous TLS connection and the mail gets delivered Nov 7 11:04:39 lxmhs52 postfix-postout/smtp[18391]: Anonymous TLS connection established to mx2.bund.de[77.87.224.131]:25: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits) Nov 7 11:04:39 lxmhs52 postfix-postout/smtp[18391]: 3jYxzC541LzyYf: to=<[email protected]>, relay=mx2.bund.de[77.87.224.131]:25, delay=0.32, delays=0.05/0/0.16/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E353315D45B) Two questions: - Why is the connection established using Anonymous TLS? According to postconf(5) it should be transparently excluded, see smtp_tls_security_level (default: empty) [..] dane Opportunistic DANE TLS. At this security level, the [...] For pur‐ poses of protocol and cipher selection, the "dane" security level is treated like a "manda‐ tory" TLS security level, and weak ciphers and protocols are disabled. Since DANE authenti‐ cates server certificates the "aNULL" cipher-suites are transparently excluded at this level, no need to configure this manually. RFC 6698 (DANE) TLS authentication is available with Postfix 2.11 and later. - Why are Untrusted TLS connections dropped, but the arguably even weaker Anonymous TLS connections accepted? Postfix 2.11.2 on Debian Wheezy. Configuration is quite long, the TLS/DNSSEC specific postconf -n output is this: smtp_dns_support_level = dnssec smtp_tls_CApath = /etc/ssl/certs smtp_tls_loglevel = 1 smtp_tls_policy_maps = hash:${config_directory}/maps/tls_policy.hash smtp_tls_security_level = dane smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_tls_CApath = ${config_directory}/certs smtpd_tls_auth_only = yes smtpd_tls_cert_file = ${config_directory}/xxx.crt smtpd_tls_key_file = ${config_directory}/xxx.key smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache tls_append_default_CA = no tls_compat_cipherlist = aNULL+AES128:aRSA+AES128:RC4-SHA:@STRENGTH tls_compat_cipherlist comes from https://groups.google.com/forum/#!msg/mailing.postfix.users/gTVBKQyd_Ho/DMEPBOcZGXUJ and is only active on a dedicated exchangerelay transport as described in that post. Bernhard
