[Ach] Fwd: E-Mail Protocol Security Measurements

Aaron Zauner azet at azet.org
Tue Jul 28 18:18:10 CEST 2015

* Dahlberg, David <david.dahlberg at fkie.fraunhofer.de> [28/07/2015 17:55:33] wrote:
> Isn't Implicit TLS the ex-legacy 465/993/995 thing? At least draft-ietf
> -uta-email-deep uses them synonymously. From a security perspective I
> see not much of a difference on whether somebody attemtps to strip a
> "STARTTLS" or whether he sends a RST to trigger plaintext fallback.

Depends on the client configuration. Same for server to server
(there it's probably a fall-back for sure, if done right). Public
Key Pinning could prevent that.

> The question regarding better-crypto.org would be, whether there might
> be common/general recommendation, which should be reflected in the
> document across paragraphs.
> Up until now I would have opted for:
> MTA incoming: Bind on port 25 with optional STARTTLS
> MTA outgoing: Connect on port 25 with STARTTLS (if possible)
> MDA: Listen on port 143 with mandatory STARTTLS+Auth
> MSA: Listen to port 587 with mandatory STARTTLS+Auth
> This is what ACH recommends right now:
> "2.3 Mail Servers" mentions stunnel (i.e. Implicit TLS)
> "2.3.1 SMTP in general, par 1" recommends opportunistic/optional TLS
> for all modes (MTA/in, MTA/out and MSA), whereas the "MSA" paragraph
> implicitly recommends mandatory STARTTLS ("use SMTP AUTH", "do not
> allow unencrypted SMTP auth" and "listen on port 587").
> "2.3.2 Dovecot" gives no recommendation regarding STARTTLS vs. Implicit
> TLS. The documented test command uses port 993 (imaps) though.
> "2.3.3 cyrus-imapd" enables both POP3 and IMAP with STARTTLS and
> Implicit TLS.
> "2.3.4 Postfix" states that TLS is mandatory in MSA mode and optional
> in MTA mode. I cannot say, whether is is configured to use STARTTLS
> and/or Implicit TLS but I would rather put my money on STARTTLS only.
> "2.3.5 Exim" is configured to use both STARTTLS or Implicit TLS in MSA
> mode. SMTP AUTH is disabled for non-TLS. (BTW: As opposed to the other
> MSAs/MDAs, constraining the cipherlist seems not to be recommended for
> Exim MDAs for some reason). In MTA mode it uses port 25 with optional
> STARTTLS only.
> "2.3.5 ironclad" uses optional STARTTLS for everything, if I understand
> it correctly.

I haven't authored any of the mail-server sections. We're happy to
take patches to the mailing list or pull requests on GitHub though.
The mail-server parts have so far been written by long-time
operators, I do trust their judgement but welcome renewed discussion
on the topic.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150728/b2cdf2fd/attachment.sig>

More information about the Ach mailing list