4. 2012/10/03 Roberto Innocente 4
TLS(Transport Layer Security)
An encryption layer over TCP that all MTAs
should support and when offered they should
start
(STARTTLS mechanism on the std port 25)
●
Disable SSL1 and SSL2 for security problems
that were discovered , and support only
TLSv1.2
5. 2012/10/03 Roberto Innocente 5
Mail Transfer Protocols
Protocol Over
tls
Authenticated Authenticated
Over tls
Name
smtp smtps smtpa smtpsa Simple MTP
esmtp esmtps esmtpa esmtpsa Extended SMTP
lmtp lmtps lmtpa lmtpsa Light MTP
RFC3848 July 2004
Shown in “Received: … with ... ” header lines e.g.
Received: from charon-02.sissa.it (charon-02.sissa.it [147.122.1.105])
by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065
6. 2012/10/03 Roberto Innocente 6
Check protocol used
in Received: lines
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [209.85.214.169])
by mail.example.org (Postfix) with ESMTPS id 13F636C003 for <inno@example.org>;
Wed, 11 Mar 2012 11:34:18 +0100 (CET)
Received: from mail.example.org (mail.example.org [10.0.1.2]) by mail2.example.org
with ESMTP id C9HImFdPfk4ogziO for <inno@example.org>; Mon, 12 Mar 2012
11:34:23 +0100 (CET)
Received: from webmail.example.org (localhost.localdomain [127.0.0.1])
mail2.example.org (Postfix) with ESMTPA id AD79E54E50 for
<roberto.e.innocente@gmail.com>; Mon, 12 Mar 2012 10:48:47 +0100 (CET)
7. 2012/10/03 Roberto Innocente 7
SPF version 1
Spf = Sender Policy Framework
RFC-4408 April 2006
RFC-2821 layer / protects envelope sender address
The one that appears in the initial smtp exchange
HELO itsme.org
MAIL FROM: <..>
RCPT TO: <..>
DATA
SMTP Envelope
8. 2012/10/03 Roberto Innocente 8
SMTP protocol – RFC-2821
April 2001
dig mx gmail.com
;; QUESTION SECTION:
;gmail.com. IN MX
;; ANSWER SECTION:
gmail.com. 3599 IN MX 5 gmail-smtp-in.l.google.com.
telnet gmail-smtp-in.l.google.com smtp
220 mx.google.com ESMTP de8si19058389wib.80
EHLO sissa.it
250-mx.google.com at your service, [10.0.1.2]
250-SIZE 35882577
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
MAIL FROM: <inno@sissa.it>
250 2.1.0 OK jo3si35141161wjc.166 - gsmtp
RCPT TO: <roberto.innocente@gmail.com>
250 2.1.5 OK jo3si35141161wjc.166 - gsmtp
DATA
354 Go ahead jo3si35141161wjc.166 - gsmtp
From: inno@example.org
To: roberto.innocente@gmail.com
Subject: check
Checking address
2 times
.
Envelope Header Body
10. 2012/10/03 Roberto Innocente 10
Identities in email
Envelope identities :
●
Helo/ehlo identity in envelope
●
Mail from: identity in envelope
●
Rcpt to: identity in envelope
Headers identities :
●
From: identity in header
●
To: identity in header
11. 2012/10/03 Roberto Innocente 11
Mail RFCs
●
RFC2821 April 2001
Simple Mail Transfer Protocol (SMTP) –
obsoletes RFC821 (Draft std RFC5321)
●
RFC2822 April 2001
Internet Message Format (IMF) –
obsoletes RFC822 (Draft std RFC5322)
12. 2012/10/03 Roberto Innocente 12
Sender addresses
●
Envelope sender – RFC2821
In HELO and MAIL FROM: smtp lines, usually
stored in Return-Path: header, used to send
back errors, usually not displayed by MUA (mail
user agents)
●
Header sender – RFC2822
In the From: or Sender: mail headers ,
displayed by MUA, usually not cared by MTA
13. 2012/10/03 Roberto Innocente 13
What does SPF ?
A kind of reverse MX ...
Allows the owner of a domain to specify which mail
servers are allowed to send mail on behalf of the domain.
The domain owner publish a record in DNS specifying
which mail servers are authorized to send mail for his
domain.
