Blog‎ > ‎

Securing email transport - starttls, postfix, ca, certificates, fingerprint, authority, smtps

posted Sep 29, 2013, 2:05 AM by Sami Lehtinen   [ updated Aug 26, 2014, 7:37 AM ]
I have heard often (false) claims, that if you send email, you can't be sure if it's encrypted during transport. Well, there are ways to secure that.

1) Email servers shouldn't provide non-secure option at all for end users. Only IMAPS, SMTPS (or other secure access methods like HTTPS) should be allowed at all.
2) Email server should check authenticity of the server at the other end, that's the primary point of this post.

Making sure that email is delivered over encrypted connection and only delivered to the  right recipient server.

Using TLS-policy with postfix you can make it sure, that emails aren't delivered without encryption or to wrong server.

Some servers are authenticated using very strong fingerprint authentication, this means that the servers public key has to match this fingerprint. If it doesn't messages won't be delivered.
Some servers do provide valid verifiable certificate, then you should use secure transport mode. In this mode it's not enough to have encryption, it also requires that the servers cert can be verified. This option provides same security as HTTPS does (by default). Without using client certificates, nor using own CA root or more advanced stuff like that.
Then we have the last option, which is encrypt. It simply requires that email in transt has to be sent over encrypted connection. But the identity of receiving server isn't being checked at all. This is still a great option, because this still foils all passive listening attacks, but leaves transport very vulnerable to easy MitM attack.

If I would be working in high security environment, I would use fingerprint method to authenticate services. Of course this means that when ever public key is renewed also the fingerprint information has to be updated. So for most cases secure would be the recommended option.

Option recap:

fingerprint = public key fingerprint must match
secure = certificate must be valid
encrypt = connection (anonymous) encryption is required

Configuration sample:

A few sample rows for postfix TLS-policy:

.ferraro.net       fingerprint
    match=AD:F3:C3:68:2B:CE:8D:DA:A3:83:AC:84:F6:5B:52:E0:B4:88:CD:9B
.sami-lehtinen.net fingerprint
    match=09:16:54:5E:CB:B3:7F:0B:E4:73:64:60:69:AA:4F:72:00:4F:0F:1C
.sigmatic.fi       secure
.upcloud.com       secure
.gmail.com         encrypt
.trashmail.net     encrypt


Other required configuration parameters (main.cf):

# TLS parameters

smtpd_tls_cert_file = your.crt
smtpd_tls_key_file = your.key
smtpd_use_tls = yes
smtpd_tls_security_level = may # could also be secure if required
smtpd_tls_ask_ccert = yes
smtpd_tls_received_header = yes # optional, if you want to add header for debug reasons
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

smtp_tls_cert_file = your.crt
smtp_tls_key_file = your.key
smtp_tls_security_level = may # could also be secure if required
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
smtp_tls_fingerprint_digest = sha1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Veryfiying configuration using checktls.com

You can use checktls.com to verify your configuration of receiving and sending secured email. The service provides you excellet report about all details why tests passed or failed.

Notes

It seems that many people misunderstand this post. No this is not about securing connections to clients. Yes, starttls can be used with clients when they send mail over smtp(s), but main point of this post is to secure email transmission between email servers.


KW: privacy, security, authority, encryption, ssl, tls, secured, secure, encrypted, delivery confirmation, strong authentication, smtp, smtps, imaps, pops, pop3s, private, server, servers, certificate, certificates, policies, fingerprint, fingerprints, mta, mail transfer agent, certificate pinning, SMX, S2SE.