Though this question is in the context of a particular software (Discourse forum software), it is really about SSL certificates of mail servers.
Here is my setup:
Main Website: mydomain.com (Hosted on Hostgator)
Forum Website (Discourse forum software): forum.mydomain.com (Hosted on DigitalOcean)
Mail Server (used by Discourse to send email to members): mail.mydomain.com (Hosted on Hostgator)
Discourse settings for SMTP:
DISCOURSE_SMTP_ADDRESS: mail.mydomain.com
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: forum-no-reply#mydomain.com
DISCOURSE_SMTP_PASSWORD: "mypassword"
DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true)
I have SSL certificates set up for mydomain.com and mail.mydomain.com on Hostgator (A single SSL certificate for mydomain.com as well as several subdomains (like mail.mydomain.com, webmail.mydomain.com, etc)).
When I try to send a test email from the Discourse admin interface using the above settings, it gives me an 'invalid certificate' error.
So, I tried to debug through openssl s_client with the following command:
openssl s_client -servername mail.mydomain.com -starttls smtp -crlf -connect mail.mydomain.com:587
It sends the SSL certificate of mydomain.com with CN as follows
subject=CN = mydomain.com
and establishes a SSL Session with TLS v1.2
Here are the weird results of EHLO after that:
EHLO mail.mydomain.com
250-xx-xx-xx.webhostbox.net Hello forum.mydomain.com [xx.xx.xx.xx]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250 HELP
As you can see with the second line in the above code, it responds from xx-xx-xx.webhostbox.net instead of mail.mydomain.com or mydomain.com
I think this is why I'm getting a 'invalid certificate' error.
If I change the Discourse SMTP settings as below (just changing the first line)
DISCOURSE_SMTP_ADDRESS: xx-xx-xx.webhostbox.net
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: forum-no-reply#mydomain.com
DISCOURSE_SMTP_PASSWORD: "mypassword"
DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true)
then everything works fine and all emails gets sent.
Could someone please let me know if this working solution is secure? I think it's not secure since I am using xx-xx-xx.webhostbox.net as SMTP address (which could expose the emails to risks) instead of mail.mydomain.com. If this is not secure, how should I proceed to get a secure solution to this problem?
As documented by Hostgator it is actually the correct setup to use the name of the hostgator server full.servername.com and NOT the name of your own domain example.com as the mail server. This is because the mail server is not specific to your domain but is a common mail server for multiple domains.
Note that this is very similar to Can't seem to connect to FTPS via Atom editor Remote FTP but only for SMTP not FTP. My explanation there can be applied to SMTP too.
Related
I use squid 3.5 with its sslbump feature for https traffic filtering. I generated my private key and cert files with openssl. However,the browser received the warning message when i open https websites that the certificate was issued by an unknown authority. I created ssl certificates with comodo but i still got the same warning message.
Is there a way to remove this warning?
# Squid normally listens to port 3128
http_port 3128 ssl-bump cert=/var/tmp/example.com.cert key=/var/tmp/example.com.private
# Squid listen Port
cert=/var/tmp/example.com.cert
# SSL Bump Config
always_direct allow all
ssl_bump server-first all
url_rewrite_program /usr/bin/sh /var/tmp/middle_squid_wrapper.sh start -C /var/tmp/middle_squid_config.rb
# required to fix HTTPS sites (if SslBump is enabled)
acl fix_ssl_rewrite method GET
acl fix_ssl_rewrite method POST
url_rewrite_access allow fix_ssl_rewrite
url_rewrite_access deny all
You don't say what client OS you are using, but it sounds very much like you didn't import your squid certificate to the correct certificate store on the client.
When you install the certificate on a Windows client it should be imported into the Trusted Root Certificate Authorities'->'certificates folder.
The client should then trust the certificate.
I'm setting up Apache with several distinct SSL certificates for different domains that reside on the same server (and thus sharing the same IP address).
With Qualys SSL Test I discovered that there are clients (i.e. BingBot as of december 2013) that do not support the SNI extension.
So I'm thinking about crafting a special default web application that can gather the requests of such clients, but how can I simulate those clients?
