STARTTLS - Next area needed most POLL

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply

Please do STARTTLS next in..

POP3 Server
4
9%
IMAP Server
11
24%
SMTP Client (Outgoing mail)
28
61%
External accounts (POP3 Incoming)
0
No votes
None (Don't bother work on other things)
3
7%
 
Total votes: 46

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-04 23:07

Now that STARTTLS is a reality in hmailserver let's start a poll to see what order STARTTLS should be done so please vote.

SMTP Incoming (Server waiting for client connections) has been done. Now we have left:
* POP3 Server (Clients connecting to hmail to download mail)
* IMAP Server (Clients connecting to hmail)
* SMTP Client (Outgoing mail when hmail connects to other servers for delivery)
* External accounts (POP client aka POP Pull where hmail connects to other servers to download mail from a box via POP3)
Thx
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
mattg
Moderator
Moderator
Posts: 20289
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: STARTTLS - Next area needed most POLL

Post by mattg » 2014-02-05 00:54

All of the above??
(with individual switches to turn on/off)
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-05 01:19

mattg wrote:All of the above??
(with individual switches to turn on/off)
LOL all of the above is the plan. I just didn't put a vote option for that as I want people to tell the order to do them in. If everyone votes all of the above how does that help me? ;) I guess it could take months (or at current pace a year) to get them all done so I'm just looking for some input to help prioritize the order they are done based on input from others. Otherwise James & I will just do the order WE want which could mean none if there are no votes. :P
Bill
Ps I changed the poll to allow 2 votes now instead of just 1. Just hope everyone doesn't vote for the same 2 or it'll get me nowhere lol
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

percepts
Senior user
Senior user
Posts: 5282
Joined: 2009-10-20 16:33
Location: Sceptred Isle

Re: STARTTLS - Next area needed most POLL

Post by percepts » 2014-02-05 01:37

personally I don't need it but I'm not voting against it since it appears from others posts that many do. But then again people just ask for stuff because they can and not because they need it.

the31
New user
New user
Posts: 13
Joined: 2014-02-03 21:24

Re: STARTTLS - Next area needed most POLL

Post by the31 » 2014-02-05 14:16

I voted for SMTP outgoing with StartTLS.
I think you should finish what was already started > SMTP with StartTLS
percepts wrote:personally I don't need it but I'm not voting against it since it appears from others posts that many do. But then again people just ask for stuff because they can and not because they need it.
I think that StartTLS is useful, even if there are some who do not agree with this.
Alpha versions: http://www.hmailserver.com/forum/viewtopic.php?f=10&t=21420

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-07 07:52

SMTP Client (Outgoing mail) has a solid lead with 5 votes or 50%!
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

prisma
Senior user
Senior user
Posts: 310
Joined: 2010-07-09 13:16

Re: STARTTLS - Next area needed most POLL

Post by prisma » 2014-02-07 15:18

+1 outgoing SMTP.

I assume the most important thing is to start with STARTTLS for "SMTP Relayer" and Routes with "Target SMTP host". It's true, some European providers cut of unencrypted delivery and only provide enforced STARTTLS on 587, no SSL/TLS on 465. This fact is intensified by the fact that in Europe the use of a "Smart Host" (to use M$ diction) is often mandatory, even if you have a static IP address.

At the moment there's no visible switch, only a script hook, to configure enforcement of STARTTLS for incoming SMTP. I think it could make sense to have at least a enforcement hook for Relayer and Routes also. Of course, better was a visible switch for enforcement for in and out... but... I already discussed this with Bill.

Second step could be implementing optional STARTTLS (and always optional to do not break RFC) for delivery on 25 to resolved MX records. (Look if ESMTPS/STARTTLS is provided, if not deliver unencrypted).

I think, at least the second step is what the Germans would prefer ;) LOL ... I'm still hopefully.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-07 16:37

You're right prisma. Technically it'll be need to be done in route & relayer too but that's in the "outgoing" group. Once done for any outgoing smtp it'll be trivial to add for all 3. :)

In terms of enforcement, priority #1 is functionality. Aesthetics are distance #10th :) But yeah I'd imagine there will need to be an option to not continue if starttls is not possible but that's icing on the cake.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
mattg
Moderator
Moderator
Posts: 20289
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: STARTTLS - Next area needed most POLL

Post by mattg » 2014-02-10 01:44

So I have a question about StartTLS

If I enable startTLS on port 25, does it matter which certificate I use?

