Towards authentication

Size: px

Start display at page:

Download "Towards authentication"

Rudolph Wilkerson
6 years ago
Views:

1 Towards authentication TLS SPF + DKIM + DMARC 2012/10/03 Roberto Innocente 1

2 Who adopted it? Hotmail.com Gmail.com AOL.com Verizon.com Ebay Paypal Yahoo.com 2012/10/03 Roberto Innocente 2

3 Tls/SPF/DKIM/DMARC SPF validation ESMTPS = Extended SMTP Over TLS Receiving mailer DKIM validation DMARC validation 2012/10/03 Roberto Innocente 3

4 TLS(Transport Layer Security) An encryption layer over TCP that all MTAs should support and when offered they should start (STARTTLS mechanism on the std port 25) Disable SSL1 and SSL2 for security problems that were discovered, and support only TLSv /10/03 Roberto Innocente 4

5 Mail Transfer Protocols Protocol Over tls Authenticated Authenticated Over tls Name smtp smtps smtpa smtpsa Simple MTP esmtp esmtps esmtpa esmtpsa Extended SMTP lmtp lmtps lmtpa lmtpsa Light MTP RFC3848 July 2004 Shown in Received: with... header lines e.g. Received: from charon-02.sissa.it (charon-02.sissa.it [ ]) by smtp.sissa.it (Postfix) with ESMTP id BEAF9D /10/03 Roberto Innocente 5

6 Check protocol used in Received: lines Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [ ]) by mail.example.org (Postfix) with ESMTPS id 13F636C003 for Wed, 11 Mar :34: (CET) Received: from mail.example.org (mail.example.org [ ]) by mail2.example.org with ESMTP id C9HImFdPfk4ogziO for Mon, 12 Mar :34: (CET) Received: from webmail.example.org (localhost.localdomain [ ]) mail2.example.org (Postfix) with ESMTPA id AD79E54E50 for Mon, 12 Mar :48: (CET) 2012/10/03 Roberto Innocente 6

7 SPF version 1 Spf = Sender Policy Framework RFC-4408 April 2006 RFC-2821 layer / protects envelope sender address The one that appears in the initial smtp exchange HELO itsme.org MAIL FROM: <..> RCPT TO: <..> DATA SMTP Envelope 2012/10/03 Roberto Innocente 7

8 SMTP protocol RFC-2821 April 2001 dig mx gmail.com ;; QUESTION SECTION: ;gmail.com. IN MX ;; ANSWER SECTION: gmail.com IN MX 5 gmail-smtp-in.l.google.com. telnet gmail-smtp-in.l.google.com smtp 220 mx.google.com ESMTP de8si wib.80 EHLO sissa.it 250-mx.google.com at your service, [ ] 250-SIZE BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 MAIL FROM: <inno@sissa.it> OK jo3si wjc gsmtp RCPT TO: <roberto.innocente@gmail.com> OK jo3si wjc gsmtp DATA 354 Go ahead jo3si wjc gsmtp From: inno@example.org To: roberto.innocente@gmail.com Subject: check Checking address 2 times. Envelope Header Body 2012/10/03 Roberto Innocente 8

9 Envelope/Header 2012/10/03 Roberto Innocente 9

10 Identities in Envelope identities : Helo/ehlo identity in envelope Mail from: identity in envelope Rcpt to: identity in envelope Headers identities : From: identity in header To: identity in header 2012/10/03 Roberto Innocente 10

11 Mail RFCs RFC2821 April 2001 Simple Mail Transfer Protocol (SMTP) obsoletes RFC821 (Draft std RFC5321) RFC2822 April 2001 Internet Message Format (IMF) obsoletes RFC822 (Draft std RFC5322) 2012/10/03 Roberto Innocente 11

12 Sender addresses Envelope sender RFC2821 In HELO and MAIL FROM: smtp lines, usually stored in Return-Path: header, used to send back errors, usually not displayed by MUA (mail user agents) Header sender RFC2822 In the From: or Sender: mail headers, displayed by MUA, usually not cared by MTA 2012/10/03 Roberto Innocente 12