I'm on Windows 8, with no access to Linux boxes, if that matters.
You can use the most commonly used SSL library, OpenSSL. Windows binaries are available to download.
openssl s_client -connect domain.com:443 command serves very well to test SSL connection from client side. It doesn't support SNI by default. You can append -servername domain.com argument to enable SNI.
If you are using OpenSSL 1.1.0 or earlier version, use openssl s_client -connect $ip:$port, and OpenSSL wouldn't enable the SNI extension
If you are using OpenSSL 1.1.1, you need add -noservername flag to openssl s_client.
Similar to openssl s_client is gnutls-cli
gnutls-cli --disable-sni www.google.com
You could install Strawberry Perl and then use the following script to simulate a client not supporting SNI:
use strict;
use warnings;
use LWP::UserAgent;
my $ua = LWP::UserAgent->new(ssl_opts => {
# this disables SNI
SSL_hostname => '',
# These disable certificate verification, so that we get a connection even
# if the certificate does not match the requested host or is invalid.
# Do not use in production code !!!
SSL_verify_mode => 0,
verify_hostname => 0,
});
# request some data
my $res = $ua->get('https://example.com');
# show headers
# pseudo header Client-SSL-Cert-Subject gives information about the
# peers certificate
print $res->headers_as_string;
# show response including header
# print $res->as_string;
By setting SSL_hostname to an empty string you can disable SNI, disabling this line enables SNI again.
The approach of using a special default web application simply would not work.
You can't do that because said limited clients not just open a different page, but they fail completely.
Consider you have a "default" vhost which a non-SNI client will open just fine.
You also have an additional vhost which is supposed to be open by an SNI-supporting client.
Obviously, these two must have different hostnames (say, default.example.com and www.example.com), else Apache or nginx wouldn't know which site to show to which connecting client.
Now, if a non-SNI client tries to open https://www.example.com, he'll be presented a certificate from default.example.com, which would give him a certificate error. This is a major caveat.
A fix for this error is to make a SAN (multi-domain) certificate that would include both www.example.com and default.example.com. Then, if a non-SNI client tries to open https://www.example.com, he'll be presented with a valid certificate, but even then his Host: header would still point to www.example.com, and his request will get routed not to default.example.com but to www.example.com.
As you can see, you either block non-SNI clients completely or forward them to an expected vhost. There's no sensible option for a default web application.
With a Java HTTP client you can disable the SNI extension by setting the system property jsse.enableSNIExtension=false.
More here: Java TLS: Disable SNI on client handshake
As far as I understood, both encrypt the connection. However, SSL/TLS "forces" the mail client to encrypt the channel from the beginning. Now let's say I telnet mail.server 25 and, after the ehlo, I am presented with STARTTLS as an authentication option that the server allows me (the mail client) to use. If I choose STARTTLS does it mean that I can authenticate myself (mail client) against the server (using my digital certificate)? why and how?
I am doing as follows but I don't understand where does the client authentication part comes in:
telnet some.mail.server 25
ehlo some.mail.server
...
250-STARTTLS
...
STARTTLS
mail from: guy
rcpt to: otherGuy
data
someting
.
quit
Shouldn't I be sending the client certificate to the server? I tried this using openssl s_client -starttls smtp which actually provides a -cert and -key options to specify the certificate and private key.
So, in fact, the only disadvantage of SSL/TLS compared to STARTTLS is that since the connection is immediately encrypted, there is no way for the client to send its certificate on the same port. Only the server can send its certificate. Correct? A lot of confusion in my head... Please clarify this for me.
Both direct TLS mode and TLS upgrade using STARTTLS can use client certificates.
The only difference between these modes is that with STARTTLS you start with a plain connection and later upgrade if the server announces support for STARTTLS. A man in the middle could strip this announcement (similar to sslstrip) and thus prevent the upgrade to TLS. This is actually used in practice, see https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks.
Unfortunately MX records, which are used to announce which servers are responsible for the mail transfer, can only announce hosts and no ports and in this case the default port 25 will be used with the plain SMTP protocol. Thus you can only get TLS by using the STARTTLS command.
I'm trying to set up Dovecot with multiple vhosts using SSL.