When a mail server receives a message claiming to be
from that domain, it looks up the spf record for that domain
and it checks if it came trough one of the allowed mail
servers.
14. 2012/10/03 Roberto Innocente 14
Proposed SPF for SISSA
sissa.it. 300 IN TXT “v=spf1 redirect=_spf.sissa.it”
_spf.sissa.it. 300 IN TXT “v=spf1 include=_netblock.sissa.it
include=_netblock1.sissa.it”
_netblock.sissa.it. 300 IN TXT “v=spf1 ...
_netblock1.sissa.it 300 IN TXT “v=spf1 ...
15. 2012/10/03 Roberto Innocente 15
SPF results
●
none = no record published for SPF
●
neutral = sender domain does’nt want to state (?)
●
pass = client is allowed to inject mail for the
domain(+)
●
fail = client is explicitly forbidden to inject mail for
the domain(-)
●
softfail = between pass and fail(~), often the
receiver quarantines
16. 2012/10/03 Roberto Innocente 16
SPF check headers
Received-SPF: pass (google.com: domain of inno@sissa.it designates 147.122.1.105 as permitted sender) client-
ip=147.122.1.105;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of inno@sissa.it designates 147.122.1.105 as permitted
sender) smtp.mail=inno@sissa.it
Received-SPF: pass (domain of gmail.com designates 209.85.214.176 as permitted sender)
Authentication-Results: mta1071.mail.ir2.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com;
dkim=pass (ok)
Received-SPF: none (google.com: roberto.innocente@yahoo.it does not designate permitted sender hosts) client-
ip=98.138.121.67;
Authentication-Results: mx.google.com; spf=none (google.com: roberto.innocente@yahoo.it does not designate permitted
sender hosts) smtp.mail=roberto.innocente@yahoo.it;
Received-SPF: pass (domain of hotmail.com designates 157.55.1.161 as permitted sender)
17. 2012/10/03 Roberto Innocente 17
SPF algorithm
●
Lookup envelope domain spf record :
●
dig txt sissa.it
– sissa.it TXT “v=spf1 ip4:147.122.1/24 ip6:..... ~mx -all”
●
For each mechanism listed look if it matches:
●
Is the client in ip4:147.122.1/24 ? Then pass (the default
is pass) and exit.
●
Is the client in ip6:..... ? Then pass and exit.
●
Is the client in one mx record ? Then softfail and exit.
●
All is matched by everyhting : reject it and exit.
18. 2012/10/03 Roberto Innocente 18
SPF (example record)
$ dig txt unipd.it
unipd.it. 259200 IN TXT "v=spf1 ip4:147.162.10.68
ip4:147.162.10.81 ip4:147.162.10.82 ip4:147.162.10.83 a:mail.unipd.it
?all"
●
Is it ip4:147.162.10.68? pass
●
Is it ip4:147.162.10.81? pass
●
Is it ip4:147.162.10.82 ? Pass
●
Is it ip4:147.162.10.83 ? Pass
●
Is it in address of mail.unipd.it. IN A 147.162.10.68 ? pass
●
Then it is in all : Neutral Terribly wrong !
19. 2012/10/03 Roberto Innocente 19
SPF versus Sender/ID
●
Sender-ID (RFC-4406) Is Microsoft version
of spf
●
It validates the header sender address
●
Very few use it now
●
Problem is that Microsoft is using now spfv1
syntax and dont want to fix !!
●
And so it violates the spf specification !!!!
