The Heartbleed bug allows a remote attacker to read chunks of memory from a vulnerable TLS CLIENT PROCESS (e.g., smtp(8)) or TLS SERVER PROCESS (e.g., smtpd(8)). OpenSSL versions prior to 1.0.1 don't have the hearbeat feature and have never been affected by this bug.
You can use forward secrecy to mitigate the impact of TLS server private key compromise. http://www.postfix.org/FORWARD_SECRECY_README.html Wietse
