On Wed, Oct 16, 2013 at 01:59:51PM +0000, Viktor Dukhovni wrote:
> > > exchangerelay unix - - n - - smtp
> > > -o smtp_sasl_mechanism_filter=!gssapi,login
>
> To support Exchange MSAs on Windows 2003 generically (less critical
> state in per-relay policy entries):
>
> exchangerelay unix - - n - - smtp
> -o smtp_sasl_mechanism_filter=login
> -o smtp_tls_security_level=secure
> -o smtp_tls_mandatory_ciphers=medium
> -o smtp_tls_mandatory_exclude_ciphers=3DES
So after further research it turns out that:
- The Windows 2003 TLS implementation only looks at the first
64 cipher-suites in the client SSL/TLS HELLO.
- If RC4-MD5 is found among these, it uses RC4-MD5.
Otherwise, if RC4-SHA is found among these, it uses RC4-SHA.
Otherwise, if DES-CBC3-SHA is found among these, it uses DES-CBC3-SHA.
- However, the DES-CBD3-SHA cipher-suite is broken (incorrect CBC padding)
So to use TLS with such a site "RC4-SHA" or "RC4-MD5" must be in
the first 64 ciphers-suites. Since no other ciphers work, and MD5
is deprecated the cleanest solution is a radically trimmed down
set of ciphers:
master.cf:
exchangerelay unix - - n - - smtp
-o smtp_sasl_mechanism_filter=login
-o smtp_tls_security_level=may
-o smtp_tls_ciphers=medium
-o smtp_tls_mandatory_ciphers=medium
-o tls_medium_cipherlist=$tls_compat_cipherlist
main.cf:
indexed = ${default_database_type}:${config_directory}/
transport_maps = ${indexed}transport
smtp_tls_policy_maps = ${indexed}tls_policy
tls_compat_cipherlist = aNULL+AES128:aRSA+AES128:RC4-SHA:@STRENGTH
where we throw in some AES128 algorithms just in case the server
is some-day patched to support a more reasonable set of cipher-suites.
The security level for the transport can be set to a preferred value
globally as above, and if desired per-site settings can be used to
specify non-default security levels and/or match criteria.
transport:
example.com exchangerelay:example.com
tls_policy:
example.com secure match=nexthop
--
Viktor.