20. 2012/10/03 Roberto Innocente 20
DKIM
●
Domainkeys was first introduced by yahoo
in a private agreement with paypal and
ebay, then since 2007 a draft RFC
●
DKIM took the main concepts from the
yahoo proposal, incorporated some cisco
ideas and appeared as an RFC in the same
year, last version is RFC6376 Sep 2011
21. 2012/10/03 Roberto Innocente 21
DKIM key rotation
best practice/1
●
It's quite clear why keys should be rotated : to avoid
that they are :
- compromised by cracking them
- stolen
●
DKIM allows a receiver to verify that the signed
parts of a message has not been modified in transit
22. 2012/10/03 Roberto Innocente 22
DKIM key rotation
best practice/2
●
In 2012 a mathematician published on Wired
that it took him 72 hours and 70 $ of Amazon
WS to crack a 512 bits DKIM key
●
768 bit keys can be cracked by a nation effort
for instance
●
1024 bits is the current recommended length
●
2048 is now considered immune from possible
cracks from today computing environment
23. 2012/10/03 Roberto Innocente 23
DKIM key rotation
best practice/3
Generate 2 pairs
of DKIM keys
public keys
1 and 2
in DNS
Sign emails
with private key 1
Generate key pair
3
public key 3
in DNS
Sign emails with
private key 2
Generate key pair
n
public key n
in DNS
Sign emails with
private key (n-1)
Start here
After 3 months
3 months later
n=n+1
n=4
Retire
public key (n-3)
24. 2012/10/03 Roberto Innocente 24
DKIM keys generation
●
It's possible simply to use openssl to generate the keys
●
But opendkim makes it simpler :
$ opendkim-genkey --append-domain --selector=20120316 --domain=sissa.it --bits=1024 --verbose
opendkim-genkey: generating private key
opendkim-genkey: private key written to 20120316.private
opendkim-genkey: extracting public key
opendkim-genkey: DNS TXT record written to 20120316.txt
$ cat 20120316.txt
20120316._domainkey.sissa.it. IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHy9jQ+5ZIN0p3KEw9NQ6PQOnMTXLZGQxwtfVWjQlJO/BYjIktlrYx2ZbwnN3kl2Ely
5cPdMWr5mhlM7UwyP74NDHV4DjigE7KIJ0sF2F4rJIMgVPQQu/Vz078zsZFldaci6WgHeByJtdDEM0L7iSeQhGd5hHbmHM5Oyv2YcT9cwIDAQ
AB" ) ; ----- DKIM key 20120316 for sissa.it
$ cat 20120316.private
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDHy9jQ+5ZIN0p3KEw9NQ6PQOnMTXLZGQxwtfVWjQlJO/BYjIkt-----END RSA PRIVATE KEY-----
lrYx2ZbwnN3kl2Ely5cPdMWr5mhlM7UwyP74NDHV4DjigE7KIJ0sF2F4rJIMgVPQ
….
25. 2012/10/03 Roberto Innocente 25
DKIM testing keys
●
Add public key TXT record to DNS, then
opendkim-testkey -d example.org -s 20121001 -k
2012101.private
Will test that the 2 are a correct pair of keys.
26. 2012/10/03 Roberto Innocente 26
DKIM configuration
●
Set signature expiration ?
●
Which canonicalization ?
●
relaxed = tolerates minor changes like space
changes and so on
●
simple = strict
●
Select a rendez-vous socket
27. 2012/10/03 Roberto Innocente 27
DKIM
/etc/opendkim.conf
AlwaysSignHeaders Subject
AutoRestart True
Background True
Canonicalization relaxed/relaxed
Diagnostics Yes
Domain sissa.it
KeyFile /etc/mail/dkim/20130315.pem
InternalHosts /etc/mail/dkim/internal
LogWhy true
Mode sv
Selector 20121001
SignatureAlgorithm rsa-sha1024
Socket I inet:8891@localhost
Syslog Yes
Statistics /var/log/dkim-filter/dkim-statistics
ClockDrift 300
DiagnosticDirectory /var/log/dkim/dkim-diagnostics
DNSTimeout 10
●
This conf is for
signing a single
domain with one key
●
It is supported to sign
multiple domains with
multiple keys
●
Mode sv = signer and
verifier
28. 2012/10/03 Roberto Innocente 28
DKIM postfix conf
Add to /etc/postfix/main.cf :
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
If you are using already some milter :
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891,inet:localhost:8893
non_smtpd_milters = inet:localhost:8891,inet:localhost:8893
30. 2012/10/03 Roberto Innocente 30
DMARC
●
DMARC =
●
Domain-based
●
Message
●
Authentication,
●
Reporting and
●
Conformance
=Using DNS TXT records
=SPF + DKIM
=Reports are sent back to
sending mailer
First used between paypal and yahoo in pre-standard form in 2007,
From 2009 offered by ISPs, draft in 2012, rfc in beginning 2013
31. 2012/10/03 Roberto Innocente 31
DMARC
●
Aligned/unaligned mail : DMARC tests
and enforces identifiers alignment
1)Check spf and DKIM
2)DMARC identifiers alignment
3)Acts on unaligned identifiers
Aligned email Unaligned email
Mail
Storage
Internet
Aggregate log
Aggregate reports
Failure reports
32. 2012/10/03 Roberto Innocente 32
DMARC identifier alignment
One of the 2 authenticated originator(SPF/DKIM) identifiers has to match
the (MUA displayed) header ”From:” domain.