I've set up my main domain (example.de) and for my vhosts (example2.com & example3.co.uk) I'm using the local -option.
My problem:
When I connect to my server, it complains about a wrong hostname
(example3.co.uk) on my main and other domain for the certificate.
How can I make dovecot use the correct certificate for each host?
Here's my dovecot config:
listen = *
ssl = yes
protocols = imap pop3
disable_plaintext_auth = no
auth_mechanisms = plain login
mail_access_groups = vmail
default_login_user = vmail
first_valid_uid = 2222
first_valid_gid = 2222
#mail_location = maildir:~/Maildir
mail_location = maildir:/home/vmail/%d/%n
passdb {
driver = passwd-file
args = scheme=SHA1 /etc/dovecot/passwd
}
userdb {
driver = static
args = uid=2222 gid=2222 home=/home/vmail/%d/%n allow_all_users=yes
}
service auth {
unix_listener auth-client {
group = postfix
mode = 0660
user = root
}
user = root
}
service imap-login {
process_min_avail = 1
user = vmail
}
ssl_cert = </etc/pki/tls/certs/example.de.crt
ssl_key = </etc/pki/tls/private/example.de.key
local ohmygodpresents.com {
ssl_cert = </etc/pki/tls/certs/example2.com.crt
ssl_key = </etc/pki/tls/private/example2.com.key
}
local ohmygodpresents.co.uk {
ssl_cert = </etc/pki/tls/certs/example3.co.uk.crt
ssl_key = </etc/pki/tls/private/example3.co.uk.key
}
How can I make dovecot use the correct certificate for each host?
Its not Dovecot per se.
The client needs to use TLS 1.0 or above, and it needs to utilize the Server Name Indication (SNI) extension. Otherwise, Dovecot does not know which virtual server the client is attempting to connect to when the channel is being set up.
You can duplicate/test it with OpenSSL s_client. For example, a "good" connection:
openssl s_client -tls1 -starttls smtp -connect mail.example.com:587 -servername mail.example.com
In the above example, Dovecot will know to send the certificate for example.com when the SSL/TLS connection is started. Even though a STARTTLS extension is used in mail, Dovecot does not know the virtual server because the RCPT command has not yet been sent. Because the RCPT command has not been sent, Dovecot does not know the user or his/her domain.
Here's a "bad" connection. Its SSLv3, so it cannot utilize SNI (SNI is a TLS extension):
openssl s_client -ssl3 -starttls smtp -connect mail.example.com:587
Here's another "bad" connection. Its TLS 1.0, but it does not utlize SNI:
openssl s_client -tls1 -starttls smtp -connect mail.example.com:587
You can also duplicate/test/observe with Wireshark. SNI is sent in the plain text as part of the ClientHello. So you will be able to see protocols, cipher suites, extensions like SNI, and other parameters. Everything in SSL/TLS's handshake and key exchange are plain text (some hand waiving). The plain text messages are integrity checked later when the Finished messages are sent.
You can disable SSLv2/SSLv3 and force TLS, and things will work as expected for most clients. However, a client does not have to send the SNI extension. Windows XP clients will be a problem - they utilize TLS 1.0 but omit SNI. So there's really no fix other than using a modern client.
Your other option is to create a "super certificate". That is, use a certificates with all the DNS names that the mail server serves. In your case, use one certificate with SANs of DNS:3und80.de, DNS:ohmygodpresents.co.uk, DNS:example1.com, etc. Every time you add a new domain or remove an existing domain, you will have to get a new certificate.
See https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/
it is not
local domain.com { ...
it is
local_name domain.com { ...
My current script uses this simple command:
mail -s "$my_msg" username\#mycompany.com </dev/null
When changing it to use a mailing list rather than the hardcoded username:
mail -s "$my_msg" mailing_list_1\#groups.mycompany.com </dev/null
It produces:
550 Unrouteable address
I need to be able to authenticate to the server over a secure connection.
How do I do this?
Linux version 2.6.26
msmtp is an SMTP client:
TLS/SSL both in SMTP-over-SSL mode and
in STARTTLS mode. Full certificate
trust checks can be performed. A
client certificate can be sent.