I host multiple domains (as do many).
I set a customised TCP port for each different domain with their own SSL certificate, so that user@domainA.com can connect to a certificate that says domainA.com, and user2@domainB.com connects to a certificate that says domain2.com etc

This seems to work well

Which certificate do I use for port 25 StartTLS? Does it matter?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-10 03:30

mattg wrote:So I have a question about StartTLS

If I enable startTLS on port 25, does it matter which certificate I use?

I host multiple domains (as do many).
I set a customised TCP port for each different domain with their own SSL certificate, so that user@domainA.com can connect to a certificate that says domainA.com, and user2@domainB.com connects to a certificate that says domain2.com etc

This seems to work well

Which certificate do I use for port 25 StartTLS? Does it matter?
As far as I know it doesn't matter as long as the sender does not enforce cert verification which would be stupid for them to do on port 25 as 25 is meant for anon incoming public mail. So it'd depend on the sender. Btw rfc says if they try starttls & it fails they are supposed to try again without although there are people out like who try to force it & will bounce the message instead with the idea that it 'guarantees' security. Don't worry we can laugh at them together. lol
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
mattg
Moderator
Moderator
Posts: 20289
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: STARTTLS - Next area needed most POLL

Post by mattg » 2014-02-10 03:33

So what is StartTLS meant to achieve?

With no cert verification, how could this possibly stop a man-in-the-middle attack?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-10 04:20

mattg wrote:So what is StartTLS meant to achieve?

With no cert verification, how could this possibly stop a man-in-the-middle attack?
It's meant to provide a false sense of security just like SSL :D
But seriously from what I gather the cert can still be verified as valid from the issuer so at least a secure link can be established but yes I don't see how identity can be verified. I don't see how that's possible for public incoming mail. Someone who's more familiar with SSL/TLS might comment but that's my take on it. I think some see it as 'better than nothing' (iow no SSL/TLS) since at least the link can be encrypted but not for verifying identity of the remote server. Part of that is I see no mechanism to verify or verify the domain UNLESS you had a different port & own cert for each domain. Since incoming mail only arrives on 25 don't see that happening or being a reasonable solution for public incoming mail. And I don't know of any ESMTP extensions to verify either so you're stuck with just being happy there is encrypted link even if you don't know if remote is who you think it is or someone is in the middle
Bill
Ps. In testing some email clients just accept the free startssl cert I test with & others complain. It seems to depend on the host name I set for outgoing mail server. Email clients seem to have less issue if client has host name that matches the cert but some don't care at all. I suppose it is likely possible to get a multi-domain cert but not sure remote servers even check. That's something we'll have to wait & get some more feedback from people on how starttls on 25 is working.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

braniak
Normal user
Normal user
Posts: 33
Joined: 2014-02-08 18:21

Re: STARTTLS - Next area needed most POLL

Post by braniak » 2014-02-10 20:09

Bill48105 wrote:
mattg wrote:So what is StartTLS meant to achieve?

With no cert verification, how could this possibly stop a man-in-the-middle attack?
It's meant to provide a false sense of security just like SSL :D
Well I don't think it's a false sense of security. For sure it's better than no encryption!

I agree it's not going to stop the NSA or an extremely determined hacker, but it will stop 98% of the hackers. It's a step in the right direction and additional enhancements will make it even more secure, eg:
- don't send email unless a SSL/TLS connection between servers can be established.
- options to verify client and server certificates. If identity can't be verified, don't send email.
- config options to explicitly specify SSL ciphers and cipher priorities (allows server admins to disable less secure ciphers).

Here is a excellent guide for SSL best practices:
https://www.ssllabs.com/projects/best-practices/

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-10 20:37

braniak wrote:
Bill48105 wrote:
mattg wrote:So what is StartTLS meant to achieve?

With no cert verification, how could this possibly stop a man-in-the-middle attack?
It's meant to provide a false sense of security just like SSL :D
Well I don't think it's a false sense of security. For sure it's better than no encryption!

I agree it's not going to stop the NSA or an extremely determined hacker, but it will stop 98% of the hackers. It's a step in the right direction and additional enhancements will make it even more secure, eg:
- don't send email unless a SSL/TLS connection between servers can be established.
- options to verify client and server certificates. If identity can't be verified, don't send email.
- config options to explicitly specify SSL ciphers and cipher priorities (allows server admins to disable less secure ciphers).

