[Ach] Fwd: E-Mail Protocol Security Measurements

Dahlberg, David david.dahlberg at fkie.fraunhofer.de
Tue Jul 28 17:55:32 CEST 2015 

Am Dienstag, den 28.07.2015, 14:52 +0200 schrieb Aaron Zauner:

> It depends on the protocol but it's not easy to collect DNS related 
> data
> on pure IP scans.

Yes of course. Pardon me for my silliness. 

> > Maybe you should have a look at how many of the servers that 
> support
> > SMTPS do not support STARTTLS on port 25 (MTA) or 287 (MSA)? Or put
> > differently: Is there still any valid reason to offer 465? 
> According to
> > my limited experience there isn't. But OTOH I do not run a big mail
> > provider.
> 
> 465 has been deprecated by IANA back a long time ago ('98 if I 
> remember
> correctly). You should use 587.
> 
> Implicit TLS is still a better choice than STARTTLS im my opinion
> (stripping, filtering..).

Isn't Implicit TLS the ex-legacy 465/993/995 thing? At least draft-ietf
-uta-email-deep uses them synonymously. From a security perspective I
see not much of a difference on whether somebody attemtps to strip a
"STARTTLS" or whether he sends a RST to trigger plaintext fallback.

The question regarding better-crypto.org would be, whether there might
be common/general recommendation, which should be reflected in the
document across paragraphs.

Up until now I would have opted for:

MTA incoming: Bind on port 25 with optional STARTTLS
MTA outgoing: Connect on port 25 with STARTTLS (if possible)
MDA: Listen on port 143 with mandatory STARTTLS+Auth
MSA: Listen to port 587 with mandatory STARTTLS+Auth

This is what ACH recommends right now:

"2.3 Mail Servers" mentions stunnel (i.e. Implicit TLS)

"2.3.1 SMTP in general, par 1" recommends opportunistic/optional TLS
for all modes (MTA/in, MTA/out and MSA), whereas the "MSA" paragraph
implicitly recommends mandatory STARTTLS ("use SMTP AUTH", "do not
allow unencrypted SMTP auth" and "listen on port 587").

"2.3.2 Dovecot" gives no recommendation regarding STARTTLS vs. Implicit
TLS. The documented test command uses port 993 (imaps) though.

"2.3.3 cyrus-imapd" enables both POP3 and IMAP with STARTTLS and
Implicit TLS.

"2.3.4 Postfix" states that TLS is mandatory in MSA mode and optional
in MTA mode. I cannot say, whether is is configured to use STARTTLS
and/or Implicit TLS but I would rather put my money on STARTTLS only.

"2.3.5 Exim" is configured to use both STARTTLS or Implicit TLS in MSA
mode. SMTP AUTH is disabled for non-TLS. (BTW: As opposed to the other
MSAs/MDAs, constraining the cipherlist seems not to be recommended for
Exim MDAs for some reason). In MTA mode it uses port 25 with optional
STARTTLS only.

"2.3.5 ironclad" uses optional STARTTLS for everything, if I understand
it correctly.

-- 
David Dahlberg     

Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845
Fraunhoferstr. 20, 53343 Wachtberg, Germany        | Fax: +49-228-856277

More information about the Ach mailing list