On Wed, Oct 16, 2013 at 01:59:51PM +0000, Viktor Dukhovni wrote: > > > exchangerelay unix - - n - - smtp > > > -o smtp_sasl_mechanism_filter=!gssapi,login > > To support Exchange MSAs on Windows 2003 generically (less critical > state in per-relay policy entries): > > exchangerelay unix - - n - - smtp > -o smtp_sasl_mechanism_filter=login > -o smtp_tls_security_level=secure > -o smtp_tls_mandatory_ciphers=medium > -o smtp_tls_mandatory_exclude_ciphers=3DES
So after further research it turns out that: - The Windows 2003 TLS implementation only looks at the first 64 cipher-suites in the client SSL/TLS HELLO. - If RC4-MD5 is found among these, it uses RC4-MD5. Otherwise, if RC4-SHA is found among these, it uses RC4-SHA. Otherwise, if DES-CBC3-SHA is found among these, it uses DES-CBC3-SHA. - However, the DES-CBD3-SHA cipher-suite is broken (incorrect CBC padding) So to use TLS with such a site "RC4-SHA" or "RC4-MD5" must be in the first 64 ciphers-suites. Since no other ciphers work, and MD5 is deprecated the cleanest solution is a radically trimmed down set of ciphers: master.cf: exchangerelay unix - - n - - smtp -o smtp_sasl_mechanism_filter=login -o smtp_tls_security_level=may -o smtp_tls_ciphers=medium -o smtp_tls_mandatory_ciphers=medium -o tls_medium_cipherlist=$tls_compat_cipherlist main.cf: indexed = ${default_database_type}:${config_directory}/ transport_maps = ${indexed}transport smtp_tls_policy_maps = ${indexed}tls_policy tls_compat_cipherlist = aNULL+AES128:aRSA+AES128:RC4-SHA:@STRENGTH where we throw in some AES128 algorithms just in case the server is some-day patched to support a more reasonable set of cipher-suites. The security level for the transport can be set to a preferred value globally as above, and if desired per-site settings can be used to specify non-default security levels and/or match criteria. transport: example.com exchangerelay:example.com tls_policy: example.com secure match=nexthop -- Viktor.