Here is a excellent guide for SSL best practices:
https://www.ssllabs.com/projects/best-practices/
If you don't believe it gives a false sense of security you either don't understand it or give people too much credit for understanding mail flow. You can have the best encryption in the world & it's worthless once handed off because you have no control of who or what has it after that. THAT is why I say it's false sense of security. Having SSL or STARTTLS for one connection could be meaningless. Don't get me wrong, no one is saying DON'T use ssl or starttls if available but anyone who thinks using it make their email magically safe is an idiot. Its purpose it to stop casual sniffing ON THAT CONNECTION and nothing more. (OK in some setups it can help verify ID but in most cases that does not happen) Time after time people get a false sense of security enabling SSL or STARTTLS so we do our best to educate people as to what that really gains them & what it does not do. If someone was truly concerned about
security or privacy of email they'd either encrypt the message before sending or not use email at all.

Anyway this thread is to discuss the direction of starttls in hmail & not a pissing match over merits of encryption. There's no arguing over benefits of encryption but people need to be aware of limitations as well. There are options in openssl to set ciphers & as discussed in another thread the plan is to add ini option in a test build so that can be explored. It should allow someone to disable weak or undesired ciphers but then we'll need to add code & options for what to do when handshake fails. (Fallback to non TLS which is the RFC standard or bounce or redirect or ??) The trouble we run into is which direction mail is going & what options we have available. For a Route where we are sending or receiving between known servers we could force verification. For one of our clients sending thru hmail it could be possible too. For incoming or outgoing with public servers it's another story & may not be possible.
Bill
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

braniak
Normal user
Normal user
Posts: 33
Joined: 2014-02-08 18:21

Re: STARTTLS - Next area needed most POLL

Post by braniak » 2014-02-10 21:05

Bill48105 wrote: If you don't believe it gives a false sense of security you either don't understand it or give people too much credit for understanding mail flow. You can have the best encryption in the world & it's worthless once handed off because you have no control of who or what has it after that. THAT is why I say it's false sense of security. Having SSL or STARTTLS for one connection could be meaningless.
Agreed, email is like a sieve. We're just trying to plug up some of the holes and minimize the leaks. For true security, you need to encrypt the message before it leaves your computer.

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: STARTTLS - Next area needed most POLL

Post by Bill48105 » 2014-02-10 22:11

braniak wrote:
Bill48105 wrote: If you don't believe it gives a false sense of security you either don't understand it or give people too much credit for understanding mail flow. You can have the best encryption in the world & it's worthless once handed off because you have no control of who or what has it after that. THAT is why I say it's false sense of security. Having SSL or STARTTLS for one connection could be meaningless.
Agreed, email is like a sieve. We're just trying to plug up some of the holes and minimize the leaks. For true security, you need to encrypt the message before it leaves your computer.
Hey there we at least agree on that. ;)

I have no problem plugging the holes but people need to be educated of what the pieces of security do & don't do and more so what they CAN'T do.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

User avatar
mattg
Moderator
Moderator
Posts: 20289
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: STARTTLS - Next area needed most POLL

Post by mattg » 2014-02-11 02:10

Bill48105 wrote:Don't get me wrong, no one is saying DON'T use ssl or starttls if available but anyone who thinks using it make their email magically safe is an idiot. Its purpose it to stop casual sniffing ON THAT CONNECTION and nothing more.
+1
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

japi
New user
New user
Posts: 27
Joined: 2011-06-12 14:09
Location: Germany

Re: STARTTLS - Next area needed most POLL

Post by japi » 2014-03-26 01:50

Bill48105 wrote:
mattg wrote:So what is StartTLS meant to achieve?

With no cert verification, how could this possibly stop a man-in-the-middle attack?
It's meant to provide a false sense of security just like SSL :D
But seriously from what I gather the cert can still be verified as valid from the issuer so at least a secure link can be established but yes I don't see how identity can be verified. I don't see how that's possible for public incoming mail. Someone who's more familiar with SSL/TLS might comment but that's my take on it. I think some see it as 'better than nothing' (iow no SSL/TLS) since at least the link can be encrypted but not for verifying identity of the remote server. Part of that is I see no mechanism to verify or verify the domain UNLESS you had a different port & own cert for each domain. Since incoming mail only arrives on 25 don't see that happening or being a reasonable solution for public incoming mail. And I don't know of any ESMTP extensions to verify either so you're stuck with just being happy there is encrypted link even if you don't know if remote is who you think it is or someone is in the middle
Bill
Ps. In testing some email clients just accept the free startssl cert I test with & others complain. It seems to depend on the host name I set for outgoing mail server. Email clients seem to have less issue if client has host name that matches the cert but some don't care at all. I suppose it is likely possible to get a multi-domain cert but not sure remote servers even check. That's something we'll have to wait & get some more feedback from people on how starttls on 25 is working.
Hi Bill,
hi mattg,