13 What does SPF? A kind of reverse MX... Allows the owner of a domain to specify which mail servers are allowed to send mail on behalf of the domain. The domain owner publish a record in DNS specifying which mail servers are authorized to send mail for his domain. When a mail server receives a message claiming to be from that domain, it looks up the spf record for that domain and it checks if it came trough one of the allowed mail servers. 2012/10/03 Roberto Innocente 13

14 Proposed SPF for SISSA sissa.it. 300 IN TXT v=spf1 redirect=_spf.sissa.it _spf.sissa.it. 300 IN TXT v=spf1 include=_netblock.sissa.it include=_netblock1.sissa.it _netblock.sissa.it. 300 IN TXT v=spf1... _netblock1.sissa.it 300 IN TXT v=spf /10/03 Roberto Innocente 14

15 SPF results none = no record published for SPF neutral = sender domain does nt want to state (?) pass = client is allowed to inject mail for the domain(+) fail = client is explicitly forbidden to inject mail for the domain(-) softfail = between pass and fail(~), often the receiver quarantines 2012/10/03 Roberto Innocente 15

16 SPF check headers Received-SPF: pass (google.com: domain of designates as permitted sender) clientip= ; Authentication-Results: mx.google.com; spf=pass (google.com: domain of designates as permitted sender) Received-SPF: pass (domain of gmail.com designates as permitted sender) Authentication-Results: mta1071.mail.ir2.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok) Received-SPF: none (google.com: does not designate permitted sender hosts) clientip= ; Authentication-Results: mx.google.com; spf=none (google.com: does not designate permitted sender hosts) Received-SPF: pass (domain of hotmail.com designates as permitted sender) 2012/10/03 Roberto Innocente 16

17 SPF algorithm Lookup envelope domain spf record : dig txt sissa.it sissa.it TXT v=spf1 ip4: /24 ip6:... ~mx -all For each mechanism listed look if it matches: Is the client in ip4: /24? Then pass (the default is pass) and exit. Is the client in ip6:...? Then pass and exit. Is the client in one mx record? Then softfail and exit. All is matched by everyhting : reject it and exit. 2012/10/03 Roberto Innocente 17

18 SPF (example record) $ dig txt unipd.it unipd.it IN TXT "v=spf1 ip4: ip4: ip4: ip4: a:mail.unipd.it?all" Is it ip4: ? pass Is it ip4: ? pass Is it ip4: ? Pass Is it ip4: ? Pass Is it in address of mail.unipd.it. IN A ? pass Then it is in all : Neutral Terribly wrong! 2012/10/03 Roberto Innocente 18

19 SPF versus Sender/ID Sender-ID (RFC-4406) Is Microsoft version of spf It validates the header sender address Very few use it now Problem is that Microsoft is using now spfv1 syntax and dont want to fix!! And so it violates the spf specification!!!! 2012/10/03 Roberto Innocente 19

20 DKIM Domainkeys was first introduced by yahoo in a private agreement with paypal and ebay, then since 2007 a draft RFC DKIM took the main concepts from the yahoo proposal, incorporated some cisco ideas and appeared as an RFC in the same year, last version is RFC6376 Sep /10/03 Roberto Innocente 20

21 DKIM key rotation best practice/1 It's quite clear why keys should be rotated : to avoid that they are : - compromised by cracking them - stolen DKIM allows a receiver to verify that the signed parts of a message has not been modified in transit 2012/10/03 Roberto Innocente 21

22 DKIM key rotation best practice/2 In 2012 a mathematician published on Wired that it took him 72 hours and 70 $ of Amazon WS to crack a 512 bits DKIM key 768 bit keys can be cracked by a nation effort for instance 1024 bits is the current recommended length 2048 is now considered immune from possible cracks from today computing environment 2012/10/03 Roberto Innocente 22

23 DKIM key rotation best practice/3 Start here Generate 2 pairs of DKIM keys public keys 1 and 2 in DNS Sign s with private key 1 After 3 months Generate key pair 3 public key 3 in DNS Sign s with private key 2 3 months later n=4 Generate key pair n public key n in DNS Sign s with private key (n-1) n=n+1 Retire public key (n-3) 2012/10/03 Roberto Innocente 23