We have 2 kind of alignement : strict(=simple) and relaxed.
Simple means the 2 domains should match exactly (except for spaces).
Relaxed :
- relaxed SPF : the organizational domain of the smtp “MAIL FROM:”
should match the header “From:” organizational domain (see later)
- relaxed DKIM : the organizational domain of the “d=” DKIM domain
should matche the organizational domain of the header “From:”
NB. if the SPF check was not passed the SPF is considered of course
unaligned a priori
33. 2012/10/03 Roberto Innocente 33
DMARC organizational domain
A domain under which any can subscribe :
1 atom +TLD(top level domain)
E.g. :
news.google.com → google.com
www.amazon.co.uk → amazon.co.uk
www.regione.campania.it → regione.campania.it
It uses http://www.publicsuffix.org for TLDs
34. 2012/10/03 Roberto Innocente 34
Return-Path: <roberto.e.innocente@gmail.com>
Delivered-To: inno@sissa.it
Received: from charon-02.sissa.it (charon-02.sissa.it [147.122.1.105])
by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from hermes-02.sissa.it (hermes-02.sissa.it [147.122.1.102])
by charon-02.sissa.it with ESMTP id C9HImFdPfk4ogziO for <inno@sissa.it>;
Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com
[209.85.214.169])
by hermes-02.sissa.it (Postfix) with ESMTPS id F3F636C003
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:18 +0100 (CET)
Received: by obcva8 with SMTP id va8so7836910obc.8
for <inno@sissa.it>; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
DMARC strict alignement
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=1HsA0bCF354+0pj/N8P9EvjDk+8XAXJZBZOa7CLpBZc=;
b=feCQAtWRiaarWlH3KAUivMzje4bRw2RUOuuxaWXO8wj+wEC7nGkanNNq9XaeYxgMvM
3BpuPh8jYO/pS2AIqkIKtNjgV2DhQ6ku8hwp56GYajs4O8twyLgKNwnu1BydHGYjL3zx
EvMYbhZvTItSqndCEt9gFGO2V7vdsQK/7sEVIaTc+cytQCfhUbNQ2U9iuVO5iDHYpBLF
/EqMwfV1ECV0Jh/JdBhB0ZFZAL2q5ObxNiFLQOM47yVsQzIE5lyShDDMlgULsiv86UR5
uOZx6ZZ68iwQttYMoY85w2LwQImuRXiuV6daKaR7XQ110bCNCmHI1Al4OooCrVxUbz9i
6Lyg==
MIME-Version: 1.0DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mim
Received: by 10.202.226.136 with HTTP; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
Date: Mon, 12 Mar 2012 11:34:17 +0100
Message-ID: <CAPhLB8ZUFcYRshzme4T55Km8cQ3O36m8FxDYK7xKyOXEw3ZfUw@mail.gmail.com>
Subject: check tls
From: Roberto Innocente <roberto.e.innocente@gmail.com>
To: inno@sissa.it
Content-Type: multipart/alternative; boundary=001a11c2e558341654051100cf4a
SPF alignment : (=strict)
mail from: domain gmail.com with from: domain gmail.com
DKIM alignment : (=strict)
DKIM d= domain gmail.com with from: domain gmail.com
35. 2012/10/03 Roberto Innocente 35
Return-Path: <roberto.e.innocente@bounce.gmail.com>
Delivered-To: inno@sissa.it
Received: from charon-02.sissa.it (charon-02.sissa.it [147.122.1.105])
by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from hermes-02.sissa.it (hermes-02.sissa.it [147.122.1.102])
by charon-02.sissa.it with ESMTP id C9HImFdPfk4ogziO for <inno@sissa.it>;
Mon, 12 Mar 2012 11:34:23 +0100 (CET)
Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com
[209.85.214.169])
