Dovecot and Postfix with PFS (Perfect Forward Secrecy)

Perfect Forward Secrecy (PFS) is a data encoding property that ensures the integrity of a session key in the event that a long-term key is compromised. PFS accomplishes this by enforcing the derivation of a new key for each and every session.

Setup Dovecot
Dovecot (at least from 2.1.x) already used PFS, but the corresponding entries are not in the log files. Therefore, only %k has to be added in login_log_format_elements. The entry is defined either in /etc/dovecot/dovecot.conf or /etc/dovecot/conf.d/10-logging.conf:

login_log_format_elements = "user= method=%m rip=%r lip=%l mpid=%e %c %k"

Older mail clients do not always use DHE. The compatibility can be accomplished with a custom ssl_cipher_list. I’m using at the moment

ssl_cipher_list = DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ALL:!LOW:!SSLv2:!EXP:!aNULL

Setup Postfix
Postfix requires two DHE-key which must be entered in the

Create the keys:

openssl gendh -out /etc/postfix/dh_512.pem -2 512
openssl gendh -out /etc/postfix/dh_1024.pem -2 1024

Adjust Postfix:

postconf -e "smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem"
postconf -e "smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem"
postconf -e "smtpd_tls_eecdh_grade = strong"
postconf -e "tls_preempt_cipherlist = yes"
postconf -e "smtpd_tls_loglevel = 1"
postconf -e "smtp_tls_loglevel = 1"

By tls_loglevels the used ciphers are written to the log.

Postfix must import the changed configuration.

postfix reload

The logs of Dovecot and Postfix can then be searched using grep for DHE or ECDHE.

zegrep ".*with cipher" /var/log/dovecot.log | awk '{printf("%s %s %s %s\n", $14, $15, $16, $17)}' | sort | uniq -c | sort -n

zegrep "TLS connection established from.*with cipher" /var/log/mail.log | awk '{printf("%s %s %s %s\n", $12, $13, $14, $15)}' | sort | uniq -c | sort -n

With openssl PSF can also be tested:

openssl s_client -starttls smtp -connect

openssl s_client -starttls smtp -connect

Check in the SSL Session Protocol and Cipher:

    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

Leave a comment

Your email address will not be published. Required fields are marked *