On 06.08.2015 16:31, Heiko Schlittermann wrote:
> begin authenticators
>
> …
> server_advertise_condition = ${if def:tls_cipher}
>
> But as long as clients do not insist on TLS/SSL and do not verify the
> servers certificate, a MITM can do anything.
>
let's assume your server where you do smtp auth is called
smtp.exmple.com. You have your MUA set up for that host, port 587 and
the setting in your MUA is "TLS, if possible". I'm the bad guy, when you
come to my network I will send you DNS answers, that smtp.exmple.com is
10.6.6.6. That is of course my machine. There I have a SMTP server,
which offers SMTP AUTH *without* TLS on port 587. Then I just log
everything that's coming in to port 587. It is trivial to steal other
people's smtp auth data this way.
And no also DNSSec, would not work, I could also give you the right IP
and then send a spoofed ARP reply for the right IP address. This is also
trivial to do. Because so many MUAs are not behaving sane (opportunistic
starttls is as safe as no TLS), it is not a good idea to use port 587
and starttls as long as you can't make sure that no such clients are
being used.
And when you say "465 and plain SSL are still deprecated" you are
talking about what some RFC authors wrote. RFCs are no laws and when you
see that an RFC is proposing something bad, you should not follow it
IMHO ;-)
And by the way, the same problem is therw with imap and starttls,
dovecot mentions the problem here:
http://wiki2.dovecot.org/SSL
In the whole network of a German provider a related MITM attack was done
some years ago (accidently of course ;), see:
http://www.heise.de/security/meldung/Eingriff-in-E-Mail-Verschluesselung-durch-Mobilfunknetz-von-O2-206233.html
The very least we should do is mention the problem and the security risk
and not just write that SSMTP is "obsolete" in the exim documentation
IMHO. This is what that patch does.
Cheers
Björn
