1

Topic: Help with POODLE ~_o_~

==== Required information ====
- iRedMail version:  iRedMail-0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MYSQL
- Linux/BSD distribution name and version: Debian 7 64bit
- Related log if you're reporting an issue:
====

do you have any advice on securing against the new SSLv3 POODLE problem ?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Help with POODLE ~_o_~

You'd better check mailing list of major components used in iRedMail. For example:

- Postfix: http://marc.info/?t=141338846900001&r=1&w=2
- Dovecot: http://marc.info/?t=141331490400002&r=1&w=2

Disable SSLv3 in Postfix:

You may want set smtpd_tls_mandatory_protocols, and the lmtp/smtp client ones:

# Opportunistic TLS
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3

# Mandatory TLS
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

Disable SSLv3 in Dovecot:

ssl_protocols = !SSLv2 !SSLv3