On 29/05/20 11:27 pm, mj wrote:
Thanks to all who participated in the interesting discussion.
It seems my initial thought might have been best after all, and discontinuing port 143 might be the safest way proceed.
Yes and no. Some of the attack vectors mentioned are not reasonable and it really depends on the client. Thunderbird, for example, used to have settings for plain text, TLS and "TLS if available", but the latter setting has not been available for some time which forces the user to choose either plain text or TLS at setup time now. This means that the user would now have to change the setting in their client for a downgrade attack to work. I can't speak for all MUAs but if they similarly have removed their "TLS if available" option or if the users explicitly don't pick that option (you can ask them not to in your setup instructions) then that type of downgrade attack cannot occur.
The other possible downgrade attack which was not mentioned but is equally mitigated by the client is where the MITM intercepts the connection, connects to your server and issues a STARTTLS itself but presents the resulting connection as plain text to the client. This means that enforcing STARTTLS on the server side will not prevent a plain text connection through a MITM from the client. But do keep in mind that if the client is configured properly to only connect via TLS then it will refuse the connection if it is not presented with a STARTTLS option that works.
So yes the safest way to go is to just use port 993, but as long as the client is not set to a "TLS if available" option then port 143 is also safe.
Also note that the same concerns apply for your submission server (likely postfix) using the submission port (587) and enforcing STARTTLS vs the submissions port (465) which is a direct TLS connection.
Peter