24 DKIM keys generation It's possible simply to use openssl to generate the keys But opendkim makes it simpler : $ opendkim-genkey --append-domain --selector= domain=sissa.it --bits= verbose opendkim-genkey: generating private key opendkim-genkey: private key written to private opendkim-genkey: extracting public key opendkim-genkey: DNS TXT record written to txt $ cat txt _domainkey.sissa.it. IN TXT ( "v=dkim1; k=rsa; " "p=migfma0gcsqgsib3dqebaquaa4gnadcbiqkbgqdhy9jq+5zin0p3kew9nq6pqonmtxlzgqxwtfvwjqljo/byjiktlryx2zbwnn3kl2ely 5cPdMWr5mhlM7UwyP74NDHV4DjigE7KIJ0sF2F4rJIMgVPQQu/Vz078zsZFldaci6WgHeByJtdDEM0L7iSeQhGd5hHbmHM5Oyv2YcT9cwIDAQ AB" ) ; DKIM key for sissa.it $ cat private -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDHy9jQ+5ZIN0p3KEw9NQ6PQOnMTXLZGQxwtfVWjQlJO/BYjIkt-----END RSA PRIVATE KEY----- lryx2zbwnn3kl2ely5cpdmwr5mhlm7uwyp74ndhv4djige7kij0sf2f4rjimgvpq. 2012/10/03 Roberto Innocente 24

25 DKIM testing keys Add public key TXT record to DNS, then opendkim-testkey -d example.org -s k private Will test that the 2 are a correct pair of keys. 2012/10/03 Roberto Innocente 25

26 DKIM configuration Set signature expiration? Which canonicalization? relaxed = tolerates minor changes like space changes and so on simple = strict Select a rendez-vous socket 2012/10/03 Roberto Innocente 26

27 DKIM /etc/opendkim.conf AlwaysSignHeaders Subject AutoRestart True Background True Canonicalization relaxed/relaxed Diagnostics Yes Domain sissa.it KeyFile /etc/mail/dkim/ pem InternalHosts /etc/mail/dkim/internal LogWhy true Mode sv Selector SignatureAlgorithm rsa-sha1024 Socket I inet:8891@localhost Syslog Yes Statistics /var/log/dkim-filter/dkim-statistics ClockDrift 300 DiagnosticDirectory /var/log/dkim/dkim-diagnostics DNSTimeout 10 This conf is for signing a single domain with one key It is supported to sign multiple domains with multiple keys Mode sv = signer and verifier 2012/10/03 Roberto Innocente 27

28 DKIM postfix conf Add to /etc/postfix/main.cf : # DKIM milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 If you are using already some milter : milter_default_action = accept milter_protocol = 2 smtpd_milters = inet:localhost:8891,inet:localhost:8893 non_smtpd_milters = inet:localhost:8891,inet:localhost: /10/03 Roberto Innocente 28

29 /etc/default/opendkim 2012/10/03 Roberto Innocente 29

30 DMARC DMARC = Domain-based Message Authentication, Reporting and Conformance =Using DNS TXT records =SPF + DKIM =Reports are sent back to sending mailer First used between paypal and yahoo in pre-standard form in 2007, From 2009 offered by ISPs, draft in 2012, rfc in beginning /10/03 Roberto Innocente 30

31 DMARC Aligned/unaligned mail : DMARC tests and enforces identifiers alignment Internet 1)Check spf and DKIM 2)DMARC identifiers alignment 3)Acts on unaligned identifiers Mail Storage Failure reports Aggregate log Aggregate reports Aligned Unaligned 2012/10/03 Roberto Innocente 31

32 DMARC identifier alignment One of the 2 authenticated originator(spf/dkim) identifiers has to match the (MUA displayed) header From: domain. We have 2 kind of alignement : strict(=simple) and relaxed. Simple means the 2 domains should match exactly (except for spaces). Relaxed : - relaxed SPF : the organizational domain of the smtp MAIL FROM: should match the header From: organizational domain (see later) - relaxed DKIM : the organizational domain of the d= DKIM domain should matche the organizational domain of the header From: NB. if the SPF check was not passed the SPF is considered of course unaligned a priori 2012/10/03 Roberto Innocente 32