by hermes-02.sissa.it (Postfix) with ESMTPS id F3F636C003
for <inno@sissa.it>; Mon, 12 Mar 2012 11:34:18 +0100 (CET)
Received: by obcva8 with SMTP id va8so7836910obc.8
for <inno@sissa.it>; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
DMARC relaxed alignement
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=bounce.gmail.com; s=20120113;
h=mime-version:date:message-id:subject:from:to:content-type;
bh=1HsA0bCF354+0pj/N8P9EvjDk+8XAXJZBZOa7CLpBZc=;
b=feCQAtWRiaarWlH3KAUivMzje4bRw2RUOuuxaWXO8wj+wEC7nGkanNNq9XaeYxgMvM
3BpuPh8jYO/pS2AIqkIKtNjgV2DhQ6ku8hwp56GYajs4O8twyLgKNwnu1BydHGYjL3zx
EvMYbhZvTItSqndCEt9gFGO2V7vdsQK/7sEVIaTc+cytQCfhUbNQ2U9iuVO5iDHYpBLF
/EqMwfV1ECV0Jh/JdBhB0ZFZAL2q5ObxNiFLQOM47yVsQzIE5lyShDDMlgULsiv86UR5
uOZx6ZZ68iwQttYMoY85w2LwQImuRXiuV6daKaR7XQ110bCNCmHI1Al4OooCrVxUbz9i
6Lyg==
MIME-Version: 1.0DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mim
Received: by 10.202.226.136 with HTTP; Mon, 12 Mar 2012 03:34:17 -0700 (PDT)
Date: Mon, 12 Mar 2012 11:34:17 +0100
Message-ID:
<CAPhLB8ZUFcYRshzme4T55Km8cQ3O36m8FxDYK7xKyOXEw3ZfUw@mail.gmail.com>
Subject: check tls
From: Roberto Innocente <roberto.e.innocente@back.gmail.com>
To: inno@sissa.it
Content-Type: multipart/alternative; boundary=001a11c2e558341654051100cf4aSPF alignment : (=relaxed)
mail from: organizational domain gmail.com with from: organizational domain
gmail.com
DKIM alignment : (=relaxed)
DKIM d= organizational domain gmail.com with from: organizational domain gmail.com
36. 2012/10/03 Roberto Innocente 36
DMARC policies
●
Reject (not delivered at all) : p=reject
●
Quarantine (msg not deliverd to inbox) : p=quarantine
●
None (msg disposition is unchanged) : p=none
Percentage of mails not passing dmarc validation that
are let to fall on more permissive policy is specified by :
p=reject ; pct=40; 60% of the emails not passing
dmarc are just
quarantined and not rejected
37. 2012/10/03 Roberto Innocente 37
DMARC attr/val pairs
attribute description use
v= version v=DMARC1
p= policy p=none,p=quarantine,p=reject
adkim= alignment mode for DKIM adkim=s,adkim=r
aspf=
alignment mode for SPF
aspf=s,aspf=r
rua= Report aggregates rua=mailto:dmarc-agg@sissa.it
ruf= Report failures ruf=mailto:dmarc-fail@sissa.it
sp= Policies for subdomains
rf= Reporting format
pct= Percentage of msgs subject to
policy
pct=100,pct=10
38. 2012/10/03 Roberto Innocente 38
DMARC reports
●
There are two kinds :
●
Aggregate reports (usually transmitted daily by
correspondent mailers)
– rua=mailto:dmarc-rua@sissa.it
●
Failure reports transmitted for each failed message
validation
– ruf:mailto:dmarc-ruf@sissa.it
●
ruf can create a lot of traffic and should be enabled only
after having studied the aggregate reports and the
causes of failures
39. 2012/10/03 Roberto Innocente 39
DMARC first record and on
First toe in water :
v=DMARC1; p=none; rua=mailto:dmarc-agg@sissa.it
v=DMARC1; p=quarantine; pct=10;
rua=mailto:dmarc-agg@sissa.it;ruf=mailto:dmarc-fail@sissa.it;
v=DMARC1; p=reject; pct=100;
rua=mailto:dmarc-agg@sissa.it;ruf=mailto:dmarcfail@sissa.it;