How to harden your postfix setup after dhgate [Scratchbook]

This is an old revision of the document!

Warning: Declaration of syntax_plugin_indexmenu_tag::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/syntax/tag.php on line 43 Warning: Declaration of syntax_plugin_indexmenu_tag::render($mode, &$renderer, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/lib/plugins/indexmenu/syntax/tag.php on line 51 Warning: preg_match(): Compilation failed: invalid range in character class at offset 3135 in /home/httpd/vhosts/scratchbook.ch/wiki.scratchbook.ch/inc/parser/lexer.php on line 118

A PCRE internal error occured. This might be caused by a faulty plugin

====== How to harden your postfix setup after dhgate ====== This document shows you how to generate and use a custom 2048bit diffie-hellman parameter for postfix and how to disable export cipher suites. This mitigates at least a part of the problem in diffie-hellman found in may 2015, see [0]. You need postfix version 2.2 or higher. All commands should normally be run as root. NOTE: Using 2048bit Diffie-Hellman-parameter as proposed by this manual breaks compatibility to some other software. See also [1]. If you need the compatibility, use 1024 instead of 2048, the essential part to mitigate the DH problem is the generation of a new parameter. Please don't be confused by the use of "config[uration] param[eter]" (which means something in the postfix config file) and DH param[eter] (which means Diffie-Hellman parameter, essentially a big prime number or the file containing it). ===== Step 1: Generate a new DH parameter file with 2048 bit length ===== Generation using openssl-dhparam. NOTE: If you have a separate readable-by-root-only folder (which you should have in a sensible TLS setup) then change the file path below to put the file in that folder. Also substitute your path in all subsequent commands. <code>openssl dhparam -out /etc/postfix/dh2048.pem 2048</code> The 2048 at the end makes the dh parameter 2048 bits. ===== Step 2: Set permissions ===== Ensure "root" is file owner and group. You can skip this command if you already know (eg. from "ls -l <filename>") the file has root:root owner/group. <code>chown root:root /etc/postfix/dh2048.pem</code> Set <code>r-- --- ---</code> (400) permissions for the param file. Nobody should have write or executable access. And read access should be restricted to root. <code>chmod 400 /etc/postfix/dh2048.pem</code> Postfix reads the file before switching to a less privileged user on startup, so if your postfix instance (or some of its daemons) is not running as root, the parameter file can still be read. ===== Step 3: Configure Postfix to use the new parameters ===== The config parameter contains "dh1024", because until now 1024bit was recommended (see [1]). You can use a 2048bit file with this config parameter, postfix can handle that. Documentation: [2] Add this line to your main.cf: <code>smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem</code> ===== Step 4: Ciphersuite configuration ===== Maybe this configuration breaks compatibility to some older software. Use this only as a guideline and look up the parameters in case of doubt. See below for some additional information about the ciphers used in the config example. You should already have a TLS configuration, check yours against this suggestion. The important part is to make sure you don't use export ciphers, which use dh parameters below 1024bit. THIS IS NOT A FULL POSTFIX TLS CONFIGURATION! <code> ## ciphers config (server side) # Cipher security grade to use. # Only for connections/services where TLS is set to mandatory # (eg. for SASL connections), smtpd_tls_ciphers is the # equivalent for non-mandatory connections smtpd_tls_mandatory_ciphers = high # set also non-mandatory to high. smtpd_tls_ciphers = high # Set protocols to not use smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = $smtpd_tls_mandatory_protocols # security grade for ephemeral elliptic-curve Diffie-Hellman KEX smtpd_tls_eecdh_grade = ultra # Exclude unsafe ciphers. smtpd_tls_exclude_ciphers = NULL, aNULL, EXP, SSLv2, MD5, DES, RC4, aECDH, KRB5-DE5, CBC3-SHA ## Client side # Exclude unsafe ciphers. smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers smtp_tls_mandatory_ciphers = high smtp_tls_ciphers = $smtp_tls_mandatory_ciphers # exclude unsafe protocols smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_protocols = $smtp_tls_mandatory_protocols </code> ===== Step 5: Reload Postfix configuration. ===== <code>postfix reload</code> ===== Details about ciphers to be excluded ===== <code>NULL</code> eNULL or NULL (synonymous) are ciphers without encryption. <code>aNULL</code> aNULL are ciphers without authentication. These begin with a big 'A' letter (eg. ADH-RC4-MD5). <code>EXP</code> EXP or EXPORT (synonymous) are the weakened export ciphers. These include ciphers with Diffie-Hellman parameters below 1024bit. <code>SSLv2</code> Old SSLv2 ciphers, you don't want to use them anymore. On the other hand, these should already be disabled by the use of ''smtpd_tls_ciphers = high'' and ''smtpd_tls[_mandatory]_protocols = !SSLv2, !SSLv3'' <code>MD5, DES, RC4</code> Old algorithms that are not considered secure anymore. <code>aECDH</code> All non-ephemeral elliptic curve Diffie-Hellman ciphers. Ephemeral means you generate a new keypair for every connection or session. Without ephemeral you have a static public key (sometimes used for authentication of your publickey by a third party - not the same as certificate signature by 3rd party). Without "ephemeral" your connection is not perfect forward secrecy, so you definitively want to disable these ciphers. <code>KRB5-DE5, CBC3-SHA</code> Both are recommended to explicitly be disabled on the weakdh website [0]. KRB5 is Kerberos, normally not available unless you have additional Kerberos libraries installed. CBC3 is using 3DES. I don't know why exactly weakdh doesn't want these two. But disabling them won't hurt. weakdh explicitly lists <code>EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA</code> in addition to my list. But both are already excluded with ''smtpd_tls_[mandatory_]protocols = !SSLv2, !SSLv3'' If you need to have SSLv3 activated, add both to your excluded ciphers list. ---- This howto is Public Domain (CC-0). If you have suggestions for improvement of this document (NO support), mail to 0xBE53AA6C0175D01D Version 1, 2015-05-20 [0] https://weakdh.org/ [1] http://postfix.1071664.n5.nabble.com/Diffie-Hellman-parameters-tp63096p63098.html [2] http://www.postfix.org/postconf.5.html#smtpd_tls_dh1024_param_file

weakdh/postfix-harden.1432291038.txt · Last modified: 2015/05/22 12:37 by komsat

Back to top