STARTTLS was not just invented to provide a false sense of security :wink:
Cert validation is very important. This includes at least checking the signatures, chain, validity dates and the hostname (checking for revocation, cert usage restrictions etc. should also be done). Validating just the issuer is not an option. Trust me.
The validation has to be split in at least two scenarios though:
1. Desktop mail client sends mail to his SMTP server (where the SMTP server is defined in the mail client settings)
2. Server sends mail to another server (where the SMTP server is determined by a DNS MX lookup)
In both cases the connecting party should validate the certificate.
In case 1 the client should warn the user about the connection misconfiguration and in case 2 the server should bounce the mail to the sender imho.

Hosting multiple domains with SSL/TLS (using default ports) on a server has always been a bit problematic (and still is a pain). There are multiple options to do that:
  • Using more than one IP: Each Domain uses its own IP. The certificate is then bound to the default port on that ip. No further problems.
  • Using the same IP and TLS with SNI (Server Name Indication):
    Explained in short, a SNI-enabled client tells the server which hostname it wants to connect to, so the server knows which certificate has to be presented to the client.
    This option is probably not the best, since the client and the server have to support SNI and i would bet that most mail clients don't support it (i have not tested it though). It was most likely developed with webhosters in mind (hosting hundreds of websites on one IP), not postmasters.
  • Using a wildcard or Multi Domain Cert: This is another interesting option which should work with most clients/servers, but is, depending on the ssl certificate authority, in most cases a bit more expensive. Also the certificate has to be changed everytime a domain is added/removed. Anyone looking at the certificate is also presented a list of hostnames, which is not acceptable in many cases (users can see which domains are hosted on the same server).
What is probably the most easy way?
I think that would be pointing all MX DNS records for the different mail-domains to ONE hostname. Single certificate needed, single IP needed.
(The hostname that is validated against is not the domain from the mail-address "test@example.com". It is the servername from the MX record of that domain)

Is that secure?
Well... not yet. The DNS Lookup could be intercepted and modified by an attacker. But this is totally out of scope for us as postmasters. DNSSEC to the rescue... :)
But the other options are not more secure than that, since the server-to-server transfer always uses an MX lookup. Client-to-Server does not and is a bit more secure because of that (the DNS request could be modified, but the hostname from the certificate is matched against the hostname in the clients settings)
Besides from that, it is quite secure (= adequate for most communication needs). More and more providers support STARTTLS and the unencrypted server-to-server communication is one of the most important security holes in the mail-flow IMHO, provided client-to-server is also encrypted (which is possible at nearly every provider and with every mail client i know).

I'm sorry for the long post. I just hope that this gets implemented with extensive certificate validation, because without it, it is as vulnerable to MITM attacks as without STARTTLS.

If you have any questions about ssl certificates please feel free to ask me, i have to cope with them a lot at work :mrgreen:
I will also test your implementation as soon as i have some spare time. I'm feeling guilty for not having looked at the forums for months. :|

Thanks a million for implementing it, i am extremely happy that this feature is coming!

Best Regards,
Jan

User avatar
mattg
Moderator
Moderator
Posts: 20289
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: STARTTLS - Next area needed most POLL

Post by mattg » 2014-03-26 02:13

japi wrote:In both cases the connecting party should validate the certificate.
Yep

But also, if no certificate is available (ie no StartTLS) then un-encrypted sending should still occur, unless something like the ForceTLS (as mentioned here) is invoked somehow.
japi wrote: I just hope that this gets implemented with extensive certificate validation, because without it, it is as vulnerable to MITM attacks as without STARTTLS.
Absolutely
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

prisma
Senior user
Senior user
Posts: 310
Joined: 2010-07-09 13:16

Re: STARTTLS - Next area needed most POLL

Post by prisma » 2014-03-28 13:43

@japi: I tried to post a more structured and detailed wish-list for startTLS here: http://hmailserver.com/forum/viewtopic.php?f=2&t=26118

If some of these requests fit your needs, feel free to vote or comment.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: STARTTLS - Next area needed most POLL

Post by martin » 2014-10-11 20:29

Since all of these are implemented I'm moving this to the archive.
Martin Knafve
martin@hmailserver.com
https://twitter.com/knafve

Post Reply