identify 143 vs 993 clients

Peter peter at pajamian.dhs.org
Sun May 31 09:58:09 EEST 2020 

On 31/05/20 6:50 pm, Jean-Daniel wrote:
>> Yes and no.  Some of the attack vectors mentioned are not reasonable and it really depends on the client.  Thunderbird, for example, used to have settings for plain text, TLS and "TLS if available", but the latter setting has not been available for some time which forces the user to choose either plain text or TLS at setup time now.  This means that the user would now have to change the setting in their client for a downgrade attack to work.  I can't speak for all MUAs but if they similarly have removed their "TLS if available" option or if the users explicitly don't pick that option (you can ask them not to in your setup instructions) then that type of downgrade attack cannot occur.
>>
>> The other possible downgrade attack which was not mentioned but is equally mitigated by the client is where the MITM intercepts the connection, connects to your server and issues a STARTTLS itself but presents the resulting connection as plain text to the client.  This means that enforcing STARTTLS on the server side will not prevent a plain text connection through a MITM from the client.  But do keep in mind that if the client is configured properly to only connect via TLS then it will refuse the connection if it is not presented with a STARTTLS option that works.
>>
>> So yes the safest way to go is to just use port 993, but as long as the client is not set to a "TLS if available" option then port 143 is also safe.
> 
> I don’t think you can call an option safe if it relies on the users to properly configure their client. We all know that users are usually bad at following instructions ;-)

Fair enough, but this attack vector can only happen if it's on a client 
that supports a downgrade option (I should hope that most don't 
nowadays, but someone did mention MacOX Mail earlier) *and* the user 
selects that option when configuring as opposed to the stricter "TLS 
only" (or equivalent) option.  At that point it still requires a MITM 
attack to downgrade the connection, and that MITM must not only be able 
to read the packets but also intercept them and present different data 
to the user.  I can see this type of attack happening in wifi 
environments and coming from ISPs that want to snoop on people's email, 
though.

As I said (and I stand by it) the safest approach is to just limit to 
port 993, but port 143 is also safe if properly configured on both the 
server and client side.


Peter

More information about the dovecot mailing list