Reindl Harald:
that attacks are not relevant for email because they
rely on the way a webbrowser works which is not the
case for a mail client - you can't trigger XSS and
Ajax in a MUA
sure, that may be right, but
We manage numerous public available services. And every time we go through our
Qualys reports I have to explain this message from Qualys as not
relevant/harmless/cannot change.
It takes time to describe this fact again and again to our it-security people.
And there are many other people in the same situation like me...
That's my main intention to ask how to disable ssl compression in dovecot.
Andreas
