Merge branch 'crypto-v2' into 'master'

postfix, dovecot: modernize and comment TLS settings See merge request simple-nixos-mailserver/nixos-mailserver!413
2025-06-14 22:52:29 +00:00 · 2025-06-14 22:52:29 +00:00 · 5f592b5960
commit 5f592b5960
parent 23cc9a3996 21ce4b4ff8
2 changed files with 46 additions and 25 deletions
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@ -182,6 +182,7 @@ in
      mailLocation = dovecotMaildir;
      sslServerCert = certificatePath;
      sslServerKey = keyPath;
+      enableDHE = lib.mkDefault false;
      enableLmtp = true;
      mailPlugins.globally.enable = lib.optionals cfg.fullTextSearch.enable [
        "fts"
@ -298,9 +299,12 @@ in
        }

        mail_access_groups = ${vmailGroupName}
+
+        # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.21&config=intermediate&openssl=3.4.1&guideline=5.7
        ssl = required
        ssl_min_protocol = TLSv1.2
        ssl_prefer_server_ciphers = no
+        ssl_curve_list = X25519:prime256v1:secp384r1

        service lmtp {
          unix_listener dovecot-lmtp {
--- a/mail-server/postfix.nix
+++ b/mail-server/postfix.nix
@ -243,11 +243,6 @@ in
        # Avoid leakage of X-Original-To, X-Delivered-To headers between recipients
        lmtp_destination_recipient_limit = "1";

-        # Opportunistic DANE support
-        # https://www.postfix.org/postconf.5.html#smtp_tls_security_level
-        smtp_dns_support_level = "dnssec";
-        smtp_tls_security_level = "dane";
-
        # sasl with dovecot
        smtpd_sasl_type = "dovecot";
        smtpd_sasl_path = "/run/dovecot2/auth";
@ -269,40 +264,62 @@ in
          "check_policy_service unix:/run/dovecot2/quota-status"
        ];

-        # TLS settings, inspired by https://github.com/jeaye/nix-files
-        # Submission by mail clients is handled in submissionOptions
+        # TLS for incoming mail is optional
        smtpd_tls_security_level = "may";

-        # Disable obselete protocols
-        smtpd_tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtpd_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
-        smtp_tls_mandatory_protocols = "TLSv1.3, TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3";
+        # But required for authentication attempts
+        smtpd_tls_auth_only = true;

-        smtp_tls_ciphers = "high";
+        # TLS versions supported for the SMTP server
+        smtpd_tls_protocols = ">=TLSv1.2";
+        smtpd_tls_mandatory_protocols = ">=TLSv1.2";
+
+        # Require ciphersuites that OpenSSL classifies as "High"
        smtpd_tls_ciphers = "high";
-        smtp_tls_mandatory_ciphers = "high";
        smtpd_tls_mandatory_ciphers = "high";

-        # Disable deprecated ciphers
-        smtpd_tls_mandatory_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
-        smtpd_tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
-        smtp_tls_mandatory_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
-        smtp_tls_exclude_ciphers = "MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL";
+        # Exclude cipher suites with undesirable properties
+        smtpd_tls_exclude_ciphers = "eNULL, aNULL";
+        smtpd_tls_mandatory_exclude_ciphers = "eNULL, aNULL";
+
+        # Opportunistic DANE support when delivering mail to other servers
+        # https://www.postfix.org/postconf.5.html#smtp_tls_security_level
+        smtp_dns_support_level = "dnssec";
+        smtp_tls_security_level = "dane";
+
+        # TLS versions supported for the SMTP client
+        smtp_tls_protocols = ">=TLSv1.2";
+        smtp_tls_mandatory_protocols = ">=TLSv1.2";
+
+        # Require ciphersuites that OpenSSL classifies as "High"
+        smtp_tls_ciphers = "high";
+        smtp_tls_mandatory_ciphers = "high";
+
+        # Exclude ciphersuites with undesirable properties
+        smtp_tls_exclude_ciphers = "eNULL, aNULL";
+        smtp_tls_mandatory_exclude_ciphers = "eNULL, aNULL";
+
+        # Restrict and prioritize the following curves in the given order
+        # Excludes curves that have no widespread support, so we don't bloat the handshake needlessly.
+        # https://www.postfix.org/postconf.5.html#tls_eecdh_auto_curves
+        # https://ssl-config.mozilla.org/#server=postfix&version=3.10&config=intermediate&openssl=3.4.1&guideline=5.7
+        tls_eecdh_auto_curves = [
+          "X25519"
+          "prime256v1"
+          "secp384r1"
+        ];
+
+        # Disable FFDHE on TLSv1.3 because it is slower than elliptic curves
+        # https://www.postfix.org/postconf.5.html#tls_ffdhe_auto_groups
+        tls_ffdhe_auto_groups = [ ];

        # As long as all cipher suites are considered safe, let the client use its preferred cipher
        tls_preempt_cipherlist = false;

-        # Allowing AUTH on a non encrypted connection poses a security risk
-        smtpd_tls_auth_only = true;
-
        # Log only a summary message on TLS handshake completion
        smtp_tls_loglevel = "1";
        smtpd_tls_loglevel = "1";

-        # Configure a non blocking source of randomness
-        tls_random_source = "dev:/dev/urandom";
-
        smtpd_milters = smtpdMilters;
        non_smtpd_milters = lib.mkIf cfg.dkimSigning [ "unix:/run/rspamd/rspamd-milter.sock" ];
        milter_protocol = "6";