33 DMARC organizational domain A domain under which any can subscribe : 1 atom +TLD(top level domain) E.g. : news.google.com google.com amazon.co.uk regione.campania.it It uses for TLDs 2012/10/03 Roberto Innocente 33

34 DMARC strict alignement Return-Path: Delivered-To: Received: from charon-02.sissa.it (charon-02.sissa.it [ ]) by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065 for Mon, 12 Mar :34: (CET) Received: from hermes-02.sissa.it (hermes-02.sissa.it [ ]) by charon-02.sissa.it with ESMTP id C9HImFdPfk4ogziO for Mon, 12 Mar :34: (CET) Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [ ]) by hermes-02.sissa.it (Postfix) with ESMTPS id F3F636C003 for Mon, 12 Mar :34: (CET) Received: by obcva8 with SMTP id va8so obc.8 for Mon, 12 Mar :34: (PDT) SPF alignment : (=strict) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s= ; h=mime-version:date:message-id:subject:from:to:content-type; bh=1hsa0bcf354+0pj/n8p9evjdk+8xaxjzbzoa7clpbzc=; b=fecqatwriaarwlh3kauivmzje4brw2ruouuxawxo8wj+wec7ngkannnq9xaeyxgmvm 3BpuPh8jYO/pS2AIqkIKtNjgV2DhQ6ku8hwp56GYajs4O8twyLgKNwnu1BydHGYjL3zx EvMYbhZvTItSqndCEt9gFGO2V7vdsQK/7sEVIaTc+cytQCfhUbNQ2U9iuVO5iDHYpBLF /EqMwfV1ECV0Jh/JdBhB0ZFZAL2q5ObxNiFLQOM47yVsQzIE5lyShDDMlgULsiv86UR5 uozx6zz68iwqttymoy85w2lwqimurxiuv6dakar7xq110bcncmhi1al4ooocrvxubz9i 6Lyg== MIME-Version: 1.0DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s= ; h=mim Received: by with HTTP; Mon, 12 Mar :34: (PDT) Date: Mon, 12 Mar :34: Message-ID: <CAPhLB8ZUFcYRshzme4T55Km8cQ3O36m8FxDYK7xKyOXEw3ZfUw@mail.gmail.com> Subject: check tls From: Roberto Innocente <roberto.e.innocente@gmail.com> To: inno@sissa.it Content-Type: multipart/alternative; boundary=001a11c2e cf4a mail from: domain gmail.com with from: domain gmail.com DKIM alignment : (=strict) DKIM d= domain gmail.com with from: domain gmail.com 2012/10/03 Roberto Innocente 34

35 DMARC relaxed alignement Return-Path: Delivered-To: Received: from charon-02.sissa.it (charon-02.sissa.it [ ]) by smtp.sissa.it (Postfix) with ESMTP id BEAF9D08065 for Mon, 12 Mar :34: (CET) Received: from hermes-02.sissa.it (hermes-02.sissa.it [ ]) by charon-02.sissa.it with ESMTP id C9HImFdPfk4ogziO for Mon, 12 Mar :34: (CET) Received: from mail-ob0-f169.google.com (mail-ob0-f169.google.com [ ]) by hermes-02.sissa.it (Postfix) with ESMTPS id F3F636C003 for Mon, 12 Mar :34: (CET) Received: by obcva8 with SMTP id va8so obc.8 for Mon, 12 Mar :34: (PDT) SPF alignment : (=relaxed) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bounce.gmail.com; s= ; h=mime-version:date:message-id:subject:from:to:content-type; bh=1hsa0bcf354+0pj/n8p9evjdk+8xaxjzbzoa7clpbzc=; b=fecqatwriaarwlh3kauivmzje4brw2ruouuxawxo8wj+wec7ngkannnq9xaeyxgmvm 3BpuPh8jYO/pS2AIqkIKtNjgV2DhQ6ku8hwp56GYajs4O8twyLgKNwnu1BydHGYjL3zx EvMYbhZvTItSqndCEt9gFGO2V7vdsQK/7sEVIaTc+cytQCfhUbNQ2U9iuVO5iDHYpBLF /EqMwfV1ECV0Jh/JdBhB0ZFZAL2q5ObxNiFLQOM47yVsQzIE5lyShDDMlgULsiv86UR5 uozx6zz68iwqttymoy85w2lwqimurxiuv6dakar7xq110bcncmhi1al4ooocrvxubz9i 6Lyg== MIME-Version: 1.0DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s= ; h=mim Received: by with HTTP; Mon, 12 Mar :34: (PDT) Date: Mon, 12 Mar :34: Message-ID: <CAPhLB8ZUFcYRshzme4T55Km8cQ3O36m8FxDYK7xKyOXEw3ZfUw@mail.gmail.com> Subject: check tls From: Roberto Innocente <roberto.e.innocente@back.gmail.com> To: inno@sissa.it Content-Type: multipart/alternative; boundary=001a11c2e cf4a mail from: organizational domain gmail.com with from: organizational domain gmail.com DKIM alignment : (=relaxed) DKIM d= organizational domain gmail.com with from: organizational domain gmail.com 2012/10/03 Roberto Innocente 35

