Advertenties

Postfix security issue – SSL Server Allows Anonymous Authenticaion Vulnerability

After enabling SSL on all our mailservers we found a security flaw with the description “SSL Server Allows Anonymous Authenticaion Vulnerability”. You can find a way to test this on this page: https://community.qualys.com/docs/DOC-1097

This basically means that the client will be able to connect to the Server without using any authentication algorithm. Some SSL Ciphers allow anonymous authentication. Choosing the right cipher suites as explained in an earlier post, and disabling null cipher from the admin console can help mitigate this risk.

Actually the fix is pretty simple so i advise you to do so. The following command will do the trick:
postconf -e smtpd_tls_exclude_ciphers="aNULL, MD5, DES"

Advertenties

Geef een reactie

%d bloggers liken dit: