On 2017-05-25 02:31 AM, Philip Paeps wrote:
On 2017-05-24 14:54:34 (+0200), Bastian Blank
<bastian+postfix-users=postfix....@waldi.eu.org> wrote:
On Wed, May 24, 2017 at 02:41:01AM -0700, li...@lazygranch.com wrote:
You shouldn't be accepting sslv3 due to the poodle attack.
https://en.m.wikipedia.org/wiki/POODLE
Please explain how exactly SMTP is exploitable using POODLE?
There are other good reasons to disable SSLv3. But POODLE is a
distraction in the context of SMTP.
In the context of a SASL login to send outgoing email, is it still a
distraction?
How about dovecot, logging in to receive email and clean up my inbox?
As recommended by lazyG,
http://disablessl3.com/
In general though, when it comes to SMTP, any encryption is better
than none. And opportunistic encryption is the way to go. Read RFC
7435:
https://tools.ietf.org/html/rfc7435
Thanks!
Philip
