Hi Viktor, > On Oct 20, 2017, at 6:14 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > >> In the documentation I have noted that even if STARTTLS is enabled, mail >> delivery will not be stopped even if the certificate at the other server >> is invalid or is a self-signed certificate. As such, TLS encryption is >> used but authentication of the remote server does not happen. > > Now you've switched to talking to about outbound mail (delivery from > your system to other systems).
Oops. You are totally right - that terminology came from the smtp section of the Postfix doc’s as it was the last section I read yesterday. >> I have noticed in my logs today an entry: >> >> postfix/smtpd[1234]: Untrusted TLS connection established from >> example.com[1.2.3.4]: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 >> bits) >> >> ...where example.com is not the real server name. > > And now you're looking at inbound mail again, and it seems that you've > enabled receipt of client certificates, which is generally not a good > idea on port 25 (the default is smtpd_tls_ask_ccert = no). Yes, I checked my main.cf and saw I had smtpd_tls_ask_ccert = yes. I have since corrected it. >> When smtpd parsed the certificate before this log entry, I noticed that >> the subject_CN of the certificate is the same as the issuer - for example: >> >> subject_CN=example >> issuer=example >> >> ...where example is not a FQDN but the hostname of the remote server. >> There is also no references to certificate authorities. > > Perfectly normal even for receiving server, but escpecially for SMTP > client certificates CA-issued names are not especially meaningful. > What would you do differently on port 25 when receiving inbound mail > from a client with a given certificate? Ok. So the certificate that smtpd was presented with was a CLIENT certificate in this case. Was I right that it was a self-signed certificate ? >> I am wondering two things: >> >> [1] Am I correct that the remote server has not been authenticated but >> has used encryption ? > > The transmission channel is encrypted all the way from the remote > server to any TLS man in the middle attacker, and again all the > way from the man in the middle attacker to you. :-) Ahhhhhh! Just kidding - I am more concerned with passive wiretaps, as you mention below. > More seriously, the channel is immune to passive wiretaps, but > unless the client authenticated your server somehow, and would > not have continued sans authenticated TLS, MiTM attacks cannot > be excluded. > >> [2] Is it not authenticated in this case because the remote server >> appears to be a self-signed certificate ? Ok. In the context of smtpd (receiving mail), I note three states in the log: Authenticated TLS ... Untrusted TLS ... Anonymous TLS ... I am pretty sure what most of those are referring to, but not totally sure. Thanks again, - J