Heads up before upgrading to 0.44 if you have macOS 10.11 users

Synchro · February 19, 2020, 9:08am

If you have clients using macOS 10.11 El Capitan, they will not be able to connect to MIAB 0.44.

macOS 10.11 has TLS 1.2 support, but (annoyingly) Apple Mail 9.3 (the version in that OS) does not, and MIAB 0.44 is configured to only use 1.2 and 1.3.

I solved this by re-enabling TLSv1 in both postfix and dovecot. I wish I didn’t have to, but my users win, and the hardware they are on won’t run a later macOS…

openletter · February 19, 2020, 1:02pm

Is there ever a point that the encryption of a client is too broken for you to downgrade your server?

Synchro · February 19, 2020, 1:18pm

For email (in contrast to the web), the consensus seems to be that any encryption is better than none, even if it’s RC4 in TLSv1. For example, even in MIAB 0.44, postfix allows client-side cipher suite ordering. The general effect of turning up the settings is that more email will be delivered unencrypted. This is also why MTA-STS is kind of important, especially if you have TLSv1.3, as its downgrade protection would provide considerable added value in an otherwise poor crypto environment.

JoshData · February 20, 2020, 10:43am

Or not delivered at all, which is what you found.

I’m sorry the settings change broke things for your users.

Synchro · February 20, 2020, 11:15am

Oh, I wouldn’t dream of blaming you! I’m all for increasing security settings wherever possible. Apple really dropped the ball in this old version of Apple Mail. The rest of macOS 10.11 had perfectly reasonable TLS1.2 support; it’s just mail that’s junky! There’s a good Apple Discussions thread on it.

I ended up having to add a DES cipher suite back into the mix, and permit TLS1.0 again in both postfix and dovecot. The thought of it makes me feel kind of icky…

sander-schippers · February 21, 2020, 9:12pm

By the way, what’s the reason, those users don’t use the free upgrades of their systems. Apple doesn’t support them anyway for the last three years.

Synchro · February 22, 2020, 6:48am

As I said, the hardware they have will not run macOS later than 10.11, so it’s not possible to upgrade, and Apple have not fixed this issue retrospectively.

inki · February 22, 2020, 11:48am

Could you please share your configuration changes to postfix and dovecot?

I not only have to deal with some old Apple hardware, but also with an old document scanner that does not get updates for its email client…

Synchro · February 22, 2020, 9:10pm

In several cases, the 0.43 settings had been left in place, but commented out, so thank you to whoever had the foresight to do that!

In /etc/postfix/main.cf:

smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_ciphers=medium
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_ciphers=medium
smtpd_tls_mandatory_exclude_ciphers=aNULL,3DES,MD5,DES+MD5,RC4
tls_preempt_cipherlist=no
smtp_tls_mandatory_ciphers=medium

I’m not sure which of these apply to inbound vs outbound SMTP, so it may be possible to not reduce the security on some of these.

In /etc/dovecot/conf.d/10-ssl.conf:

ssl_protocols=TLSv1.2 TLSv1.1 TLSv1
ssl_cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

It seems that not only does Apple Mail not have support for TLLSv1.2, it also lacks support for decent cipher suites, so you’re stuck with enabling DES ciphers.

HTH

openletter · February 26, 2020, 1:30pm

FWIW, for the past few days I’ve been experimenting with using the latest Roundcube (I normally never use the webmail client).

It looks and works great on mobile and desktop plus I still get notifications.

When the issue is strictly a device default mail client, the browser may still be updated. In this case, webmail is at least one other option.

Personally, I don’t find downgrade of client-to-server acceptable in the same way as server-to-server downgrade (even plain text). The admin on the other side of the server-to-server connection may understand perfectly what they are doing (e.g., forum topic reply notifcation), but client-to-server will be all the things (e.g., login credentials. OTPs, etc.).

timo · May 6, 2020, 8:17am

I was a bit slow upgrading to 0.44. I had one iOS device that cannot go higher than iOS 9.3.6 and seem to be running into the same TLS problem after upgrading to 0.44. iOS 9.3.6 is the correlating iOS version to macOS 10.11. Both were released Sept 2015. Not a big deal for me as we rarely use this device but just wanted to get this info in here for anyone else that may come across it.

Synchro · May 19, 2020, 10:36am

Just to note that the same thing happens when you upgrade to 0.45, and the same config change works!