Security of default (postfix) configuration

sweetgood

I like to use simple web services like https://cryptcheck.fr/smtp/ to quickly check the security of services.

Unfortunately it looks like the default configuration of grommunio (the service only tests postfix) regarding the cipher sets is not as secure as mailcow for example. From what grommunio claims on their homepage "With open source technology based on Linux, grommunio is scalable and meets the highest security requirements." I would definitely expect better defaults.

The system itself is up to date and there are no custom modifications in postfix's main.cf (apart from SMTP smuggling mitigation).

In comparison to grommunio here's a default mailcow installation also without custom modifications:

Is it really necessary to "harden" the system manually or why is it configured more insecure by default than for example mailcow?

WalterH

sweetgood why is it configured more insecure by default

To allow older systems to establish a SSL/TLS connection.

mwilliams

As @WalterH mentions, this is a game of what compatibility you want to sacrifice. One could also argue "why does Mailcow allow SHA1 MACs where it is known to have collisions in 2**60 operations?"

grommunio is shipped not only as an appliance or container but instead supports a wide variety of linux and BSD. mailcow is shipped exclusively on containers with debian only, this makes their target platform simpler but also less flexible in terms of deployment. Since postfix is a distribution-provided component, grommunio relies per default on distribution-provided security with any option to harden further according to distributions' hardening guidelines.

Please note the higher you set your settings, the more devices delivering directly to grommunio you will lose in terms of compatibility. On a personal note: It's still astonishing how many offices still run 15+ years "Scan-to-Mail" printer appliances (TLS 1.2 was released in 2008 and started adoption in 2012+).

We at grommunio have decided to give compatibility the preference with any option to harden down postfix with just a simple command.

For higher standard in encryption, use the following command:

postconf -e \
smtpd_tls_ciphers=high \
smtpd_tls_exclude_ciphers="aNULL,eNULL,EXPORT,DES,RC4,MD5,PSK,aECDH,EDH-DSS-DES-CBC3-SHA,EDH-RSA-DES-CBC3-SHA,KRB5-DES,CBC3-SHA,CAMELLIA,SEED-SHA,AES256-SHA,AES256-SHA256,AES256-GCM-SHA384,AES128-SHA,AES128-SHA256,AES128-GCM-SHA256" \
smtpd_tls_mandatory_ciphers=high \
smtpd_tls_mandatory_protocols="TLSv1.2,TLSv1.3" \
smtpd_tls_protocols="TLSv1.2,TLSv1.3" \
smtp_tls_mandatory_protocols="TLSv1.2,TLSv1.3" \
smtp_tls_protocols="TLSv1.2,TLSv1.3" \
smtp_tls_security_level=may \
tls_preempt_cipherlist=yes \
tls_ssl_options=NO_COMPRESSION

For military-grade, use:

postconf -e \
smtpd_tls_ciphers=high \
smtpd_tls_exclude_ciphers="aNULL,eNULL,EXPORT,DES,RC4,MD5,PSK,aECDH,EDH-DSS-DES-CBC3-SHA,EDH-RSA-DES-CBC3-SHA,KRB5-DES,CBC3-SHA,CAMELLIA,SEED-SHA,AES256-SHA,AES256-SHA256,AES256-GCM-SHA384,AES128-SHA,AES128-SHA256,AES128-GCM-SHA256,DHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA" \
smtpd_tls_mandatory_ciphers=high \
smtpd_tls_mandatory_protocols="TLSv1.2,TLSv1.3" \
smtpd_tls_protocols="TLSv1.2,TLSv1.3" \
smtp_tls_mandatory_protocols="TLSv1.2,TLSv1.3" \
smtp_tls_protocols="TLSv1.2,TLSv1.3" \
smtp_tls_security_level=may \
tls_preempt_cipherlist=yes \
tls_ssl_options=NO_COMPRESSION

sweetgood

Hi Mike,

great and helpful answer, thanks for that. Especially the two simple commands – did I miss the part of the documentation where these two commands are mentioned?

It's still astonishing how many offices still run 15+ years "Scan-to-Mail" printer appliances (TLS 1.2 was released in 2008 and started adoption in 2012+).

Unfortunately I can confirm that 😅🙈