36 DMARC policies Reject (not delivered at all) : p=reject Quarantine (msg not deliverd to inbox) : p=quarantine None (msg disposition is unchanged) : p=none Percentage of mails not passing dmarc validation that are let to fall on more permissive policy is specified by : p=reject ; pct=40; 60% of the s not passing dmarc are just quarantined and not rejected 2012/10/03 Roberto Innocente 36

37 DMARC attr/val pairs attribute description use v= version v=dmarc1 p= policy p=none,p=quarantine,p=reject adkim= alignment mode for DKIM adkim=s,adkim=r aspf= alignment mode for SPF aspf=s,aspf=r rua= Report aggregates ruf= Report failures sp= Policies for subdomains rf= pct= Reporting format Percentage of msgs subject to policy pct=100,pct= /10/03 Roberto Innocente 37

38 DMARC reports There are two kinds : Aggregate reports (usually transmitted daily by correspondent mailers) rua=mailto:dmarc-rua@sissa.it Failure reports transmitted for each failed message validation ruf:mailto:dmarc-ruf@sissa.it ruf can create a lot of traffic and should be enabled only after having studied the aggregate reports and the causes of failures 2012/10/03 Roberto Innocente 38

39 DMARC first record and on First toe in water : v=dmarc1; p=none; rua=mailto:dmarc-agg@sissa.it v=dmarc1; p=quarantine; pct=10; rua=mailto:dmarc-agg@sissa.it;ruf=mailto:dmarc-fail@sissa.it; v=dmarc1; p=reject; pct=100; rua=mailto:dmarc-agg@sissa.it;ruf=mailto:dmarcfail@sissa.it; 2012/10/03 Roberto Innocente 39

40 DMARC results Received-SPF: none (google.com: does not designate permitted sender hosts) client-ip= ; Authentication-Results: mx.google.com; spf=none (google.com: does not designate permitted sender hosts) dkim=pass dmarc=pass (p=none dis=none) header.from=yahoo.it DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.it; s=s2048; t= ; bh=hwe0cuhc4mjclsexrapay+xm5eglhd1ogtn8wnjkfqs=; h=date:from:reply-to:to:in-reply- To:References:Subject:From:Subject; b=bliletg7t71dyiqe8lqqjqag1+cyadwki5xqrkczhvvjuprnq22r3fwbnlswvwwmbbiomuyjtmgol 5yOktsdh3VbE+U1WwG6Rlt1I2vUlPRDrNcHQx/siJL7M0jY299WG2BSDUj+S7B2yJL9spkI+VDMZyKeM QeChhDlKbH5xtYOweBrzsu3t54HcfYvDWR/mhPLmZdBpYLItdazgq6ynW6S+Ik+a49MJU5wiGfI6J68haF oh4mserwmjipn0d6fv4s5/1mmgufdwhrf2hok29tlzl+9pe/n2nhmwqjiy6j8jfvwinevfxcy9p9g+n/f ej3roqj06tabja6oovtpig== 2012/10/03 Roberto Innocente 40

Securing, Protecting, and Managing the Flow of Corporate Communications

Securing, Protecting, and Managing the Flow of Corporate Communications Getting mailflow right Dave Stork Technical Consultant OGD ict-diensten QR: URL to Presentation Who am I? Dave Stork Technical consultant