Disable Client-Initiated Renegotiation in Postfix
Guide on how to disable client-initiated SSL/TLS renegotiation in Postfix to protect against DoS attacks.
The Security Risk
Allowing clients to renegotiate the SSL handshake at any time can be used for a Denial of Service (DoS) attack, as the handshake is CPU-intensive for the server but cheap for the client.
Configuration
In Postfix, you can control this via the smtpd_tls_eecdh_grade and other TLS settings, but specifically for renegotiation, it depends on the OpenSSL version linked.
However, modern Postfix versions and OpenSSL defaults usually handle this. To be explicit:
-
Edit main.cf:
sudo nano /etc/postfix/main.cf -
Add or update the TLS settings. Note: Postfix doesn't have a direct "disable_renegotiation" parameter like Apache, it relies on the OpenSSL library defaults.
However, you can enforce strong ciphers and protocols which mitigates related issues.
# Enforce TLS 1.2 or 1.3 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 # Exclude weak ciphers smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, KRB5-DES, CBC3-SHA
Verifying
Use openssl to test if renegotiation is possible.
openssl s_client -connect mail.yourserver.com:25 -starttls smtpOnce connected, type R and press Enter.
- If it returns
RENEGOTIATING, it is Enabled (Bad). - If it returns nothing or error, it is Disabled (Good).
Legacy Note for Older Systems
On very old OpenSSL (<0.9.8l), this was a critical vulnerability (CVE-2009-3555). Ensure your OpenSSL is up to date (apt upgrade openssl).
